firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 03 Sep 2022 21:43:17 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: _tpgERM0n2capz9xekkCVXrEJsRaSN4gpiY3EeFte7yr63cpNHDz5A==
Age: 1180
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bcdebf7a2bad5db595e8a0c1abb2ddcb
249dda2fa5e37b8a8f3a8c797193bf0874b6eedc
9b43ec48b16f96449208a0094c4d660806a2a2d344b5862dbff4c393bf3f9f9f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B43EC48B16F96449208A0094C4D660806A2A2D344B5862DBFF4C393BF3F9F9F"
Last-Modified: Thu, 01 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3905
Expires: Sat, 03 Sep 2022 23:08:02 GMT
Date: Sat, 03 Sep 2022 22:02:57 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 03 Sep 2022 01:15:18 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: j5KwNcQ_CB-NpUdFjsEdTJGbFNO172QrEPMsc3MPEdh6OZwxYNg6VA==
age: 74860
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 03 Sep 2022 22:02:57 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
hivcdgw2021.com/
183.111.182.219200 OK 1.0 kB IP 183.111.182.219:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1537), with no line terminators
Hash 21c698d4e9f332e944c570a4fbacb2e1
6c6db55d1e88616c59e1e671b19b42a4234dea63
00eb6d9afe4d3664418f80f4d43b9af82836fa228e40bba0a1be81d488ab3bc4
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: hivcdgw2021.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:02:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sat, 03 Sep 2022 21:38:16 GMT
Cache-Control: max-age=3600
Expires: Sat, 03 Sep 2022 21:45:45 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: iHvu9hD73KHcQi1zPT8zcErUqTQHPnNYoQV0WZIsMQGFD3es3YmvZg==
Age: 1482
hivcdgw2021.com/cupid.js
183.111.182.219200 OK 8.4 kB IP 183.111.182.219:0
File type ASCII text, with CRLF line terminators
Hash 5dc5ae4bce2a5630afe9dd1bfa0be9f3
261eb385207274015780c43ee9943dd03d08030d
7b221c4536b512abecce0e8227625dca0dc48271663a0d189fe8cc9aff022e95
Analyzer Verdict Alert fortinet Phishing
GET /cupid.js HTTP/1.1
Host: hivcdgw2021.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hivcdgw2021.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:02:58 GMT
Content-Type: application/x-javascript
Last-Modified: Fri, 06 Jun 2014 08:06:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"53917668-79c6"
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4fc12f0a98aa28ccb56e0b56d7e40ded
f7efcfb8b4f4aa40268bada3fec380820a70ee35
a34aa9b7db949a583c3f1b4d87fed415a11d119c9615b5e710c3125173f8a277
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4488
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 22:02:58 GMT
Last-Modified: Sat, 03 Sep 2022 20:48:10 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
44.236.232.139101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.236.232.139:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 63E8EkDTgkRZW+T2l/ouGw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: rEA+O6QT0kySLk3irDMDzhRhZxc=
hivcdgw2021.com/?ckattempt=1
183.111.182.219301 Moved Permanently 0 B URL HTTP/1.1 hivcdgw2021.com/?ckattempt=1
IP 183.111.182.219:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /?ckattempt=1 HTTP/1.1
Host: hivcdgw2021.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hivcdgw2021.com/
Cookie: CUPID=e50e9ac43ce1d9e5cb3bb2981a6e35df
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 03 Sep 2022 22:02:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP='NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE'
X-Redirect-By: WordPress
Location: https://hivcdgw2021.com/?ckattempt=1
zerossl.ocsp.sectigo.com/
104.18.32.68200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 104.18.32.68:0
Hash f0085050566bdf61c172bd53ea717d57
7fe5d78e2281e555de89a78554fc37ce2c55792b
69dbd3926b7bfa1ae886b7fd434a25023a42667c591042d54d1315c978344ea7
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Sep 2022 22:02:59 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Fri, 02 Sep 2022 16:43:56 GMT
Expires: Fri, 09 Sep 2022 16:43:55 GMT
Etag: "7fe5d78e2281e555de89a78554fc37ce2c55792b"
Cache-Control: max-age=498655,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7451c5d94da4b50f-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3990
Expires: Sat, 03 Sep 2022 23:09:29 GMT
Date: Sat, 03 Sep 2022 22:02:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3990
Expires: Sat, 03 Sep 2022 23:09:29 GMT
Date: Sat, 03 Sep 2022 22:02:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3990
Expires: Sat, 03 Sep 2022 23:09:29 GMT
Date: Sat, 03 Sep 2022 22:02:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3990
Expires: Sat, 03 Sep 2022 23:09:29 GMT
Date: Sat, 03 Sep 2022 22:02:59 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e53e5b7-d429-4f33-bd77-ce946421df55.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e53e5b7-d429-4f33-bd77-ce946421df55.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 60769237af4f32c663d494d91a672d08
31305131f340191799484f212e15513bd1204e88
6df36e459f3a2d0271732b645009b116e6671363f6c3050d22bbfe2d911a77bd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e53e5b7-d429-4f33-bd77-ce946421df55.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4994
x-amzn-requestid: de39357f-d378-4bb8-b4d9-7dd4f82fbb58
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xgj-kEHvoAMFyBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6309b390-119fa01e254e89cb39a1b794;Sampled=0
x-amzn-remapped-date: Sat, 27 Aug 2022 06:02:56 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: V6_bFwCNNOb2sZgOQJ8NekZD0pbYwclTg17YlQjCIdKFKGuzfDR0nQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 03:42:03 GMT
age: 66056
etag: "31305131f340191799484f212e15513bd1204e88"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2e13cf1-38c2-4f82-a50c-b409a24f3af6.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2e13cf1-38c2-4f82-a50c-b409a24f3af6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4cb62c7c522b71c62a97630d8330ef5
950611314b81428b3d80ff8659272cc800cf48b6
3fd0bbf8a1fe8776136d611d6b99b909b71e6af3a13f8794338af2f0026b59ff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa2e13cf1-38c2-4f82-a50c-b409a24f3af6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7975
x-amzn-requestid: 5ed9a360-5a7f-427a-a750-bd8f25214909
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XwpOBEpjIAMFzXQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63102259-4b9d2f6e61cc186f78718168;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 03:09:13 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: BU7CFrnTBhvyqoRVp1t-e_ZErBnJA9l4qGkmxOQd10W48IzyIFGFZw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 03:46:11 GMT
age: 65808
etag: "950611314b81428b3d80ff8659272cc800cf48b6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 955f2a35bd6b3802670e7fa8a7cda833
4c70d27f7c51b7fcae1d8a883bfc2e67a551ae6c
2fb517039f0704d2f6fe2fa78eae47c71c645add1c2276f8726248184ae45760
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10435
x-amzn-requestid: 813ec4ca-243d-46cb-a6a6-8ec58e5dd9f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzLjdHwnIAMFhzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112615-4733cfb83cf0e8734abc5716;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:37:25 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: GHd4FOjIO1OP7wSOVcnOryE5ux4hlr_kC0dfJs3LqgQUbxMzuFxc1A==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 21:37:28 GMT
age: 1531
etag: "4c70d27f7c51b7fcae1d8a883bfc2e67a551ae6c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8cc83cf-4aef-486b-b775-ed3cb57c8e2a.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8cc83cf-4aef-486b-b775-ed3cb57c8e2a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d0c1e7f6c9e17585905fdbe9ae4da50b
67192f5be476ac4dada66dc9fbe26469d62e2d78
21ca880b36bbb7791f8df2bf9830f11a960692123dd6dde5be42bda004dc428b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8cc83cf-4aef-486b-b775-ed3cb57c8e2a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9642
x-amzn-requestid: 52c698d7-6419-4614-9c53-68a265266337
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzLjbEvgoAMFkKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112615-547a72850cce71da013383f5;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:37:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oVfkruFcbhPNTkqfmxD_WTeDE8aTAT8Vg3fI3IFZm9umunJ8pCE1GQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 23:06:54 GMT
age: 82565
etag: "67192f5be476ac4dada66dc9fbe26469d62e2d78"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 23b580e2b673257d24b9c2e80c4c48ce
f3a3d835a37f9b23e7458f9b7bc721bc415b61cc
c0e3559fde3dd08cdbd360f39dddcc98dd7c1b3aebd0861cc07105872a116d11
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7501
x-amzn-requestid: bf297fc4-9164-45ee-bfab-06761a52e3ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X2eMJEP1IAMFdpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312771a-6b3e6416133d67a83d8a1469;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 21:35:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: datd5eYK6nOAUdEpy_y4gcqsVmCqjP4qhzTnlJ9pSrquoYk2PPugTA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 07:33:27 GMT
age: 52172
etag: "f3a3d835a37f9b23e7458f9b7bc721bc415b61cc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc55d0c73-4085-42ac-acb4-1ae9b2ffb393.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc55d0c73-4085-42ac-acb4-1ae9b2ffb393.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c199f7fc2a2857dec134bfdb2673e28c
af3989072b658e2de119d006ae4ca1703468913d
e57411ba0221f6ffa7baf7c374ec790959a66d6a683fad40883ef01cf67e35c3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc55d0c73-4085-42ac-acb4-1ae9b2ffb393.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6976
x-amzn-requestid: da379546-9525-4e13-b9f0-a6446839df66
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X2eNeG7kIAMF4-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63127722-37399f67565b06e7111095cd;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 21:35:30 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: alcmiW5Cb3Z96RJNXfz4F54HNERbyV71Q8hqVuNEOTUc48kItzlfHQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 21:49:53 GMT
age: 786
etag: "af3989072b658e2de119d006ae4ca1703468913d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
hivcdgw2021.com/?ckattempt=1
183.111.182.219200 OK 1.0 kB URL HTTP/1.1 hivcdgw2021.com/?ckattempt=1
IP 183.111.182.219:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1538), with no line terminators
Hash 74b38b257d4a813f360c92e6357d0f16
a9af714e0259820bd2747e1d2bc9a5b8dcb95c35
d9e90d4c7f72dfa7c2697f02c98af0bda6156e92e5da9c705720be12968838de
Analyzer Verdict Alert fortinet Phishing
GET /?ckattempt=1 HTTP/1.1
Host: hivcdgw2021.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://hivcdgw2021.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:02:59 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Encoding: gzip
hivcdgw2021.com/cupid.js
183.111.182.219200 OK 8.4 kB IP 183.111.182.219:0
File type ASCII text, with CRLF line terminators
Hash 5dc5ae4bce2a5630afe9dd1bfa0be9f3
261eb385207274015780c43ee9943dd03d08030d
7b221c4536b512abecce0e8227625dca0dc48271663a0d189fe8cc9aff022e95
Analyzer Verdict Alert fortinet Phishing
GET /cupid.js HTTP/1.1
Host: hivcdgw2021.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hivcdgw2021.com/?ckattempt=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:03:00 GMT
Content-Type: application/x-javascript
Last-Modified: Fri, 06 Jun 2014 08:06:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"53917668-79c6"
Content-Encoding: gzip
hivcdgw2021.com/?ckattempt=2
183.111.182.219200 OK 5.6 kB URL HTTP/1.1 hivcdgw2021.com/?ckattempt=2
IP 183.111.182.219:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1746)
Hash d282799ae2e2722a5d40c27ef2ff72d3
d8c912ad2b2772d022aca961ecad10b099e01367
365a113d403d423b193ba29a53b6dbf33246e7af5dede7ffd99c93fd60a5adc9
Analyzer Verdict Alert fortinet Phishing
GET /?ckattempt=2 HTTP/1.1
Host: hivcdgw2021.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hivcdgw2021.com/?ckattempt=1
Cookie: CUPID=e50e9ac43ce1d9e5cb3bb2981a6e35df
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:03:00 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
P3P: CP='NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE'
Link: <https://hivcdgw2021.com/wp-json/>; rel="https://api.w.org/", <https://hivcdgw2021.com/>; rel=shortlink
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash cc6ea3e01d1d6b8c4b28ff64d3b795a7
017457c6f5a63157102485a956c667aad36d33ef
e6fe903f67363d3e92b929e274f0de7c2f6a15b6df1806198199440ed0fe221e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 22:03:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=G-89R5P08LV1
142.250.74.72200 OK 74 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-89R5P08LV1
IP 142.250.74.72:0
File type ASCII text, with very long lines (15517)
Hash 0915306d9392a6b9731534d9f8009010
3b69656e15caf94a4f962dc8db3579d82e6996b4
0d011bfd0186a9f439cbaa06973b3ceb1fb947a5d99d0867efbd266195c674b9
GET /gtag/js?id=G-89R5P08LV1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hivcdgw2021.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 03 Sep 2022 22:03:01 GMT
expires: Sat, 03 Sep 2022 22:03:01 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 73904
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash cc6ea3e01d1d6b8c4b28ff64d3b795a7
017457c6f5a63157102485a956c667aad36d33ef
e6fe903f67363d3e92b929e274f0de7c2f6a15b6df1806198199440ed0fe221e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 03 Sep 2022 22:03:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
hivcdgw2021.com/2021/wp-content/themes/hivcd2021/fonts/font.css
183.111.182.219200 OK 273 B URL HTTP/1.1 hivcdgw2021.com/2021/wp-content/themes/hivcd2021/fonts/font.css
IP 183.111.182.219:0
Hash 7801da6a093436e92f8eb58eea18cb7c
c8f18c425c626b859289804887da52d1acb01d91
c73578a93c8c0080c683632014ac99823689e7c09558c3cd261c0702305809b6
GET /2021/wp-content/themes/hivcd2021/fonts/font.css HTTP/1.1
Host: hivcdgw2021.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hivcdgw2021.com/?ckattempt=2
Cookie: CUPID=e50e9ac43ce1d9e5cb3bb2981a6e35df
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:03:01 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
P3P: CP='NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE'
Last-Modified: Fri, 26 Nov 2021 07:25:09 GMT
ETag: W/"22b8235-45d-61a08bd5"
Content-Encoding: gzip
hivcdgw2021.com/2021/wp-includes/css/dist/block-library/style.min.css?ver=5.1.14
183.111.182.219200 OK 4.3 kB URL HTTP/1.1 hivcdgw2021.com/2021/wp-includes/css/dist/block-library/style.min.css?ver=5.1.14
IP 183.111.182.219:0
File type ASCII text, with very long lines (25245), with no line terminators
Hash 0c2c7ed3aa8c5a3e8d81b026b7fe076a
e19e0f4816ba4d6b0790ec1c29519df465f5e102
6a430f23913e7cae6be94adbfd5f755932376cffb361662b79c832cde61b76d9
Analyzer Verdict Alert fortinet Phishing
GET /2021/wp-includes/css/dist/block-library/style.min.css?ver=5.1.14 HTTP/1.1
Host: hivcdgw2021.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hivcdgw2021.com/?ckattempt=2
Cookie: CUPID=e50e9ac43ce1d9e5cb3bb2981a6e35df
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:03:01 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
P3P: CP='NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE'
Last-Modified: Tue, 26 Oct 2021 08:32:15 GMT
ETag: W/"2680084-629d-6177bd0f"
Content-Encoding: gzip
hivcdgw2021.com/2021/wp-content/themes/hivcd2021/style.css?ver=1.0.0
183.111.182.219200 OK 12 kB URL HTTP/1.1 hivcdgw2021.com/2021/wp-content/themes/hivcd2021/style.css?ver=1.0.0
IP 183.111.182.219:0
Hash 5a2a9fba9e97bb35f72a03878c6288aa
ebb39c465dad854fc2f186e4e18ff3406cd9d40e
424df82c8c90f4a77907d2f9c4929d24efa1ed264fd555a042b5aca656fc6563
Analyzer Verdict Alert fortinet Phishing
GET /2021/wp-content/themes/hivcd2021/style.css?ver=1.0.0 HTTP/1.1
Host: hivcdgw2021.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hivcdgw2021.com/?ckattempt=2
Cookie: CUPID=e50e9ac43ce1d9e5cb3bb2981a6e35df
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:03:01 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
P3P: CP='NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE'
Last-Modified: Mon, 20 Dec 2021 05:16:17 GMT
ETag: W/"22b80b4-ec3e-61c011a1"
Content-Encoding: gzip
hivcdgw2021.com/2021/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.1
183.111.182.219200 OK 4.0 kB URL HTTP/1.1 hivcdgw2021.com/2021/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.1
IP 183.111.182.219:0
Hash d7985dbd01facaeced53ef10ae4ddf24
be7e4f70010c676b1a9d0355f2ae8d33d887e3a7
230839fe7a62da5c031b9e81db9f774a7fa2de809b28be24e945264a74732143
GET /2021/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.1 HTTP/1.1
Host: hivcdgw2021.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hivcdgw2021.com/?ckattempt=2
Cookie: CUPID=e50e9ac43ce1d9e5cb3bb2981a6e35df
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:03:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
P3P: CP='NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE'
Last-Modified: Mon, 22 Nov 2021 10:41:55 GMT
ETag: W/"284c3ff-3868-619b73f3"
Content-Encoding: gzip
hivcdgw2021.com/2021/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.1
183.111.182.219200 OK 658 B URL HTTP/1.1 hivcdgw2021.com/2021/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.1
IP 183.111.182.219:0
Hash 80929bedaa878181c2a4ce55f2ed6aba
eff84400e5881586baa37133b776813317e638ee
af62bc9b569dfff6d5d49427af6e6cd15855471c20b741bc00fc91263e6ab61f
Analyzer Verdict Alert fortinet Phishing
GET /2021/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.1 HTTP/1.1
Host: hivcdgw2021.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hivcdgw2021.com/?ckattempt=2
Cookie: CUPID=e50e9ac43ce1d9e5cb3bb2981a6e35df
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:03:01 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
P3P: CP='NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE'
Last-Modified: Mon, 22 Nov 2021 10:41:54 GMT
ETag: W/"284c3fb-695-619b73f2"
Content-Encoding: gzip
hivcdgw2021.com/2021/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
183.111.182.219200 OK 4.0 kB URL HTTP/1.1 hivcdgw2021.com/2021/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
IP 183.111.182.219:0
File type ASCII text, with very long lines (9959)
Hash 419dfcd162f9bd3cc6b9fd300745e1cd
5ac35115d28ff266bbab8f3e44dc6b8e23a62352
e9d520ac33d695444a437b0e1d64e86099c078238f5aa157d8148bf34aa7048a
Analyzer Verdict Alert fortinet Phishing
GET /2021/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1
Host: hivcdgw2021.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hivcdgw2021.com/?ckattempt=2
Cookie: CUPID=e50e9ac43ce1d9e5cb3bb2981a6e35df
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:03:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
P3P: CP='NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE'
Last-Modified: Tue, 26 Oct 2021 08:32:07 GMT
ETag: W/"268000d-2748-6177bd07"
Content-Encoding: gzip
hivcdgw2021.com/2021/wp-content/themes/hivcd2021/js/navigation.js?ver=1.0.0
183.111.182.219200 OK 1.2 kB URL HTTP/1.1 hivcdgw2021.com/2021/wp-content/themes/hivcd2021/js/navigation.js?ver=1.0.0
IP 183.111.182.219:0
Hash fa2fdee44612c10c938c98272612666f
bdbbc3b4941fe181ab4551768877c84b8ceec2e8
fd10946aa593e2e29d020f0c4b8c476da4a6c7e2dc089c94eb01b5519c38b482
GET /2021/wp-content/themes/hivcd2021/js/navigation.js?ver=1.0.0 HTTP/1.1
Host: hivcdgw2021.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hivcdgw2021.com/?ckattempt=2
Cookie: CUPID=e50e9ac43ce1d9e5cb3bb2981a6e35df
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:03:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
P3P: CP='NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE'
Last-Modified: Wed, 01 Dec 2021 09:11:59 GMT
ETag: W/"22b80c3-ce8-61a73c5f"
Content-Encoding: gzip
hivcdgw2021.com/2021/wp-includes/js/wp-embed.min.js?ver=5.1.14
183.111.182.219200 OK 745 B URL HTTP/1.1 hivcdgw2021.com/2021/wp-includes/js/wp-embed.min.js?ver=5.1.14
IP 183.111.182.219:0
File type ASCII text, with very long lines (1391), with no line terminators
Hash 7216339146836b57a9f28092c1132949
bc1e7b49da9dcf1ef6384c6784e37dd663aebb24
49f7deae7e5b885b5988421cf8a4cda531ca05aaf3e79c1305bafeeedfc871b0
Analyzer Verdict Alert fortinet Phishing
GET /2021/wp-includes/js/wp-embed.min.js?ver=5.1.14 HTTP/1.1
Host: hivcdgw2021.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hivcdgw2021.com/?ckattempt=2
Cookie: CUPID=e50e9ac43ce1d9e5cb3bb2981a6e35df
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:03:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
P3P: CP='NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE'
Last-Modified: Tue, 26 Oct 2021 08:31:49 GMT
ETag: W/"22b4118-56f-6177bcf5"
Content-Encoding: gzip
hivcdgw2021.com/2021/wp-includes/js/wp-emoji-release.min.js?ver=5.1.14
183.111.182.219200 OK 4.4 kB URL HTTP/1.1 hivcdgw2021.com/2021/wp-includes/js/wp-emoji-release.min.js?ver=5.1.14
IP 183.111.182.219:0
File type ASCII text, with very long lines (9071)
Hash 53aa84aa7979d1a3fd0cb0394c1b6416
5573c7a607bff9795953cdb3385527b83083fb08
9cb42b177c640d8df8718196a1ee994b1249659d9b1d3c8a90e8b3436ebab8ed
GET /2021/wp-includes/js/wp-emoji-release.min.js?ver=5.1.14 HTTP/1.1
Host: hivcdgw2021.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hivcdgw2021.com/?ckattempt=2
Cookie: CUPID=e50e9ac43ce1d9e5cb3bb2981a6e35df
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:03:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
P3P: CP='NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE'
Last-Modified: Tue, 26 Oct 2021 08:31:53 GMT
ETag: W/"22b4170-2eaf-6177bcf9"
Content-Encoding: gzip
hivcdgw2021.com/2021/wp-includes/js/jquery/jquery.js?ver=1.12.4
183.111.182.219200 OK 34 kB URL HTTP/1.1 hivcdgw2021.com/2021/wp-includes/js/jquery/jquery.js?ver=1.12.4
IP 183.111.182.219:0
File type ASCII text, with very long lines (31997)
Hash fdf175d2709961c52539f9f78cd5a1ba
a03951f89e54daad20c0161ef1365b58e859a9fd
57caa36f9f218b75b3fac89c7b09b5378f4e99b4b9d12111e834de216078ae06
Analyzer Verdict Alert fortinet Phishing
GET /2021/wp-includes/js/jquery/jquery.js?ver=1.12.4 HTTP/1.1
Host: hivcdgw2021.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hivcdgw2021.com/?ckattempt=2
Cookie: CUPID=e50e9ac43ce1d9e5cb3bb2981a6e35df
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:03:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
P3P: CP='NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE'
Last-Modified: Tue, 26 Oct 2021 08:32:07 GMT
ETag: W/"2680012-17a69-6177bd07"
Content-Encoding: gzip
hivcdgw2021.com/2021/wp-content/themes/hivcd2021/dice/img/R777title.svg
183.111.182.219200 OK 1.2 kB URL HTTP/1.1 hivcdgw2021.com/2021/wp-content/themes/hivcd2021/dice/img/R777title.svg
IP 183.111.182.219:0
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 5c42286001fc58bfa851a2b04989f0b5
2bf149f299b3cfb9c23727f8c78998a54614e85d
3d91c8967337b387934d3903549ceeb09820d02bf89db463fbc06bc3b450046a
Analyzer Verdict Alert fortinet Phishing
GET /2021/wp-content/themes/hivcd2021/dice/img/R777title.svg HTTP/1.1
Host: hivcdgw2021.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hivcdgw2021.com/?ckattempt=2
Cookie: CUPID=e50e9ac43ce1d9e5cb3bb2981a6e35df
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:03:02 GMT
Content-Type: image/svg+xml
Content-Length: 1219
Connection: keep-alive
P3P: CP='NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE'
Last-Modified: Fri, 03 Dec 2021 01:35:14 GMT
ETag: "2ce04a4-4c3-61a97452"
Accept-Ranges: bytes
hivcdgw2021.com/2021/wp-content/themes/hivcd2021/dice/img/checkerHeader4.svg
183.111.182.219200 OK 3.6 kB URL HTTP/1.1 hivcdgw2021.com/2021/wp-content/themes/hivcd2021/dice/img/checkerHeader4.svg
IP 183.111.182.219:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash cd238a4b2368f6f7d08830c18e3ee3c1
7a0ce8873a6719473a2e27b15791a8d5558fc9a4
c0a136439f03cbb63ff40003bce8307edd0c1065da1eb436658ebe9621bc036a
Analyzer Verdict Alert fortinet Phishing
GET /2021/wp-content/themes/hivcd2021/dice/img/checkerHeader4.svg HTTP/1.1
Host: hivcdgw2021.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hivcdgw2021.com/?ckattempt=2
Cookie: CUPID=e50e9ac43ce1d9e5cb3bb2981a6e35df
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:03:02 GMT
Content-Type: image/svg+xml
Content-Length: 3565
Connection: keep-alive
P3P: CP='NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE'
Last-Modified: Mon, 06 Dec 2021 03:54:15 GMT
ETag: "2ce048b-ded-61ad8967"
Accept-Ranges: bytes
hivcdgw2021.com/2021/wp-content/themes/hivcd2021/dice/img/R777Button1.svg
183.111.182.219200 OK 3.3 kB URL HTTP/1.1 hivcdgw2021.com/2021/wp-content/themes/hivcd2021/dice/img/R777Button1.svg
IP 183.111.182.219:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (3093)
Hash 18ea8f9f1c2a74a94efdf0418b0922d6
1d6ddaf1ec94bbefd590d4e27766e8a0773fba50
2a38bd75f7dd206bd789d3409813b1edd7d83d0f5ccf5e085b641f0ddce077d9
Analyzer Verdict Alert fortinet Phishing
GET /2021/wp-content/themes/hivcd2021/dice/img/R777Button1.svg HTTP/1.1
Host: hivcdgw2021.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hivcdgw2021.com/?ckattempt=2
Cookie: CUPID=e50e9ac43ce1d9e5cb3bb2981a6e35df
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:03:02 GMT
Content-Type: image/svg+xml
Content-Length: 3287
Connection: keep-alive
P3P: CP='NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE'
Last-Modified: Fri, 03 Dec 2021 01:35:13 GMT
ETag: "2ce049b-cd7-61a97451"
Accept-Ranges: bytes
region1.google-analytics.com/g/collect?v=2&tid=G-89R5P08LV1>m=2oe8v0&_p=1374272664&cid=634577644.1662242580&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662242579&sct=1&seg=0&dl=https%3A%2F%2Fhivcdgw2021.com%2F%3Fckattempt%3D2&dr=https%3A%2F%2Fhivcdgw2021.com%2F%3Fckattempt%3D1&dt=%ED%99%8D%EC%9D%B5%EB%8C%80%ED%95%99%EA%B5%90%20%EC%8B%9C%EA%B0%81%EB%94%94%EC%9E%90%EC%9D%B8%EA%B3%BC%20%EC%A1%B8%EC%97%85%EC%A3%BC%EA%B0%84%202021%20%7C%20R777&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-89R5P08LV1>m=2oe8v0&_p=1374272664&cid=634577644.1662242580&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662242579&sct=1&seg=0&dl=https%3A%2F%2Fhivcdgw2021.com%2F%3Fckattempt%3D2&dr=https%3A%2F%2Fhivcdgw2021.com%2F%3Fckattempt%3D1&dt=%ED%99%8D%EC%9D%B5%EB%8C%80%ED%95%99%EA%B5%90%20%EC%8B%9C%EA%B0%81%EB%94%94%EC%9E%90%EC%9D%B8%EA%B3%BC%20%EC%A1%B8%EC%97%85%EC%A3%BC%EA%B0%84%202021%20%7C%20R777&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-89R5P08LV1>m=2oe8v0&_p=1374272664&cid=634577644.1662242580&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662242579&sct=1&seg=0&dl=https%3A%2F%2Fhivcdgw2021.com%2F%3Fckattempt%3D2&dr=https%3A%2F%2Fhivcdgw2021.com%2F%3Fckattempt%3D1&dt=%ED%99%8D%EC%9D%B5%EB%8C%80%ED%95%99%EA%B5%90%20%EC%8B%9C%EA%B0%81%EB%94%94%EC%9E%90%EC%9D%B8%EA%B3%BC%20%EC%A1%B8%EC%97%85%EC%A3%BC%EA%B0%84%202021%20%7C%20R777&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hivcdgw2021.com
Connection: keep-alive
Referer: https://hivcdgw2021.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://hivcdgw2021.com
date: Sat, 03 Sep 2022 22:03:02 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
hivcdgw2021.com/2021/wp-content/themes/hivcd2021/dice/bundle.js
183.111.182.219200 OK 663 kB URL HTTP/1.1 hivcdgw2021.com/2021/wp-content/themes/hivcd2021/dice/bundle.js
IP 183.111.182.219:0
File type ASCII text, with very long lines (12573)
Size 663 kB (662800 bytes)
Hash 05624fd6cc43759024100b2a3fe60c7c
71f550f91015e98d91f55f512c1fef3e1635d78a
bfb3e77ca155fbf2489dec85808f7cef9c2dd3598b5f93ce6a3cb08f3aff80e4
Analyzer Verdict Alert fortinet Phishing
GET /2021/wp-content/themes/hivcd2021/dice/bundle.js HTTP/1.1
Host: hivcdgw2021.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hivcdgw2021.com/?ckattempt=2
Cookie: CUPID=e50e9ac43ce1d9e5cb3bb2981a6e35df
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:03:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
P3P: CP='NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE'
Last-Modified: Sun, 05 Dec 2021 12:09:45 GMT
ETag: W/"25600c3-35d41a-61acac09"
Content-Encoding: gzip
hivcdgw2021.com/2021/wp-content/themes/hivcd2021/fonts/AppleSDGothicNeoL.woff
183.111.182.219200 OK 212 kB URL HTTP/1.1 hivcdgw2021.com/2021/wp-content/themes/hivcd2021/fonts/AppleSDGothicNeoL.woff
IP 183.111.182.219:0
File type Web Open Font Format, TrueType, length 211740, version 1.0\012- data
Size 212 kB (211740 bytes)
Hash 5ca8297de950620a2aa409a4685d2202
07286b936796052015ec78a0321f8c47bb06e94a
34d85b323d4feb0f65605fb07174f4a6600301356c41c0d711213896e860aded
Analyzer Verdict Alert fortinet Phishing
GET /2021/wp-content/themes/hivcd2021/fonts/AppleSDGothicNeoL.woff HTTP/1.1
Host: hivcdgw2021.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://hivcdgw2021.com/2021/wp-content/themes/hivcd2021/fonts/font.css
Cookie: CUPID=e50e9ac43ce1d9e5cb3bb2981a6e35df
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:03:02 GMT
Content-Type: application/x-font-woff
Content-Length: 211740
Connection: keep-alive
P3P: CP='NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE'
Last-Modified: Mon, 22 Nov 2021 02:41:17 GMT
ETag: "22b8352-33b1c-619b034d"
Accept-Ranges: bytes
hivcdgw2021.com/2021/wp-content/themes/hivcd2021/dice/ammo/ammo.wasm.js
183.111.182.219200 OK 48 kB URL HTTP/1.1 hivcdgw2021.com/2021/wp-content/themes/hivcd2021/dice/ammo/ammo.wasm.js
IP 183.111.182.219:0
File type ASCII text, with very long lines (605)
Hash 0141ac5eca6f10c2c3aacf3539586edf
485dfb7377b84835f852b5188016345572b9de8b
cb0b1e539c79fc297d6f6d13d41a1164f69f3bb5ca74901fe9c81b34f26c7367
Analyzer Verdict Alert fortinet Phishing
GET /2021/wp-content/themes/hivcd2021/dice/ammo/ammo.wasm.js HTTP/1.1
Host: hivcdgw2021.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hivcdgw2021.com/?ckattempt=2
Cookie: CUPID=e50e9ac43ce1d9e5cb3bb2981a6e35df; _ga_89R5P08LV1=GS1.1.1662242579.1.0.1662242579.0.0.0; _ga=GA1.1.634577644.1662242580
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:03:03 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
P3P: CP='NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE'
Last-Modified: Fri, 03 Dec 2021 01:35:13 GMT
ETag: W/"2c4415b-60227-61a97451"
Content-Encoding: gzip
hivcdgw2021.com/2021/wp-content/themes/hivcd2021/fonts/SuisseIntl-Light-WebS.woff
183.111.182.219200 OK 22 kB URL HTTP/1.1 hivcdgw2021.com/2021/wp-content/themes/hivcd2021/fonts/SuisseIntl-Light-WebS.woff
IP 183.111.182.219:0
File type Web Open Font Format, TrueType, length 21890, version 2.500\012- data
Hash 4007d132db6f1e85c725790a48ce0bf6
a163ac09311d62e54cfe4064c7917c4b2d0a056d
02ceb8ffd2a5ec74fa0eaafa150c9952d79a33992f95f58b72f004b0d76289bf
Analyzer Verdict Alert fortinet Phishing
GET /2021/wp-content/themes/hivcd2021/fonts/SuisseIntl-Light-WebS.woff HTTP/1.1
Host: hivcdgw2021.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://hivcdgw2021.com/2021/wp-content/themes/hivcd2021/fonts/font.css
Cookie: CUPID=e50e9ac43ce1d9e5cb3bb2981a6e35df; _ga_89R5P08LV1=GS1.1.1662242579.1.0.1662242579.0.0.0; _ga=GA1.1.634577644.1662242580
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:03:03 GMT
Content-Type: application/x-font-woff
Content-Length: 21890
Connection: keep-alive
P3P: CP='NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE'
Last-Modified: Thu, 18 Nov 2021 07:05:16 GMT
ETag: "22b8234-5582-6195fb2c"
Accept-Ranges: bytes
hivcdgw2021.com/2021/wp-content/themes/hivcd2021/imgs/favicon-16x16.png
183.111.182.219200 OK 1.3 kB URL HTTP/1.1 hivcdgw2021.com/2021/wp-content/themes/hivcd2021/imgs/favicon-16x16.png
IP 183.111.182.219:0
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash 29ce11b810ef322ee7d6908bfb900eea
ca95c3f840582d53c6cd57bb967542c0feddc9ef
c0c540661b9fd0f0e31f9087139f877432c93e357b4409c72d0f26c0e0073cdb
GET /2021/wp-content/themes/hivcd2021/imgs/favicon-16x16.png HTTP/1.1
Host: hivcdgw2021.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hivcdgw2021.com/?ckattempt=2
Cookie: CUPID=e50e9ac43ce1d9e5cb3bb2981a6e35df; _ga_89R5P08LV1=GS1.1.1662242579.1.0.1662242579.0.0.0; _ga=GA1.1.634577644.1662242580
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:03:04 GMT
Content-Type: image/png
Content-Length: 1344
Connection: keep-alive
P3P: CP='NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE'
Last-Modified: Thu, 02 Dec 2021 06:26:05 GMT
ETag: "2d00496-540-61a866fd"
Accept-Ranges: bytes
hivcdgw2021.com/2021/wp-content/themes/hivcd2021/imgs/android-icon-192x192.png
183.111.182.219200 OK 12 kB URL HTTP/1.1 hivcdgw2021.com/2021/wp-content/themes/hivcd2021/imgs/android-icon-192x192.png
IP 183.111.182.219:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 9884740af7cf851f00b1fb3122fe9d51
7956ea4c849a5bd81304c9bae99e984889f766a1
ec97bef09e4a4de750e82a6c166037e84d3e9d7c2f5f478dfb96749739c69de5
GET /2021/wp-content/themes/hivcd2021/imgs/android-icon-192x192.png HTTP/1.1
Host: hivcdgw2021.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hivcdgw2021.com/?ckattempt=2
Cookie: CUPID=e50e9ac43ce1d9e5cb3bb2981a6e35df; _ga_89R5P08LV1=GS1.1.1662242579.1.0.1662242579.0.0.0; _ga=GA1.1.634577644.1662242580
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:03:04 GMT
Content-Type: image/png
Content-Length: 11910
Connection: keep-alive
P3P: CP='NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE'
Last-Modified: Thu, 02 Dec 2021 06:26:05 GMT
ETag: "2d00482-2e86-61a866fd"
Accept-Ranges: bytes
hivcdgw2021.com/2021/wp-content/themes/hivcd2021/dice/ammo/ammo.wasm.wasm
183.111.182.219200 OK 255 kB URL HTTP/1.1 hivcdgw2021.com/2021/wp-content/themes/hivcd2021/dice/ammo/ammo.wasm.wasm
IP 183.111.182.219:0
File type WebAssembly (wasm) binary module version 0x1 (MVP)\012- data
Size 255 kB (255345 bytes)
Hash d85fe31efe295ff7c49cf15fc372b45c
33a91dbc982441c1d657e99425d0dd400cbc4612
3996e024f1e55de53b59a5696ae96f049c35ebfabc5d734d94b85e622a703710
Analyzer Verdict Alert fortinet Phishing
GET /2021/wp-content/themes/hivcd2021/dice/ammo/ammo.wasm.wasm HTTP/1.1
Host: hivcdgw2021.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hivcdgw2021.com/?ckattempt=2
Connection: keep-alive
Cookie: CUPID=e50e9ac43ce1d9e5cb3bb2981a6e35df; _ga_89R5P08LV1=GS1.1.1662242579.1.0.1662242579.0.0.0; _ga=GA1.1.634577644.1662242580
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2022 22:03:04 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
P3P: CP='NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE'
Last-Modified: Fri, 03 Dec 2021 01:35:13 GMT
ETag: W/"2c44157-9f07a-61a97451"
Content-Encoding: gzip