r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4714c95a0c854e38f9be444f9343bf14
07ce5eb635448f2b3bafbe51e4dfeef47cdf4f7b
4d47e08c9afb704096e93a51f6e95c0dc7c7bc31e67ded39998ff37ed56e0965
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4D47E08C9AFB704096E93A51F6E95C0DC7C7BC31E67DED39998FF37ED56E0965"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5214
Expires: Mon, 23 Jan 2023 18:23:08 GMT
Date: Mon, 23 Jan 2023 16:56:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8997fa58a7262e8fd559d64b40511a1b
0aa1c4365c28f45e4d7a8a234fbcf51cd009e083
1580d1145f125c765e40e5983cb4bb4e2424010d2920a25ea7da992485da0dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1580D1145F125C765E40E5983CB4BB4E2424010D2920A25EA7DA992485DA0DEA"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2644
Expires: Mon, 23 Jan 2023 17:40:18 GMT
Date: Mon, 23 Jan 2023 16:56:14 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 23 Jan 2023 16:35:02 GMT
content-type: application/json
age: 1272
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 17094b856fde02b2c8c2d3845ad325cf
26dc3f2ebf81faf5ab96eb75ffcbead6085528b8
6547376c41dcaa352cc4e747291916902bcddc0032b750bd84c5e3b2fe6f7d16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6547376C41DCAA352CC4E747291916902BCDDC0032B750BD84C5E3B2FE6F7D16"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11862
Expires: Mon, 23 Jan 2023 20:13:56 GMT
Date: Mon, 23 Jan 2023 16:56:14 GMT
Connection: keep-alive
nyt-ep.com/dfcu/auth.php?oauth&online_id=837a314c688b6b803d0d85771/auth/overview/index
103.120.66.134302 Moved Temporarily 0 B URL HTTP/1.1 nyt-ep.com/dfcu/auth.php?oauth&online_id=837a314c688b6b803d0d85771/auth/overview/index
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dfcu/auth.php?oauth&online_id=837a314c688b6b803d0d85771/auth/overview/index HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Date: Mon, 23 Jan 2023 16:56:08 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35; path=/
Location: ./pages/
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ezaH2OMb8TSJZ+VD5qAQYACpkxSUOrwephhvFXV8mRPunkXeWXa+PDCUX2sgDyoRNO15fHVlPeK9eNvdvcShLg==
x-amz-request-id: WD879FF7FAFR1KDX
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 23 Jan 2023 16:47:48 GMT
age: 506
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 23 Jan 2023 16:56:14 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 41d9a97f3e66fa295337149c04ad0bae
5d0ffce8986ba0d9e47cd508b79c1feab18076cf
fa5f51ac868aed9106d71f0d5ae7d2fba4afed36bc9fdb94a5a66cea3ac15550
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 23 Jan 2023 16:56:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 23 Jan 2023 16:17:30 GMT
age: 2324
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 41d9a97f3e66fa295337149c04ad0bae
5d0ffce8986ba0d9e47cd508b79c1feab18076cf
fa5f51ac868aed9106d71f0d5ae7d2fba4afed36bc9fdb94a5a66cea3ac15550
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 23 Jan 2023 16:56:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash bb280016d8f12fa0a6ae86792ba89e67
53188091dab8e35ba20d2e341624777c2fb1536a
c28ed8dc9af97c7096f60030048432a41fb853e81ea91208e91493784d382bb9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4881
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 23 Jan 2023 16:56:14 GMT
Last-Modified: Mon, 23 Jan 2023 15:34:53 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
34.212.129.45101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.212.129.45:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: cjJY9rHN11bZ/rCgsLFOhQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: rTv6Tkn66p9w15EWKNuoJM0QLbs=
cdn.cookielaw.org/scripttemplates/otSDKStub.js
104.16.149.64200 OK 8.1 kB URL HTTP/2 cdn.cookielaw.org/scripttemplates/otSDKStub.js
IP 104.16.149.64:0
File type ASCII text, with very long lines (24742)
Hash 59d0843ea535a679e836bfdc4fd847c9
8c8938ff086a2b05eb9e431cb8ff7150f50c7b48
6f5b514345f75508ac2e5827b6e50c804a3d5ec2aa44975ec6a2bdfcb438fd17
GET /scripttemplates/otSDKStub.js HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://nyt-ep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 23 Jan 2023 16:56:15 GMT
content-type: application/javascript
content-length: 8053
content-encoding: gzip
content-md5: WdCEPqU1pnnoNr/cT9hHyQ==
last-modified: Fri, 20 Jan 2023 03:25:30 GMT
etag: 0x8DAFA95FBC5651B
x-ms-request-id: 98bba7e4-101e-002f-762d-2d59dc000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 80276
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 78e20fcb6ac5b506-OSL
X-Firefox-Spdy: h2
assets.adobedtm.com/launch-EN271d4b2692764b999a2e6682e60f4596.min.js
2.18.172.233200 OK 89 kB URL HTTP/1.1 assets.adobedtm.com/launch-EN271d4b2692764b999a2e6682e60f4596.min.js
IP 2.18.172.233:0
File type ASCII text, with very long lines (32761)
Hash a7e489a1f03b42c3b8e20557676eeafb
5f7c6660f74cd8fa09549f585c94d5452afa4fad
a427aaba102f485c7d9b590751db91374a8192f9350c07a0629942426a069ec0
GET /launch-EN271d4b2692764b999a2e6682e60f4596.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
ETag: "754c5799f881f94b9718201b340ecba6:1673997951.958635"
Last-Modified: Tue, 17 Jan 2023 23:25:51 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=3600
Expires: Mon, 23 Jan 2023 17:56:15 GMT
Date: Mon, 23 Jan 2023 16:56:15 GMT
Content-Length: 88695
Connection: keep-alive
Access-Control-Allow-Origin: http://nyt-ep.com
Timing-Allow-Origin: *
nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-site/resources/favicons/android-icon-192x192.png
103.120.66.134404 Not Found 16 B URL HTTP/1.1 nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-site/resources/favicons/android-icon-192x192.png
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
Hash 4845f01eaa8068384625e302e9a4eb05
fb6ff8293fa45e17ba97f84954e7d1d5b0d38f87
8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41
GET /etc.clientlibs/dcu/clientlibs/clientlib-site/resources/favicons/android-icon-192x192.png HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 404 Not Found
Date: Mon, 23 Jan 2023 16:56:10 GMT
Server: Apache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
nyt-ep.com/dfcu/pages/
103.120.66.134200 OK 952 kB IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (878), with CRLF line terminators
Size 952 kB (952313 bytes)
Hash d42d1ffb2166a671d43b4010f6842036
9f8a827fab313932353ca8bf134655291545e20c
4306e2d91b024d685117b6dc13dff048593d8b2888c6d6e5a427392057354452
Analyzer Verdict Alert fortinet Phishing
GET /dfcu/pages/ HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 16:56:08 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-site/resources/favicons/favicon-16x16.png
103.120.66.134404 Not Found 16 B URL HTTP/1.1 nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-site/resources/favicons/favicon-16x16.png
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
Hash 4845f01eaa8068384625e302e9a4eb05
fb6ff8293fa45e17ba97f84954e7d1d5b0d38f87
8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41
GET /etc.clientlibs/dcu/clientlibs/clientlib-site/resources/favicons/favicon-16x16.png HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 404 Not Found
Date: Mon, 23 Jan 2023 16:56:10 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d5528af26e629a9bfbf0c421146b921f
1e4f99245d551384bedfe9b59b5f9905127d87bf
989830d93a90c30051b948a26ce403fb4370587ed3407d8d77ad0ad9cc28eb7a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "989830D93A90C30051B948A26CE403FB4370587ED3407D8D77AD0AD9CC28EB7A"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4153
Expires: Mon, 23 Jan 2023 18:05:29 GMT
Date: Mon, 23 Jan 2023 16:56:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d5528af26e629a9bfbf0c421146b921f
1e4f99245d551384bedfe9b59b5f9905127d87bf
989830d93a90c30051b948a26ce403fb4370587ed3407d8d77ad0ad9cc28eb7a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "989830D93A90C30051B948A26CE403FB4370587ED3407D8D77AD0AD9CC28EB7A"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4153
Expires: Mon, 23 Jan 2023 18:05:29 GMT
Date: Mon, 23 Jan 2023 16:56:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d5528af26e629a9bfbf0c421146b921f
1e4f99245d551384bedfe9b59b5f9905127d87bf
989830d93a90c30051b948a26ce403fb4370587ed3407d8d77ad0ad9cc28eb7a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "989830D93A90C30051B948A26CE403FB4370587ED3407D8D77AD0AD9CC28EB7A"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4153
Expires: Mon, 23 Jan 2023 18:05:29 GMT
Date: Mon, 23 Jan 2023 16:56:16 GMT
Connection: keep-alive
nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-base.min.js
103.120.66.134404 Not Found 16 B URL HTTP/1.1 nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-base.min.js
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
Hash 4845f01eaa8068384625e302e9a4eb05
fb6ff8293fa45e17ba97f84954e7d1d5b0d38f87
8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41
Analyzer Verdict Alert fortinet Phishing
GET /etc.clientlibs/dcu/clientlibs/clientlib-base.min.js HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 404 Not Found
Date: Mon, 23 Jan 2023 16:56:10 GMT
Server: Apache
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-dependencies.min.js
103.120.66.134404 Not Found 16 B URL HTTP/1.1 nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-dependencies.min.js
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
Hash 4845f01eaa8068384625e302e9a4eb05
fb6ff8293fa45e17ba97f84954e7d1d5b0d38f87
8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41
Analyzer Verdict Alert fortinet Phishing
GET /etc.clientlibs/dcu/clientlibs/clientlib-dependencies.min.js HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 404 Not Found
Date: Mon, 23 Jan 2023 16:56:10 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-site.min.js
103.120.66.134404 Not Found 16 B URL HTTP/1.1 nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-site.min.js
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
Hash 4845f01eaa8068384625e302e9a4eb05
fb6ff8293fa45e17ba97f84954e7d1d5b0d38f87
8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41
Analyzer Verdict Alert fortinet Phishing
GET /etc.clientlibs/dcu/clientlibs/clientlib-site.min.js HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 404 Not Found
Date: Mon, 23 Jan 2023 16:56:10 GMT
Server: Apache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-site-layout.min.css
103.120.66.134404 Not Found 16 B URL HTTP/1.1 nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-site-layout.min.css
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
Hash 4845f01eaa8068384625e302e9a4eb05
fb6ff8293fa45e17ba97f84954e7d1d5b0d38f87
8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41
GET /etc.clientlibs/dcu/clientlibs/clientlib-site-layout.min.css HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 404 Not Found
Date: Mon, 23 Jan 2023 16:56:10 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb4f85f34-177a-42e1-8337-e98ac6995842.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb4f85f34-177a-42e1-8337-e98ac6995842.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b48f53e84a3ec564b35cf6b0754d09bb
dc7ad580f90e8af4349f409fb0302a79c672ff99
37d8f9a37eed22705123275ac7a36ff34bcdea1b2faaa7108a7112afe5a8201f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb4f85f34-177a-42e1-8337-e98ac6995842.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6068
x-amzn-requestid: 80b8fec4-44be-4cf0-9301-0ddac1304dff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fKL91EuFoAMFy-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cd8d25-4f12cd6d7f9697cf035c0624;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 19:23:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: U08NONGZDakN_z7jE2CkYeBtzvjZFBcKHG1XPse7W-k1O0o2OM7Lvw==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Mon, 23 Jan 2023 04:12:24 GMT
age: 45832
etag: "dc7ad580f90e8af4349f409fb0302a79c672ff99"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf2abec1-a455-47b9-9aaf-69794032330f.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf2abec1-a455-47b9-9aaf-69794032330f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8ec35d753b6b816abcd14030255a7b76
a67bd0fa5beb10935442bef246bf4f52ec6e74bd
9adfddc8877a8ea9f1c3bcc0af99548cb11dc4e1d62a706bf9b2a5cc6d72e82f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf2abec1-a455-47b9-9aaf-69794032330f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7982
x-amzn-requestid: 59d91715-b444-445e-bd6b-268fc630024b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fKezLExAIAMFSeA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cdab47-1e12e8f335ea162532ce6aca;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 21:31:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0BgrMQG0-OHmZipKTgnHTs3HxYGBqKowIS37tg_QooT4JPlqHBPFvw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 22 Jan 2023 21:47:46 GMT
age: 68910
etag: "a67bd0fa5beb10935442bef246bf4f52ec6e74bd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0a4afa9-05c4-4ab9-b9eb-17970c04dbbb.jpeg
34.120.237.76200 OK 3.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0a4afa9-05c4-4ab9-b9eb-17970c04dbbb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c664f89307d9f2cc8170ca0816708ef9
cc010d66fe22fce8e82f9bbc78fc3b836120ff0b
c77d9cae0c4132f2695322b8c33fa875a341948ffb6c3023ddb1d3ef41c9ae23
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0a4afa9-05c4-4ab9-b9eb-17970c04dbbb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3814
x-amzn-requestid: 48468720-0305-4f17-862b-f2f854fdfe41
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fKq8mEPnIAMFzXg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cdbeb6-470a030661c749ae0fa14c31;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 22:54:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: U9hYFY_BBaMWiasXJJzYqTe2Rb2fH06yFE0vuinlYA2V_lUaDjfmbg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 22 Jan 2023 23:09:39 GMT
age: 63997
etag: "cc010d66fe22fce8e82f9bbc78fc3b836120ff0b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F602ef184-7161-4092-91b7-61e14eef28a5.jpeg
34.120.237.76200 OK 3.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F602ef184-7161-4092-91b7-61e14eef28a5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 805711aaab303931f8966bbf73aeda52
2bd02a45c8b407e36a41a482b121ea3e14f7c722
66268668c1a970268d75beb1b57f66a759bedac76958a3359cb23104de40fbeb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F602ef184-7161-4092-91b7-61e14eef28a5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3411
x-amzn-requestid: 62afd364-e94f-45ff-ba6c-9b589fc53e5f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e-EyCEzrIAMFb8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c8b4d9-203f51040f82f12d535446c4;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 03:11:21 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: K73B093GBbsf85ny_o8fc9oE417nJBFlH0eEdhiifeQk3KG5Q-HHdg==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 23 Jan 2023 07:53:50 GMT
age: 32546
etag: "2bd02a45c8b407e36a41a482b121ea3e14f7c722"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68d33e7-2d1d-4f9d-9544-28746d9156e6.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68d33e7-2d1d-4f9d-9544-28746d9156e6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e71636bb9a13ad7d52d253e16cd6a3f
401dd58e34982d3434739b9a2f7182487ea1cac5
1ac336df72b6eb569983e197f094378a26a175113249bedca0610cabd57e2e54
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68d33e7-2d1d-4f9d-9544-28746d9156e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8057
x-amzn-requestid: 5469b005-6740-4f3d-80ca-a45fd39cae68
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHNkCFiZoAMF8oQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5c80-210da08f113a3273257b7d61;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:43:28 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 75pGAcylxKUIPpPoXBhc4v4OUldfaTgT0zjrU3_7BSgcp4Webl7bQw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 22 Jan 2023 21:54:19 GMT
age: 68517
etag: "401dd58e34982d3434739b9a2f7182487ea1cac5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0247217-9730-4fdb-8be7-667f0568ffc2.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0247217-9730-4fdb-8be7-667f0568ffc2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d95b4a29d3337c5c2ca7e4d31fa3a0b6
4c6d22bdc48d7011e2c875ee18876da6a8401669
23421c7f67582c927dacf52c25779e43f5196a40fb1b70467ed737c2417ba39e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0247217-9730-4fdb-8be7-667f0568ffc2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10822
x-amzn-requestid: 60a33a3f-36b1-4f6e-a17b-964118a9da31
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3AcMGeNoAMFs7A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c5e11a-7673a87f26759a1a64e4aab2;Sampled=0
x-amzn-remapped-date: Mon, 16 Jan 2023 23:43:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JqvCEzxKP39gLHZjcr7R303XMAlfQz2nAtz-Wv_9W0rsAYJ3ODczPg==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Sun, 22 Jan 2023 21:58:40 GMT
age: 68256
etag: "4c6d22bdc48d7011e2c875ee18876da6a8401669"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-site.min.css
103.120.66.134404 Not Found 16 B URL HTTP/1.1 nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-site.min.css
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
Hash 4845f01eaa8068384625e302e9a4eb05
fb6ff8293fa45e17ba97f84954e7d1d5b0d38f87
8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41
GET /etc.clientlibs/dcu/clientlibs/clientlib-site.min.css HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 404 Not Found
Date: Mon, 23 Jan 2023 16:56:10 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-dependencies.min.css
103.120.66.134404 Not Found 16 B URL HTTP/1.1 nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-dependencies.min.css
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
Hash 4845f01eaa8068384625e302e9a4eb05
fb6ff8293fa45e17ba97f84954e7d1d5b0d38f87
8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41
GET /etc.clientlibs/dcu/clientlibs/clientlib-dependencies.min.css HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 404 Not Found
Date: Mon, 23 Jan 2023 16:56:10 GMT
Server: Apache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
cdn.cookielaw.org/consent/c0559bcc-8507-4dc8-b64d-5f9540de4716/c0559bcc-8507-4dc8-b64d-5f9540de4716.json
104.16.149.64200 OK 1.2 kB URL HTTP/2 cdn.cookielaw.org/consent/c0559bcc-8507-4dc8-b64d-5f9540de4716/c0559bcc-8507-4dc8-b64d-5f9540de4716.json
IP 104.16.149.64:0
File type JSON data\012- , ASCII text, with very long lines (2880), with no line terminators
Hash a95f555f905d2150b81f6c24eab68a3c
e94b45c565cfb419868ca36d790682b4ae00d21f
49c3660c1d56205aa2cda0653f765305e88e2af55cef780fdfcc0c287e64d40a
GET /consent/c0559bcc-8507-4dc8-b64d-5f9540de4716/c0559bcc-8507-4dc8-b64d-5f9540de4716.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://nyt-ep.com
Connection: keep-alive
Referer: http://nyt-ep.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 23 Jan 2023 16:56:16 GMT
content-type: application/x-javascript
content-length: 1177
cache-control: public, max-age=86400
content-encoding: gzip
content-md5: qV9VX5BdIVC4H2wk6raKPA==
last-modified: Thu, 15 Apr 2021 16:17:55 GMT
etag: 0x8D9002A070B9E88
x-ms-request-id: 85ef7b8d-b01e-0104-451f-2f6b31000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 4774
expires: Tue, 24 Jan 2023 16:56:16 GMT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 78e20fce9d98fac0-OSL
X-Firefox-Spdy: h2
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
2.18.172.233200 OK 12 kB URL HTTP/2 assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
IP 2.18.172.233:0
File type ASCII text, with very long lines (32768)
Hash e616df092766c7ab7904619f971a35cc
a960429c42802a43e3ce728fc4d1e8bdab10e606
082ae7647bfdb639846791e5c0ca39b96544dff3aed0c365973c9589cd5b091e
GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://nyt-ep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 12163
unused62: 8096267
expires: Mon, 23 Jan 2023 17:56:16 GMT
date: Mon, 23 Jan 2023 16:56:16 GMT
cache-control: no-cache
access-control-allow-origin: http://nyt-ep.com
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js
2.18.172.233200 OK 1.6 kB URL HTTP/2 assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js
IP 2.18.172.233:0
File type ASCII text, with very long lines (3155)
Hash e672de61b277fc72de4299829bfbb31c
157a7409922d58a02dad3ba879d04eb2a3ef8f3d
e1a1c2a6f2ed4ffb63ebfda157eaf12c6ee3973be4da649eb63e0402c0d29215
GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://nyt-ep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
unused62: 8096267
content-length: 1597
expires: Mon, 23 Jan 2023 17:56:16 GMT
date: Mon, 23 Jan 2023 16:56:16 GMT
cache-control: no-cache
access-control-allow-origin: http://nyt-ep.com
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_AudienceManagement.min.js
2.18.172.233200 OK 8.8 kB URL HTTP/2 assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_AudienceManagement.min.js
IP 2.18.172.233:0
File type exported SGML document, ASCII text, with very long lines (24999)
Hash 6f56f25549f094ee43918a26715f4c6b
0b75d52207556fa7879017f81a9445006a637047
57a0cc8a8dfd7a1ab1aa40a84c53b0db4caf025c5c5499bea095b91924139a96
GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_AudienceManagement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://nyt-ep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "26a8cd142b539700557eb4710c3d56bd:1644856531.982003"
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
unused62: 8096267
content-length: 8753
expires: Mon, 23 Jan 2023 17:56:16 GMT
date: Mon, 23 Jan 2023 16:56:16 GMT
cache-control: no-cache
access-control-allow-origin: http://nyt-ep.com
timing-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f136e9bdce8b778967f31c138c730bf6
032c6b734540fe786b259ba0c700622b88d768a2
ec9e91a632a1ee89dfd038cbe9700ed8c01e146846433284e81fad0ff2a75192
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 23 Jan 2023 16:56:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
nyt-ep.com/dfcu/pages/images/DCUGreen.svg
103.120.66.134200 OK 6.0 kB URL HTTP/1.1 nyt-ep.com/dfcu/pages/images/DCUGreen.svg
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5511)
Hash b9532d4b3deed20556929a29d01d217e
6756e02d87fe62471711f4c8881918f8b481ce66
f9d960f8140d8ce7150a9a6df5028988ed92aa3b296aa6d3273a8d61af994633
Analyzer Verdict Alert fortinet Phishing
GET /dfcu/pages/images/DCUGreen.svg HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 16:56:11 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 03:28:54 GMT
Accept-Ranges: bytes
Content-Length: 5959
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/svg+xml
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b6a7b076a30a5406b12344e01ba2d7ea
17e8497f4041b0c7e6fe4a13cfc5fe634c622fc5
5c82bf44b7ea0d2399d52df26b0ebc574cea4c4ff5d34423d07a1fc20e2e3587
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 23 Jan 2023 16:56:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=DC-8387124
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=DC-8387124
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash 4edd6504fb37c2e2ab77205d91582dae
16152ed2c16650da915585207a9a8b7e11f0d3fc
8b05450ed4b7c0988864718c1d804f9b68abbae9b51cdcf3acef5e69b78d58f1
GET /gtag/js?id=DC-8387124 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://nyt-ep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 23 Jan 2023 16:56:16 GMT
expires: Mon, 23 Jan 2023 16:56:16 GMT
cache-control: private, max-age=900
last-modified: Mon, 23 Jan 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44163
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
nyt-ep.com/dfcu/pages/images/DCU_LOG_GLO_HomePage_C02_DCULogo-white_01.svg
103.120.66.134200 OK 6.0 kB URL HTTP/1.1 nyt-ep.com/dfcu/pages/images/DCU_LOG_GLO_HomePage_C02_DCULogo-white_01.svg
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5511)
Hash 528632ecfda17902dc15ad41d8b6ccb2
cb7265ddd2b559494012f05ce9cf1aa3f9cc57ed
77b545a7e7cb83aba540b5daaee65ada506b28d611981ea9c39664af39b29799
Analyzer Verdict Alert fortinet Phishing
GET /dfcu/pages/images/DCU_LOG_GLO_HomePage_C02_DCULogo-white_01.svg HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 16:56:11 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 03:03:12 GMT
Accept-Ranges: bytes
Content-Length: 5959
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml
nyt-ep.com/dfcu/pages/images/DCU_LOG_GLO_HomePage_C02_EqualHousing_02.svg
103.120.66.134200 OK 3.6 kB URL HTTP/1.1 nyt-ep.com/dfcu/pages/images/DCU_LOG_GLO_HomePage_C02_EqualHousing_02.svg
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 95571578407bf0b6ce509a90b6fd8c49
9fce715611c60aff44b2a60499b24fdaab76540a
866990ab03c34efbb43b9f74a66bf015a7ff037224a44be4fbcd5e2cabf65bee
Analyzer Verdict Alert fortinet Phishing
GET /dfcu/pages/images/DCU_LOG_GLO_HomePage_C02_EqualHousing_02.svg HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 16:56:11 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 03:03:08 GMT
Accept-Ranges: bytes
Content-Length: 3561
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/svg+xml
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash dec1960c15b7b32835eece7cb397c51f
ddaf303a58c2f336530c55a9ca29d5731e5f7da6
f2d6ba10803cb182fe6bac4e417ce57f3d712c836ed1d8950829bd29cbb35f48
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 23 Jan 2023 16:56:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-P275CCS
142.250.74.168200 OK 59 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-P275CCS
IP 142.250.74.168:0
File type ASCII text, with very long lines (12602)
Hash 27c619b2eed09f2d10130c3bd86b576c
a10630dff4187b650d7e194e104356d7cabcbd30
d5547b609655de410b2b17a364eeed5f458ced1a0ea5e1f62e4a75ccac75a47e
GET /gtm.js?id=GTM-P275CCS HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://nyt-ep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 23 Jan 2023 16:56:16 GMT
expires: Mon, 23 Jan 2023 16:56:16 GMT
cache-control: private, max-age=900
last-modified: Mon, 23 Jan 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 59319
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash dec1960c15b7b32835eece7cb397c51f
ddaf303a58c2f336530c55a9ca29d5731e5f7da6
f2d6ba10803cb182fe6bac4e417ce57f3d712c836ed1d8950829bd29cbb35f48
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 23 Jan 2023 16:56:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/nunitosans/v12/pe0qMImSLYBIv1o4X1M8cce9I9s.woff2
216.58.207.227200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/nunitosans/v12/pe0qMImSLYBIv1o4X1M8cce9I9s.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 16980, version 1.0\012- data
Hash 8a97f720d330e75ccdbda9ae0e9f5e90
8e4fee916581ab48d385187705667cebc7500afe
97d5a594e7f76c7e50045b67667fd6b74b268515efe6425097be1b2647079787
GET /s/nunitosans/v12/pe0qMImSLYBIv1o4X1M8cce9I9s.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://nyt-ep.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16980
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 17 Jan 2023 15:43:03 GMT
expires: Wed, 17 Jan 2024 15:43:03 GMT
cache-control: public, max-age=31536000
age: 522793
last-modified: Mon, 09 May 2022 18:33:54 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc8WAc5tU1E.woff2
216.58.207.227200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc8WAc5tU1E.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 16920, version 1.0\012- data
Hash 875cd87a3bfd0a454005f2b07ba35328
2ee20c6c9d1549d8d38b538e00903a75f5e02307
976177894b0cca88ff93ab02c6da363f2d55cce5d940139db955b251fcdd19a6
GET /s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc8WAc5tU1E.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://nyt-ep.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 22 Jan 2023 21:07:28 GMT
expires: Mon, 22 Jan 2024 21:07:28 GMT
cache-control: public, max-age=31536000
age: 71328
last-modified: Mon, 09 May 2022 18:31:06 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash dec1960c15b7b32835eece7cb397c51f
ddaf303a58c2f336530c55a9ca29d5731e5f7da6
f2d6ba10803cb182fe6bac4e417ce57f3d712c836ed1d8950829bd29cbb35f48
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 23 Jan 2023 16:56:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc8GBs5tU1E.woff2
216.58.207.227200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc8GBs5tU1E.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 17116, version 1.0\012- data
Hash bcf3a3fb620dfbee774f84e2c8e71530
40a79d240acdd7e5a95e165515ac7c0958a37971
280aaa8929329764ac3213ca093c63505cfcc665347939c79905c426d33867c5
GET /s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc8GBs5tU1E.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://nyt-ep.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17116
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 17 Jan 2023 15:42:49 GMT
expires: Wed, 17 Jan 2024 15:42:49 GMT
cache-control: public, max-age=31536000
age: 522807
last-modified: Mon, 09 May 2022 18:31:19 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc8aBc5tU1E.woff2
216.58.207.227200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc8aBc5tU1E.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 17324, version 1.0\012- data
Hash 51ca5ce70497b58a8cc96b2b26ce2e19
7eb7e4f38f8ebe09b504f6dcc3226a8de63a9042
6fce8ebc3557b63496f8fafe1c182f2aa8669550f9398b4d9beebddd43306ed3
GET /s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc8aBc5tU1E.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://nyt-ep.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17324
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 18 Jan 2023 10:14:58 GMT
expires: Thu, 18 Jan 2024 10:14:58 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 09 May 2022 18:31:14 GMT
content-type: font/woff2
age: 456078
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash dec1960c15b7b32835eece7cb397c51f
ddaf303a58c2f336530c55a9ca29d5731e5f7da6
f2d6ba10803cb182fe6bac4e417ce57f3d712c836ed1d8950829bd29cbb35f48
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 23 Jan 2023 16:56:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 29cef1b196c67abfea36b34a8b78d728
3b37bcf6d19af0fbe61db1241a7cef57bd2c6f11
b8e088d0b76c5ffbe283610cffec369d58cb44491ceb9ee39c8ed11428b8a1ec
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6081
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 23 Jan 2023 16:56:16 GMT
Last-Modified: Mon, 23 Jan 2023 15:14:56 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f136e9bdce8b778967f31c138c730bf6
032c6b734540fe786b259ba0c700622b88d768a2
ec9e91a632a1ee89dfd038cbe9700ed8c01e146846433284e81fad0ff2a75192
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 23 Jan 2023 16:56:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash dd676ffc078f2b075fdc6d7606dc55b3
f57644c4be9f9521b2c45df5ee6eee87489819e1
b0ecd59482b2bc369555e2b94287c0de6eb874c9f52c15d2ecda112b8f3d2dba
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 23 Jan 2023 16:56:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=46051B125B89FACB0A495DD6%40AdobeOrg&d_nsid=0&ts=1674492974997
52.50.220.58200 OK 836 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=46051B125B89FACB0A495DD6%40AdobeOrg&d_nsid=0&ts=1674492974997
IP 52.50.220.58:0
File type JSON data\012- , ASCII text, with very long lines (2304), with no line terminators
Hash 44447ec3a0db83ca6a487371f8a4268c
c58d11c2e792b05154842e8d2730a04f226990b0
5115ad6c5d2230cd295d31f3f3b606adf57993864c2684ab09555c29bc4f73e0
GET /id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=46051B125B89FACB0A495DD6%40AdobeOrg&d_nsid=0&ts=1674492974997 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://nyt-ep.com
Connection: keep-alive
Referer: http://nyt-ep.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://nyt-ep.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-0df7a788e.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=05946962606349550474574922212469595997; Max-Age=15552000; Expires=Sat, 22 Jul 2023 16:56:16 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: cMpApbiNSgg=
Content-Length: 836
Connection: keep-alive
nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-base.min.js
103.120.66.134404 Not Found 16 B URL HTTP/1.1 nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-base.min.js
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
Hash 4845f01eaa8068384625e302e9a4eb05
fb6ff8293fa45e17ba97f84954e7d1d5b0d38f87
8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41
Analyzer Verdict Alert fortinet Phishing
GET /etc.clientlibs/dcu/clientlibs/clientlib-base.min.js HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35; AMCV_46051B125B89FACB0A495DD6%40AdobeOrg=1176715910%7CMCIDTS%7C19381%7CvVersion%7C5.4.0
HTTP/1.1 404 Not Found
Date: Mon, 23 Jan 2023 16:56:11 GMT
Server: Apache
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
nyt-ep.com/dfcu/pages/images/DCU_LOG_GLO_HomePage_C02_GooglePlaystore_01.svg
103.120.66.134200 OK 24 kB URL HTTP/1.1 nyt-ep.com/dfcu/pages/images/DCU_LOG_GLO_HomePage_C02_GooglePlaystore_01.svg
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (23196)
Hash 503bb4ffa6ef7aae8d6c6d021647384b
072194fd75349124dbf83aa714f304ca54f8375c
f1eab7719d01d9ee76d59654633c6b29b88b28dc678f0ac8c4a15fbc6bcb7669
Analyzer Verdict Alert fortinet Phishing
GET /dfcu/pages/images/DCU_LOG_GLO_HomePage_C02_GooglePlaystore_01.svg HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 16:56:10 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 03:03:04 GMT
Accept-Ranges: bytes
Content-Length: 23901
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml
nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-site/resources/fonts/icons-v2/dcu-iconset.woff2
103.120.66.134404 Not Found 16 B URL HTTP/1.1 nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-site/resources/fonts/icons-v2/dcu-iconset.woff2
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
Hash 4845f01eaa8068384625e302e9a4eb05
fb6ff8293fa45e17ba97f84954e7d1d5b0d38f87
8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41
Analyzer Verdict Alert fortinet Phishing
GET /etc.clientlibs/dcu/clientlibs/clientlib-site/resources/fonts/icons-v2/dcu-iconset.woff2 HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35; AMCV_46051B125B89FACB0A495DD6%40AdobeOrg=1176715910%7CMCIDTS%7C19381%7CvVersion%7C5.4.0
HTTP/1.1 404 Not Found
Date: Mon, 23 Jan 2023 16:56:11 GMT
Server: Apache
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-site/resources/fonts/streamline-icons/streamline.ttf?i3lmg7
103.120.66.134404 Not Found 16 B URL HTTP/1.1 nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-site/resources/fonts/streamline-icons/streamline.ttf?i3lmg7
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
Hash 4845f01eaa8068384625e302e9a4eb05
fb6ff8293fa45e17ba97f84954e7d1d5b0d38f87
8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41
Analyzer Verdict Alert fortinet Phishing
GET /etc.clientlibs/dcu/clientlibs/clientlib-site/resources/fonts/streamline-icons/streamline.ttf?i3lmg7 HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35; AMCV_46051B125B89FACB0A495DD6%40AdobeOrg=1176715910%7CMCIDTS%7C19381%7CvVersion%7C5.4.0
HTTP/1.1 404 Not Found
Date: Mon, 23 Jan 2023 16:56:11 GMT
Server: Apache
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash c256e987ca212ef3353bb88cfbac74c1
b6f1f950a64a005015813189d01d369a4b9bb395
3a3743c3c3a22a5bc7bfa0a2ca4590d0bfe138c5bcd2ff1f1c10dacc28e8ba00
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1217
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 23 Jan 2023 16:56:16 GMT
Last-Modified: Mon, 23 Jan 2023 16:35:59 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279
nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-site/resources/fonts/icons-v5/dcu-iconset.woff2
103.120.66.134404 Not Found 16 B URL HTTP/1.1 nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-site/resources/fonts/icons-v5/dcu-iconset.woff2
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
Hash 4845f01eaa8068384625e302e9a4eb05
fb6ff8293fa45e17ba97f84954e7d1d5b0d38f87
8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41
Analyzer Verdict Alert fortinet Phishing
GET /etc.clientlibs/dcu/clientlibs/clientlib-site/resources/fonts/icons-v5/dcu-iconset.woff2 HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35; AMCV_46051B125B89FACB0A495DD6%40AdobeOrg=1176715910%7CMCIDTS%7C19381%7CvVersion%7C5.4.0
HTTP/1.1 404 Not Found
Date: Mon, 23 Jan 2023 16:56:11 GMT
Server: Apache
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
nyt-ep.com/dfcu/pages/images/2fonline-deposit-d1-desktop-v2.svg
103.120.66.134404 Not Found 16 B URL HTTP/1.1 nyt-ep.com/dfcu/pages/images/2fonline-deposit-d1-desktop-v2.svg
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
Hash 4845f01eaa8068384625e302e9a4eb05
fb6ff8293fa45e17ba97f84954e7d1d5b0d38f87
8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41
Analyzer Verdict Alert fortinet Phishing
GET /dfcu/pages/images/2fonline-deposit-d1-desktop-v2.svg HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35; AMCV_46051B125B89FACB0A495DD6%40AdobeOrg=1176715910%7CMCIDTS%7C19381%7CvVersion%7C5.4.0
HTTP/1.1 404 Not Found
Date: Mon, 23 Jan 2023 16:56:11 GMT
Server: Apache
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
nyt-ep.com/content/dam/dcu/global/iconography/icon_alert_bell.svg
103.120.66.134404 Not Found 16 B URL HTTP/1.1 nyt-ep.com/content/dam/dcu/global/iconography/icon_alert_bell.svg
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
Hash 4845f01eaa8068384625e302e9a4eb05
fb6ff8293fa45e17ba97f84954e7d1d5b0d38f87
8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41
Analyzer Verdict Alert fortinet Phishing
GET /content/dam/dcu/global/iconography/icon_alert_bell.svg HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35; AMCV_46051B125B89FACB0A495DD6%40AdobeOrg=1176715910%7CMCIDTS%7C19381%7CvVersion%7C5.4.0
HTTP/1.1 404 Not Found
Date: Mon, 23 Jan 2023 16:56:11 GMT
Server: Apache
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-dependencies.min.js
103.120.66.134404 Not Found 16 B URL HTTP/1.1 nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-dependencies.min.js
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
Hash 4845f01eaa8068384625e302e9a4eb05
fb6ff8293fa45e17ba97f84954e7d1d5b0d38f87
8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41
Analyzer Verdict Alert fortinet Phishing
GET /etc.clientlibs/dcu/clientlibs/clientlib-dependencies.min.js HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35; AMCV_46051B125B89FACB0A495DD6%40AdobeOrg=1176715910%7CMCIDTS%7C19381%7CvVersion%7C5.4.0
HTTP/1.1 404 Not Found
Date: Mon, 23 Jan 2023 16:56:11 GMT
Server: Apache
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
cdn.cookielaw.org/scripttemplates/6.6.0/otBannerSdk.js
104.16.149.64200 OK 73 kB URL HTTP/2 cdn.cookielaw.org/scripttemplates/6.6.0/otBannerSdk.js
IP 104.16.149.64:0
File type ASCII text, with very long lines (65456)
Hash 5ece01a65a40ed057ece4458a68dfec0
2d4afd3be007919bdabf87b2edf10ee5f4069a02
373aa44e78421faaf42f713f339f2a65ea1c511735fda6d018e08424d31848ab
GET /scripttemplates/6.6.0/otBannerSdk.js HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://nyt-ep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 23 Jan 2023 16:56:17 GMT
content-type: application/javascript
content-length: 73082
content-encoding: gzip
content-md5: Xs4BplpA7QV+zkRYpo3+wA==
last-modified: Thu, 10 Sep 2020 01:36:33 GMT
etag: 0x8D85529F2EBAD26
x-ms-request-id: fb775127-f01e-002e-5f6c-c45821000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 48388
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 78e20fd23e57b506-OSL
X-Firefox-Spdy: h2
cdn.cookielaw.org/consent/c0559bcc-8507-4dc8-b64d-5f9540de4716/f04be161-8ac5-4016-a475-250c8ea79fa3/en.json
104.16.149.64200 OK 16 kB URL HTTP/2 cdn.cookielaw.org/consent/c0559bcc-8507-4dc8-b64d-5f9540de4716/f04be161-8ac5-4016-a475-250c8ea79fa3/en.json
IP 104.16.149.64:0
File type JSON data\012- HTML document, Unicode text, UTF-8 text, with very long lines (65494), with no line terminators
Hash 9bdd014fcc09f487a8506aeef9fbbd75
d6f6534c842a6d202c02bca4ecd57e89bfeb9581
2c730534233b5e8d2373d13c27ea97e697e94ba9fdc50cb56f64a4e5c34d493e
GET /consent/c0559bcc-8507-4dc8-b64d-5f9540de4716/f04be161-8ac5-4016-a475-250c8ea79fa3/en.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://nyt-ep.com/
Origin: http://nyt-ep.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 23 Jan 2023 16:56:17 GMT
content-type: application/x-javascript
content-length: 15738
cache-control: public, max-age=86400
content-encoding: gzip
content-md5: m90BT8wJ9IeoUGru+fu9dQ==
last-modified: Thu, 15 Apr 2021 16:18:03 GMT
etag: 0x8D9002A0BBA200A
x-ms-request-id: f36cec62-801e-0008-1a1f-2fc395000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 4774
expires: Tue, 24 Jan 2023 16:56:17 GMT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 78e20fd2a9b0fac0-OSL
X-Firefox-Spdy: h2
nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-site/resources/fonts/icons-v2/dcu-iconset.woff
103.120.66.134404 Not Found 16 B URL HTTP/1.1 nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-site/resources/fonts/icons-v2/dcu-iconset.woff
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
Hash 4845f01eaa8068384625e302e9a4eb05
fb6ff8293fa45e17ba97f84954e7d1d5b0d38f87
8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41
Analyzer Verdict Alert fortinet Phishing
GET /etc.clientlibs/dcu/clientlibs/clientlib-site/resources/fonts/icons-v2/dcu-iconset.woff HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35; AMCV_46051B125B89FACB0A495DD6%40AdobeOrg=1176715910%7CMCIDTS%7C19381%7CvVersion%7C5.4.0
HTTP/1.1 404 Not Found
Date: Mon, 23 Jan 2023 16:56:11 GMT
Server: Apache
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
nyt-ep.com/dfcu/pages/images/CoOpSharedBranches_Homepage_Desktop_IMG_DCU_785x480.jpg
103.120.66.134200 OK 96 kB URL HTTP/1.1 nyt-ep.com/dfcu/pages/images/CoOpSharedBranches_Homepage_Desktop_IMG_DCU_785x480.jpg
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 785x480, components 3\012- data
Hash 4ce75c5b571f6afb0ffa0d84101854e7
2f3966b6a4b7671c7c48b1e9178ce1d297d2e454
25d8f88f86ff9a987a10d958e7fc68ade676fd926c772c65278e4ef1951e9806
GET /dfcu/pages/images/CoOpSharedBranches_Homepage_Desktop_IMG_DCU_785x480.jpg HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 16:56:11 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 19:52:36 GMT
Accept-Ranges: bytes
Content-Length: 95942
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/jpeg
dcu.demdex.net/dest5.html?d_nsid=0
54.195.228.119200 OK 2.8 kB URL HTTP/1.1 dcu.demdex.net/dest5.html?d_nsid=0
IP 54.195.228.119:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: dcu.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://nyt-ep.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Mon, 23 Jan 2023 16:56:17 GMT
DCS: dcs-prod-irl1-1-v045-0078c8bc4.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 28 Oct 2022 11:02:56 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: CMQixbZfRmI=
Content-Length: 2791
Connection: keep-alive
nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-site/resources/fonts/streamline-icons/streamline.woff?i3lmg7
103.120.66.134404 Not Found 16 B URL HTTP/1.1 nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-site/resources/fonts/streamline-icons/streamline.woff?i3lmg7
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
Hash 4845f01eaa8068384625e302e9a4eb05
fb6ff8293fa45e17ba97f84954e7d1d5b0d38f87
8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41
GET /etc.clientlibs/dcu/clientlibs/clientlib-site/resources/fonts/streamline-icons/streamline.woff?i3lmg7 HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35; AMCV_46051B125B89FACB0A495DD6%40AdobeOrg=1176715910%7CMCIDTS%7C19381%7CvVersion%7C5.4.0
HTTP/1.1 404 Not Found
Date: Mon, 23 Jan 2023 16:56:11 GMT
Server: Apache
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
geolocation.onetrust.com/cookieconsentpub/v1/geo/location
104.18.27.85200 OK 90 B URL HTTP/2 geolocation.onetrust.com/cookieconsentpub/v1/geo/location
IP 104.18.27.85:0
Hash 2e77e690c6f6b680d445e265c488e83b
eaa30b429e8b2f1174b2985426b20341bce24e22
85175b9f6443afe26331b4cb25471338b21655d355d408a051e2b6fca6e11913
GET /cookieconsentpub/v1/geo/location HTTP/1.1
Host: geolocation.onetrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://nyt-ep.com
Connection: keep-alive
Referer: http://nyt-ep.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 23 Jan 2023 16:56:16 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 78e20fd1b8e4b500-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.cookielaw.org/scripttemplates/6.6.0/assets/otFlat.json
104.16.149.64200 OK 3.2 kB URL HTTP/2 cdn.cookielaw.org/scripttemplates/6.6.0/assets/otFlat.json
IP 104.16.149.64:0
File type JSON data\012- , ASCII text, with very long lines (9672)
Hash 47ba8eaf55829668400cecdbcf9b3e07
e280e33dff680d601fad7ba2d8f41eff11da0d7c
571f78123a1c0c3ebcb93b3fe97f5a2f69e53c48c5a16d1f32c72943f6e85145
GET /scripttemplates/6.6.0/assets/otFlat.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://nyt-ep.com/
Origin: http://nyt-ep.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 23 Jan 2023 16:56:17 GMT
content-type: application/json
content-length: 3248
content-encoding: gzip
content-md5: R7qOr1WClmhADOzbz5s+Bw==
last-modified: Thu, 10 Sep 2020 01:36:24 GMT
etag: 0x8D85529EDFDCA3B
x-ms-request-id: b4b83afe-a01e-009c-2e1f-2fa35b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 4774
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 78e20fd31a2cfac0-OSL
X-Firefox-Spdy: h2
cdn.cookielaw.org/scripttemplates/6.6.0/assets/v2/otPcCenter.json
104.16.149.64200 OK 11 kB URL HTTP/2 cdn.cookielaw.org/scripttemplates/6.6.0/assets/v2/otPcCenter.json
IP 104.16.149.64:0
File type JSON data\012- , ASCII text, with very long lines (35353)
Hash c02d6ca4a5811af86c8689866913ef0d
5a0a11caf578da67f36184cdce46225bea179e81
4fbf0073dc91cd15e0f6ffbb329bcab7bdf9ff1d1eaee05cf6908ca0c1869601
GET /scripttemplates/6.6.0/assets/v2/otPcCenter.json HTTP/1.1
Host: cdn.cookielaw.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://nyt-ep.com/
Origin: http://nyt-ep.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 23 Jan 2023 16:56:17 GMT
content-type: application/json
content-length: 11200
content-encoding: gzip
content-md5: wC1spKWBGvhshomGaRPvDQ==
last-modified: Thu, 10 Sep 2020 01:36:26 GMT
etag: 0x8D85529EF3215A4
x-ms-request-id: be4c1c5b-101e-00e8-3c1f-2f251d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 4773
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 78e20fd31a33fac0-OSL
X-Firefox-Spdy: h2
nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-site.min.js
103.120.66.134404 Not Found 16 B URL HTTP/1.1 nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-site.min.js
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
Hash 4845f01eaa8068384625e302e9a4eb05
fb6ff8293fa45e17ba97f84954e7d1d5b0d38f87
8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41
Analyzer Verdict Alert fortinet Phishing
GET /etc.clientlibs/dcu/clientlibs/clientlib-site.min.js HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35; AMCV_46051B125B89FACB0A495DD6%40AdobeOrg=1176715910%7CMCIDTS%7C19381%7CMCMID%7C06298122698517674154575692914375483405%7CMCAAMLH-1675097775%7C6%7CMCAAMB-1675097775%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1674500175s%7CNONE%7CvVersion%7C5.4.0; _gcl_au=1.1.1964612948.1674492975; AMCVS_46051B125B89FACB0A495DD6%40AdobeOrg=1
HTTP/1.1 404 Not Found
Date: Mon, 23 Jan 2023 16:56:11 GMT
Server: Apache
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
nyt-ep.com/dfcu/pages/images/DCU_IMG_LOC_HomePage_C03_292_440_Desktop_MegaNavLearn_01.jpg
103.120.66.134200 OK 36 kB URL HTTP/1.1 nyt-ep.com/dfcu/pages/images/DCU_IMG_LOC_HomePage_C03_292_440_Desktop_MegaNavLearn_01.jpg
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, software=Adobe Photoshop CC 2019 (Macintosh)\012- GLS_BINARY_LSB_FIRST], baseline, precision 8, 440x292, components 3\012- data
Hash 7421f489aa4c64f5407f5ac8394b3b37
fb7906eb70324ef630c668b97d1e04d3eed25a88
0425a61674698dabd616971a8990cf6249c12192c33d4b974a8eb73f9ca2de99
GET /dfcu/pages/images/DCU_IMG_LOC_HomePage_C03_292_440_Desktop_MegaNavLearn_01.jpg HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 16:56:11 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 03:13:28 GMT
Accept-Ranges: bytes
Content-Length: 36348
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/jpeg
assets.adobedtm.com/c710ed4af822/9928f11b8b77/03e4e4aa16b6/RC62a2ef1e23d34429ad32513353526ffa-source.min.js
2.18.172.233200 OK 230 B URL HTTP/2 assets.adobedtm.com/c710ed4af822/9928f11b8b77/03e4e4aa16b6/RC62a2ef1e23d34429ad32513353526ffa-source.min.js
IP 2.18.172.233:0
Hash fdb0ca042e706f2874dce4eb044de256
cdfcc242bf2aa469e8e501e4b89a1fb2581528ba
c997ff6f6e7edf2b9ca57fc7070866244cc5856db3953c8e9cd2788f2b3c8111
GET /c710ed4af822/9928f11b8b77/03e4e4aa16b6/RC62a2ef1e23d34429ad32513353526ffa-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://nyt-ep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "90193861a40ab691b353c1aa746e08bd:1673997953.423119"
last-modified: Tue, 17 Jan 2023 23:25:53 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 230
cache-control: max-age=3600
expires: Mon, 23 Jan 2023 17:56:17 GMT
date: Mon, 23 Jan 2023 16:56:17 GMT
access-control-allow-origin: http://nyt-ep.com
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/c710ed4af822/9928f11b8b77/03e4e4aa16b6/RC5eb41e0290124fe59845d03b303da898-source.min.js
2.18.172.233200 OK 293 B URL HTTP/2 assets.adobedtm.com/c710ed4af822/9928f11b8b77/03e4e4aa16b6/RC5eb41e0290124fe59845d03b303da898-source.min.js
IP 2.18.172.233:0
File type HTML document, ASCII text, with very long lines (310)
Hash ddc2ca98d3c6c09433c068ed7f4e42b2
3ffc62d10a0a4b823c03d033b250195adcfca717
841aaf3a0d2700906a99dc7969bcea7d967ca269bde671779ef2354b4c3c3ba7
GET /c710ed4af822/9928f11b8b77/03e4e4aa16b6/RC5eb41e0290124fe59845d03b303da898-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://nyt-ep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "90193861a40ab691b353c1aa746e08bd:1673997953.423119"
last-modified: Tue, 17 Jan 2023 23:25:53 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 293
cache-control: max-age=3600
expires: Mon, 23 Jan 2023 17:56:17 GMT
date: Mon, 23 Jan 2023 16:56:17 GMT
access-control-allow-origin: http://nyt-ep.com
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/c710ed4af822/9928f11b8b77/03e4e4aa16b6/RCf7fcd89d8991451b8863814935e70d0d-source.min.js
2.18.172.233200 OK 251 B URL HTTP/2 assets.adobedtm.com/c710ed4af822/9928f11b8b77/03e4e4aa16b6/RCf7fcd89d8991451b8863814935e70d0d-source.min.js
IP 2.18.172.233:0
File type HTML document, ASCII text
Hash ff249ea4ade03bf3fb36def6ffb14e08
b4605eba2780415cd7f1fc3965e9d96c70ecadaf
95b1b5bc0860c6296a1826efdc1c1d0547925b7466b6af66ce9f384595e4eb35
GET /c710ed4af822/9928f11b8b77/03e4e4aa16b6/RCf7fcd89d8991451b8863814935e70d0d-source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://nyt-ep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "90193861a40ab691b353c1aa746e08bd:1673997953.423119"
last-modified: Tue, 17 Jan 2023 23:25:53 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 251
cache-control: max-age=3600
expires: Mon, 23 Jan 2023 17:56:17 GMT
date: Mon, 23 Jan 2023 16:56:17 GMT
access-control-allow-origin: http://nyt-ep.com
timing-allow-origin: *
X-Firefox-Spdy: h2
nyt-ep.com/content/dam/dcu/global/home/images/DCU_IMG_LOC_HomePage_C03_292_440_Desktop_MegaNavLearn_01.jpg
103.120.66.134404 Not Found 16 B URL HTTP/1.1 nyt-ep.com/content/dam/dcu/global/home/images/DCU_IMG_LOC_HomePage_C03_292_440_Desktop_MegaNavLearn_01.jpg
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
Hash 4845f01eaa8068384625e302e9a4eb05
fb6ff8293fa45e17ba97f84954e7d1d5b0d38f87
8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41
GET /content/dam/dcu/global/home/images/DCU_IMG_LOC_HomePage_C03_292_440_Desktop_MegaNavLearn_01.jpg HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 404 Not Found
Date: Mon, 23 Jan 2023 16:56:11 GMT
Server: Apache
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-site/resources/fonts/icons-v2/dcu-iconset.ttf
103.120.66.134404 Not Found 16 B URL HTTP/1.1 nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-site/resources/fonts/icons-v2/dcu-iconset.ttf
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
Hash 4845f01eaa8068384625e302e9a4eb05
fb6ff8293fa45e17ba97f84954e7d1d5b0d38f87
8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41
Analyzer Verdict Alert fortinet Phishing
GET /etc.clientlibs/dcu/clientlibs/clientlib-site/resources/fonts/icons-v2/dcu-iconset.ttf HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35; AMCV_46051B125B89FACB0A495DD6%40AdobeOrg=1176715910%7CMCIDTS%7C19381%7CMCMID%7C06298122698517674154575692914375483405%7CMCAAMLH-1675097775%7C6%7CMCAAMB-1675097775%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1674500175s%7CNONE%7CvVersion%7C5.4.0; _gcl_au=1.1.1964612948.1674492975; AMCVS_46051B125B89FACB0A495DD6%40AdobeOrg=1
HTTP/1.1 404 Not Found
Date: Mon, 23 Jan 2023 16:56:11 GMT
Server: Apache
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
fonts.gstatic.com/s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc9iB85tU1E.woff2
216.58.207.227200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc9iB85tU1E.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 17156, version 1.0\012- data
Hash 7e344afc10a492d516789f072fa6edfd
f38bd0b4e9d0577528f533b8ecd80801a0c6340f
c84423c305779f2aab07847a2e3870ac1ea4072e470d5eb149c01e0e0497eae3
GET /s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc9iB85tU1E.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://nyt-ep.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17156
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 17 Jan 2023 04:28:41 GMT
expires: Wed, 17 Jan 2024 04:28:41 GMT
cache-control: public, max-age=31536000
age: 563256
last-modified: Mon, 09 May 2022 18:33:24 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
nyt-ep.com/dfcu/pages/images/home-sale-d1-desktop-v2.svg
103.120.66.134200 OK 33 kB URL HTTP/1.1 nyt-ep.com/dfcu/pages/images/home-sale-d1-desktop-v2.svg
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (32823), with no line terminators
Hash 3ebf5c5b24a2b9485b9edad8b6d96716
640cf83ae47e488e5059eb2172c3b3f746195bb7
34f413b6d7d867790e3edc48b3eedd7c5d4e744fcbb31cd9005ce4c4123d21bf
Analyzer Verdict Alert fortinet Phishing
GET /dfcu/pages/images/home-sale-d1-desktop-v2.svg HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35; AMCV_46051B125B89FACB0A495DD6%40AdobeOrg=1176715910%7CMCIDTS%7C19381%7CvVersion%7C5.4.0
HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 16:56:11 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 03:00:56 GMT
Accept-Ranges: bytes
Content-Length: 32823
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/svg+xml
nyt-ep.com/dfcu/pages/images/car-refinance-d1-desktop-v2.svg
103.120.66.134200 OK 28 kB URL HTTP/1.1 nyt-ep.com/dfcu/pages/images/car-refinance-d1-desktop-v2.svg
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (28114), with no line terminators
Hash 0a40425e1d714527c920856750183342
3ae565b07798eab6d67f1855ec37338870845022
7527159310871f9a756224bea898b3e52f57107a78ef421944d16d7aaa49d7ba
Analyzer Verdict Alert fortinet Phishing
GET /dfcu/pages/images/car-refinance-d1-desktop-v2.svg HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35; AMCV_46051B125B89FACB0A495DD6%40AdobeOrg=1176715910%7CMCIDTS%7C19381%7CvVersion%7C5.4.0
HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 16:56:11 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 03:01:02 GMT
Accept-Ranges: bytes
Content-Length: 28114
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/svg+xml
nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-site/resources/fonts/icons-v5/dcu-iconset.ttf
103.120.66.134404 Not Found 16 B URL HTTP/1.1 nyt-ep.com/etc.clientlibs/dcu/clientlibs/clientlib-site/resources/fonts/icons-v5/dcu-iconset.ttf
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
Hash 4845f01eaa8068384625e302e9a4eb05
fb6ff8293fa45e17ba97f84954e7d1d5b0d38f87
8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41
Analyzer Verdict Alert fortinet Phishing
GET /etc.clientlibs/dcu/clientlibs/clientlib-site/resources/fonts/icons-v5/dcu-iconset.ttf HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35; AMCV_46051B125B89FACB0A495DD6%40AdobeOrg=1176715910%7CMCIDTS%7C19381%7CMCMID%7C06298122698517674154575692914375483405%7CMCAAMLH-1675097775%7C6%7CMCAAMB-1675097775%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1674500175s%7CNONE%7CvVersion%7C5.4.0; _gcl_au=1.1.1964612948.1674492975; AMCVS_46051B125B89FACB0A495DD6%40AdobeOrg=1
HTTP/1.1 404 Not Found
Date: Mon, 23 Jan 2023 16:56:11 GMT
Server: Apache
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
nyt-ep.com/content/dam/dcu/global/pdp/images/DCU_IMG_LOC_PDP_Ltd-Savings_C10_1280_920_Mobile_PageHero_01.jpg
103.120.66.134404 Not Found 16 B URL HTTP/1.1 nyt-ep.com/content/dam/dcu/global/pdp/images/DCU_IMG_LOC_PDP_Ltd-Savings_C10_1280_920_Mobile_PageHero_01.jpg
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
Hash 4845f01eaa8068384625e302e9a4eb05
fb6ff8293fa45e17ba97f84954e7d1d5b0d38f87
8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41
GET /content/dam/dcu/global/pdp/images/DCU_IMG_LOC_PDP_Ltd-Savings_C10_1280_920_Mobile_PageHero_01.jpg HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 404 Not Found
Date: Mon, 23 Jan 2023 16:56:11 GMT
Server: Apache
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
nyt-ep.com/dfcu/pages/images/posh-x-preview.svg
103.120.66.134200 OK 1.2 kB URL HTTP/1.1 nyt-ep.com/dfcu/pages/images/posh-x-preview.svg
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1151), with no line terminators
Hash 792e843f285831f242dca3465146a6ea
d547de7d11193a06b451f54448408f348ef4a328
71703123c9ce9d2815e8cf7a3163029724bdc4d21bcd43d03555b69d3acfed77
Analyzer Verdict Alert fortinet Phishing
GET /dfcu/pages/images/posh-x-preview.svg HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 16:56:11 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 03:00:08 GMT
Accept-Ranges: bytes
Content-Length: 1151
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/svg+xml
nyt-ep.com/dfcu/pages/images/posh-chat-icon.svg
103.120.66.134200 OK 1.0 kB URL HTTP/1.1 nyt-ep.com/dfcu/pages/images/posh-chat-icon.svg
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (754)
Hash 0f7115219b8a3a18bf811e1a23ffa087
1ef737dd89cc22a085abfdb837f2eb8550ee60fd
f5ab44a42bb3511def08dbe24e0755f71d2185fc3d20202e4ca2880c88cbfbd3
Analyzer Verdict Alert fortinet Phishing
GET /dfcu/pages/images/posh-chat-icon.svg HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 16:56:11 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 03:00:12 GMT
Accept-Ranges: bytes
Content-Length: 1023
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/svg+xml
content-cdn.com/404/dWdnYzovL2FsZy1yYy5wYnovcXNwaC9jbnRyZi8=.gif
3.91.119.191301 Moved Permanently 0 B URL HTTP/1.1 content-cdn.com/404/dWdnYzovL2FsZy1yYy5wYnovcXNwaC9jbnRyZi8=.gif
IP 3.91.119.191:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /404/dWdnYzovL2FsZy1yYy5wYnovcXNwaC9jbnRyZi8=.gif HTTP/1.1
Host: content-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/
HTTP/1.1 301 Moved Permanently
location: https://content-cdn.com/404/dWdnYzovL2FsZy1yYy5wYnovcXNwaC9jbnRyZi8=.gif
vary: Accept-Encoding
date: Mon, 23 Jan 2023 16:56:17 GMT
server: envoy
content-length: 0
nyt-ep.com/dfcu/pages/images/member-referral-green-icon.svg
103.120.66.134200 OK 3.3 kB URL HTTP/1.1 nyt-ep.com/dfcu/pages/images/member-referral-green-icon.svg
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 0beebffec28075d2c29e62cd6ccc5fc1
1207f15ff69c9c906741edc7a31fcbf39cbf0fff
9de2eae9a2eae78742561b3e72804a9ef2c5ba19c1758df6da2b177b0f839bf5
Analyzer Verdict Alert fortinet Phishing
GET /dfcu/pages/images/member-referral-green-icon.svg HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 16:56:11 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 03:14:02 GMT
Accept-Ranges: bytes
Content-Length: 3288
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/svg+xml
nyt-ep.com/dfcu/pages/images/icon-support-center.svg
103.120.66.134200 OK 2.8 kB URL HTTP/1.1 nyt-ep.com/dfcu/pages/images/icon-support-center.svg
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (412)
Hash 5a33f853271cdbc9ca2c14c17735bf69
ec77cee92c68a889881233874072309e252492f4
66c03a9263f23f487f434d7cfd4d7abfc0254c1c062f14342c8bbaee7a540ba1
Analyzer Verdict Alert fortinet Phishing
GET /dfcu/pages/images/icon-support-center.svg HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 16:56:12 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 03:01:18 GMT
Accept-Ranges: bytes
Content-Length: 2796
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: image/svg+xml
nyt-ep.com/dfcu/pages/images/icon-app-status.svg
103.120.66.134200 OK 10 kB URL HTTP/1.1 nyt-ep.com/dfcu/pages/images/icon-app-status.svg
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (339)
Hash c8a5e0977d6dc1c7dd7fa0cc54aa8926
0af92b55161a662086ec57b56d701e5383c4470b
4d1e205c81f050c8fb8e79b8a3ab336d3dcca333f40b3eff1e0c5c3b2e66145d
Analyzer Verdict Alert fortinet Phishing
GET /dfcu/pages/images/icon-app-status.svg HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 16:56:12 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 03:01:32 GMT
Accept-Ranges: bytes
Content-Length: 10543
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/svg+xml
nyt-ep.com/dfcu/pages/images/icon-make-payment.svg
103.120.66.134200 OK 6.8 kB URL HTTP/1.1 nyt-ep.com/dfcu/pages/images/icon-make-payment.svg
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (592)
Hash 14e7f0c3d4afe430c22967b0812c5920
6e827cd737349f334b8f2bc612dbd9eeed91f6d5
b5619bb90846a8aa8039d10c29bd14ca92d7b67d8b2f9c72c3be703792faeb84
Analyzer Verdict Alert fortinet Phishing
GET /dfcu/pages/images/icon-make-payment.svg HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 16:56:12 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 03:01:22 GMT
Accept-Ranges: bytes
Content-Length: 6827
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: image/svg+xml
nyt-ep.com/dfcu/pages/images/icon-appointment.svg
103.120.66.134200 OK 4.7 kB URL HTTP/1.1 nyt-ep.com/dfcu/pages/images/icon-appointment.svg
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (353)
Hash 1ac7121c2d378b161df4b4727c71cc16
16863445f822444af4de70fdb43fb869c5ee380d
69bf6079c5be622f8430ac2fd89573940ebd7fbce890a76e9ccae80383059ffa
Analyzer Verdict Alert fortinet Phishing
GET /dfcu/pages/images/icon-appointment.svg HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 16:56:12 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 03:01:26 GMT
Accept-Ranges: bytes
Content-Length: 4687
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/svg+xml
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e333732f7b3a1fc3a8d02ca27e17dae1
c36c4826895c3bd8f41404139c1cf2588bfc67d3
9b9b9c388c2a937c76b65febccbc1c56e7bf788f58c89908b704ebffaa1a810d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B9B9C388C2A937C76B65FEBCCBC1C56E7BF788F58C89908B704EBFFAA1A810D"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17387
Expires: Mon, 23 Jan 2023 21:46:04 GMT
Date: Mon, 23 Jan 2023 16:56:17 GMT
Connection: keep-alive
nyt-ep.com/dfcu/pages/images/DCU_ILLUS_LOC_HomePage_C08_YourOpinion_01.svg.svg
103.120.66.134200 OK 2.4 kB URL HTTP/1.1 nyt-ep.com/dfcu/pages/images/DCU_ILLUS_LOC_HomePage_C08_YourOpinion_01.svg.svg
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1840)
Hash 8c514a5cdac7db8d0c67eccd38a06c08
5e8d2e63aaab7f7b8c2053cbb6385947d0f9c9d0
cf6ecfd0981cc0a1c5206ad41982ba9e80968159727a77f3a61cca825ee2820b
Analyzer Verdict Alert fortinet Phishing
GET /dfcu/pages/images/DCU_ILLUS_LOC_HomePage_C08_YourOpinion_01.svg.svg HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 16:56:12 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 03:02:24 GMT
Accept-Ranges: bytes
Content-Length: 2363
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: image/svg+xml
content-cdn.com/404/dWdnYzovL2FsZy1yYy5wYnovcXNwaC9jbnRyZi8=.gif
3.91.119.191200 OK 43 B URL HTTP/2 content-cdn.com/404/dWdnYzovL2FsZy1yYy5wYnovcXNwaC9jbnRyZi8=.gif
IP 3.91.119.191:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /404/dWdnYzovL2FsZy1yYy5wYnovcXNwaC9jbnRyZi8=.gif HTTP/1.1
Host: content-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://nyt-ep.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: envoy
date: Mon, 23 Jan 2023 16:56:17 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
x-envoy-upstream-service-time: 2
X-Firefox-Spdy: h2
nyt-ep.com/dfcu/pages/images/DCU_ILLUS_LOC_HomePage_C08_ForWholeFamily_01.svg.svg
103.120.66.134200 OK 2.7 kB URL HTTP/1.1 nyt-ep.com/dfcu/pages/images/DCU_ILLUS_LOC_HomePage_C08_ForWholeFamily_01.svg.svg
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2179)
Hash 4af36e10b40225d586e87c7d75f07117
df4c0610528b2a5bc17bb65c6cdd14059da8864d
f3cdd5493d961f49fe4156ac46a6b7fcd6f7ffabacf5062b9465965b65c9c782
Analyzer Verdict Alert fortinet Phishing
GET /dfcu/pages/images/DCU_ILLUS_LOC_HomePage_C08_ForWholeFamily_01.svg.svg HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 16:56:12 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 03:02:34 GMT
Accept-Ranges: bytes
Content-Length: 2704
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/svg+xml
nyt-ep.com/dfcu/pages/images/DCU_ILLUS_LOC_HomePage_C08_Balance_01.svg.svg
103.120.66.134200 OK 4.7 kB URL HTTP/1.1 nyt-ep.com/dfcu/pages/images/DCU_ILLUS_LOC_HomePage_C08_Balance_01.svg.svg
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4148)
Hash 00c0f3d82ff9debcc39759f72963a8b0
6e2497236cab8d0485cec43ac56148c27d4654cf
f08ad378538234bfbf1640a61f0bc30de6e05af8851234b6502ccd842188ff17
Analyzer Verdict Alert fortinet Phishing
GET /dfcu/pages/images/DCU_ILLUS_LOC_HomePage_C08_Balance_01.svg.svg HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 16:56:12 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 03:02:46 GMT
Accept-Ranges: bytes
Content-Length: 4653
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: image/svg+xml
nyt-ep.com/dfcu/pages/images/DCU_ILLUS_LOC_HomePage_C08_FinTech_01.svg.svg
103.120.66.134200 OK 3.1 kB URL HTTP/1.1 nyt-ep.com/dfcu/pages/images/DCU_ILLUS_LOC_HomePage_C08_FinTech_01.svg.svg
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2579)
Hash 1e780af2f0fa7a524a07f3e32f4d8c98
41ca31c714ce37d04e5ec89f85001bb523d01dcb
bceb755e5bf696cf08fcb0e9de9ae79c09df6a9d407e1916d533cd9e11e35b8a
Analyzer Verdict Alert fortinet Phishing
GET /dfcu/pages/images/DCU_ILLUS_LOC_HomePage_C08_FinTech_01.svg.svg HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 16:56:12 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 03:02:38 GMT
Accept-Ranges: bytes
Content-Length: 3090
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/svg+xml
nyt-ep.com/dfcu/pages/images/DCU_ILLUS_LOC_HomePage_C08_DCUKids_01.svg
103.120.66.134200 OK 7.6 kB URL HTTP/1.1 nyt-ep.com/dfcu/pages/images/DCU_ILLUS_LOC_HomePage_C08_DCUKids_01.svg
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7106)
Hash b77182416a0855cd435f979cee8f3090
7a626d7ba177247e4d895c65ddf4c3bd22e9defd
117118cab1952e74559082f081c6a4266af78a8fbdf524c62b77d21ebdb03a38
Analyzer Verdict Alert fortinet Phishing
GET /dfcu/pages/images/DCU_ILLUS_LOC_HomePage_C08_DCUKids_01.svg HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 16:56:12 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 03:02:42 GMT
Accept-Ranges: bytes
Content-Length: 7617
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: image/svg+xml
nyt-ep.com/dfcu/pages/images/DCU_ILLUS_LOC_HomePage_C08_GrowthFountain_01.svg.svg
103.120.66.134200 OK 11 kB URL HTTP/1.1 nyt-ep.com/dfcu/pages/images/DCU_ILLUS_LOC_HomePage_C08_GrowthFountain_01.svg.svg
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (10419)
Hash 79b4cd1927bad2c4f846101260ced0f8
edb0f0e46c10941adf3f22496672756871baca2f
e1492057b6afa7f6a3100d0cfc64295104eaedf78bf29b7bfcb9c544c0605a9d
Analyzer Verdict Alert fortinet Phishing
GET /dfcu/pages/images/DCU_ILLUS_LOC_HomePage_C08_GrowthFountain_01.svg.svg HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 16:56:12 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 03:02:28 GMT
Accept-Ranges: bytes
Content-Length: 10946
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/svg+xml
nyt-ep.com/dfcu/pages/images/DCU_LOG_GLO_HomePage_C02_NCUA_01.svg
103.120.66.134200 OK 59 kB URL HTTP/1.1 nyt-ep.com/dfcu/pages/images/DCU_LOG_GLO_HomePage_C02_NCUA_01.svg
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (59083), with no line terminators
Hash 7ee75b5e9fa5f076dd546c82e68f0624
61206c21384a131598199aed3fe0dadc1bb17f10
a3fcc13b7049795c8cb6e080e1b9848850178cbbce32b9771dd39868f8bd1774
Analyzer Verdict Alert fortinet Phishing
GET /dfcu/pages/images/DCU_LOG_GLO_HomePage_C02_NCUA_01.svg HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 16:56:12 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 03:02:58 GMT
Accept-Ranges: bytes
Content-Length: 59083
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: image/svg+xml
nyt-ep.com/content/dam/dcu/global/home/images/SurchargeFreeATMs_Homepage_Desktop_IMG_DCU_785x480.jpg
103.120.66.134404 Not Found 16 B URL HTTP/1.1 nyt-ep.com/content/dam/dcu/global/home/images/SurchargeFreeATMs_Homepage_Desktop_IMG_DCU_785x480.jpg
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
Hash 4845f01eaa8068384625e302e9a4eb05
fb6ff8293fa45e17ba97f84954e7d1d5b0d38f87
8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41
GET /content/dam/dcu/global/home/images/SurchargeFreeATMs_Homepage_Desktop_IMG_DCU_785x480.jpg HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 404 Not Found
Date: Mon, 23 Jan 2023 16:56:12 GMT
Server: Apache
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
nyt-ep.com/content/dam/dcu/global/home/images/DCUBranches_Homepage_Desktop_IMG_DCU_785x480.jpg
103.120.66.134404 Not Found 16 B URL HTTP/1.1 nyt-ep.com/content/dam/dcu/global/home/images/DCUBranches_Homepage_Desktop_IMG_DCU_785x480.jpg
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
Hash 4845f01eaa8068384625e302e9a4eb05
fb6ff8293fa45e17ba97f84954e7d1d5b0d38f87
8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41
GET /content/dam/dcu/global/home/images/DCUBranches_Homepage_Desktop_IMG_DCU_785x480.jpg HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 404 Not Found
Date: Mon, 23 Jan 2023 16:56:12 GMT
Server: Apache
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
nyt-ep.com/dfcu/pages/images/march-db-carousel-desktop.jpg
103.120.66.134200 OK 174 kB URL HTTP/1.1 nyt-ep.com/dfcu/pages/images/march-db-carousel-desktop.jpg
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1600x375, components 3\012- data
Size 174 kB (174212 bytes)
Hash 7503c32ccdf480e9c89be532dfb693a9
5cc5d39df54b989e316daf116736c87fd9106618
86386a40c20ecbe084a928d847baa15e843bb523aaed4c4fdf224d128b013a80
GET /dfcu/pages/images/march-db-carousel-desktop.jpg HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 16:56:11 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 19:27:02 GMT
Accept-Ranges: bytes
Content-Length: 174212
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/jpeg
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash da1c14e259c4759fbf9c35a6774aa540
fd3063eea9538d5958cf5167eb6d6c2e716322d8
4332bf54e551bff1550995e8d5827cb9742bbbf4a51dbce42dd698e1e66578d0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3248
Cache-Control: max-age=112960
Content-Type: application/ocsp-response
Date: Mon, 23 Jan 2023 16:56:18 GMT
Etag: "63cdc5c2-1d7"
Expires: Wed, 25 Jan 2023 00:18:58 GMT
Last-Modified: Sun, 22 Jan 2023 23:24:50 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 28 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash 9ba458c0d3060a442f3094daf58ec05d
fc35d487d0dd81e6855f1b02367b755609d9608d
17087257ea25c2232c025f338b9f3153d35c3d953cb382b7b6e01728a643bc0b
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://nyt-ep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
origin-agent-cluster: ?0
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: 651lznJWnfbCnNfNo0QfX+hw08d5DVv9waBCSjWMn2rb0uk/wkXS+IWPMTvoQe423nvnmvzBZFKhamF9m/zIIw==
content-length: 27859
x-fb-trip-id: 1904183273
date: Mon, 23 Jan 2023 16:56:18 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash da1c14e259c4759fbf9c35a6774aa540
fd3063eea9538d5958cf5167eb6d6c2e716322d8
4332bf54e551bff1550995e8d5827cb9742bbbf4a51dbce42dd698e1e66578d0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3248
Cache-Control: max-age=112960
Content-Type: application/ocsp-response
Date: Mon, 23 Jan 2023 16:56:18 GMT
Etag: "63cdc5c2-1d7"
Expires: Wed, 25 Jan 2023 00:18:58 GMT
Last-Modified: Sun, 22 Jan 2023 23:24:50 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
nyt-ep.com/dfcu/pages/images/cares-community-desktop.jpg
103.120.66.134200 OK 231 kB URL HTTP/1.1 nyt-ep.com/dfcu/pages/images/cares-community-desktop.jpg
IP 103.120.66.134:0
ASN #137373 PT. SUITEN INOVASI SUKSES
File type JPEG image data, progressive, precision 8, 1136x424, components 3\012- data
Size 231 kB (231071 bytes)
Hash 959ecf7f5b9b96e8d8002e4f941be362
e9a0d8fd8ad78a444d006c00d84b2cb2a5d13977
9efabdc02b60e20724ec6ffde66503d5809659a8019635a221dcc6771a07f0a5
GET /dfcu/pages/images/cares-community-desktop.jpg HTTP/1.1
Host: nyt-ep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://nyt-ep.com/dfcu/pages/
Cookie: PHPSESSID=ua56qqria1tjasu7uksl78mv35
HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 16:56:12 GMT
Server: Apache
Last-Modified: Sun, 22 Jan 2023 19:46:12 GMT
Accept-Ranges: bytes
Content-Length: 231071
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/jpeg
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash a456b385ac21f1fc7cc5425834f34ea2
f30a7295147251c855a1be1d392b342e5ec3c2c1
c41823c292afa219b3751539d8d7ec7dd3e9ed8f430d79bd8d69a2c350cff70c
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=162622
Date: Mon, 23 Jan 2023 16:56:18 GMT
Etag: "63ce9321-1d7"
Expires: Wed, 25 Jan 2023 14:06:40 GMT
Last-Modified: Mon, 23 Jan 2023 14:01:05 GMT
Server: ECS (nyb/1D28)
X-Cache: Miss from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: -UufYc8Mt_4TysgFrK_b5U8OTPWkOcgSb23JrpdcjaaAZN-al4v1ng==
Age: 335
cm.everesttech.net/cm/dd?d_uuid=05946962606349550474574922212469595997
18.203.152.154302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=05946962606349550474574922212469595997
IP 18.203.152.154:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=05946962606349550474574922212469595997 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://nyt-ep.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Mon, 23 Jan 2023 16:56:18 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y868MgAAAN6CowNn; Domain=.everesttech.net; Expires=Tue, 23-Jan-2024 16:56:18 GMT; Path=/
everest_session_v2=Y868MgAAAN6CpANn; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y868MgAAAN6CowNn
Server: AMO-cookiemap/1.1
dpm.demdex.net/ibs:dpid=411&dpuuid=Y868MgAAAN6CowNn
52.50.220.58302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=Y868MgAAAN6CowNn
IP 52.50.220.58:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=Y868MgAAAN6CowNn HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://nyt-ep.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v045-00c503e2b.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y868MgAAAN6CowNn
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=01603849306521766683588688435045782962; Max-Age=15552000; Expires=Sat, 22 Jul 2023 16:56:18 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: I14UHeUPS34=
Content-Length: 0
Connection: keep-alive
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y868MgAAAN6CowNn
52.50.220.58200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y868MgAAAN6CowNn
IP 52.50.220.58:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y868MgAAAN6CowNn HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://nyt-ep.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-1-v045-0a888e68a.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: 571lSkIbSqI=
Content-Length: 59
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c2b121535c97a161af606db244ce6b00
e06374109ea89a4027367a461038adac9471b0c4
813d7c09190e4dbb8270a5f1ac3e57517119e6cbb0ae7e2e43be98718fd82941
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5119
Cache-Control: max-age=158419
Content-Type: application/ocsp-response
Date: Mon, 23 Jan 2023 16:56:19 GMT
Etag: "63ce7007-1d7"
Expires: Wed, 25 Jan 2023 12:56:38 GMT
Last-Modified: Mon, 23 Jan 2023 11:31:19 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
zn55evi07xtyfax2u-dcu.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_55evi07XtYFAX2u
104.17.209.240200 OK 0 B URL HTTP/2 zn55evi07xtyfax2u-dcu.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_55evi07XtYFAX2u
IP 104.17.209.240:0
GET /WRSiteInterceptEngine/?Q_ZID=ZN_55evi07XtYFAX2u HTTP/1.1
Host: zn55evi07xtyfax2u-dcu.siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://nyt-ep.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 23 Jan 2023 16:56:19 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 78e20fdeda2eb512-OSL
access-control-allow-origin: *
age: 4774
cache-control: public, max-age=3600, s-maxage=604800
etag: W/"2127-WiNSHC344sCBzL6Whp27rKx0npw"
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=8487
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Nunito+Sans:300,400,600,700,800
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Nunito+Sans:300,400,600,700,800
IP 142.250.74.106:0
GET /css?family=Nunito+Sans:300,400,600,700,800 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://nyt-ep.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 23 Jan 2023 16:56:14 GMT
date: Mon, 23 Jan 2023 16:56:14 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2