uk-fastburgfries.lp.ohyousweeps.com/
143.204.55.15301 Moved Permanently 167 B URL HTTP/1.1 uk-fastburgfries.lp.ohyousweeps.com/
IP 143.204.55.15:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: uk-fastburgfries.lp.ohyousweeps.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Mon, 28 Nov 2022 08:22:15 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://uk-fastburgfries.lp.ohyousweeps.com/
X-Cache: Redirect from cloudfront
Via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: DlN5iZKmPJa38qrgwaFPvpHzOnANStcz7vB3huEHWBwJXPtpHZViwg==
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cdbad2434b7d127a4fc769807a9dc3e7
fa98cd9fc2309ab4423f33f683d17bdb17d76713
560cbbb751ab2884024da3b93fba6bc45c6434797dba72a98c05e7fc2bb94bc1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14416
Expires: Mon, 28 Nov 2022 12:22:32 GMT
Date: Mon, 28 Nov 2022 08:22:16 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 64b2a23eab6e5ae8c010ec7242be930c
0673e4385ba01a5a245711bab96cafc34f765793
64751d193f7af72431e9689581faffcae1a30ff50ea425697b2b80ff61c87909
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 986
Cache-Control: max-age=95123
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:22:16 GMT
Etag: "63833c71-1d7"
Expires: Tue, 29 Nov 2022 10:47:39 GMT
Last-Modified: Sun, 27 Nov 2022 10:31:13 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 567df7db606cf5d0871aa5bc9311b6da
4263faac7cbab2fcaf6661911dcad5091c06be17
e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 28 Nov 2022 08:19:32 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 164
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 71f9c681a82440fd55e76c780a20e55d
3147768cfbcdd06e0c6e69684292e68e99917a80
5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2449
Expires: Mon, 28 Nov 2022 09:03:05 GMT
Date: Mon, 28 Nov 2022 08:22:16 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: GN4P9pHWTlw0G0KJMOLAy9yoY9UvQC0ipF5j/MGJA0IZJLFBd8MLpva+PPIe+twCGkWUoru+7X8=
x-amz-request-id: DKWKZEVV41ST759X
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 28 Nov 2022 07:41:58 GMT
age: 2418
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 08:22:16 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash 4d21af18149024ff5f503a659ab4e12c
464a25577eee1ae0c16c2e8bac4283037f79a10d
37c2dfab6d267c5181bac1ff2046c04bc6a9a953c1c818a0940ed80e752758c7
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=90521
Date: Mon, 28 Nov 2022 08:22:16 GMT
Etag: "63832e51-1d7"
Expires: Tue, 29 Nov 2022 09:30:57 GMT
Last-Modified: Sun, 27 Nov 2022 09:30:57 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: yv21zy1hdBTzDuVl5BBa0MIlz5y8nP61wuhSPi4aOxC9D-FHUiFOtg==
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash c621d4c62f1b73d7db42f083617dc8db
1a78ba537afba7aea6308288c5c41c90de74b3ba
d7b3c5b2e9ea4ad8e5c33649a912d471545651f643b62238beb7d33188146322
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 437
Cache-Control: max-age=130206
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:22:16 GMT
Etag: "6383c7a1-118"
Expires: Tue, 29 Nov 2022 20:32:22 GMT
Last-Modified: Sun, 27 Nov 2022 20:25:05 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2620cb440711056d80ec6ee6a4101116
0de0450475dd899906c36956881f9db5ecad90fd
9a84a21b1cb5e13c925b144beef55b87669a02836087e1a9cf74fa4964ef43f4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5690
Cache-Control: max-age=87239
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:22:16 GMT
Etag: "63830b45-117"
Expires: Tue, 29 Nov 2022 08:36:15 GMT
Last-Modified: Sun, 27 Nov 2022 07:01:25 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 279
cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular-sanitize.min.js
104.17.24.14200 OK 2.7 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular-sanitize.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (1253)
Hash 025d2eaf19c48f83eeb6368c60839484
4fa72f281c2b33fe0dece1ddf6cbe7fc2d27b18b
c740dd02a6a218bcc30200e2e1ce78b635b30907ee1f4239a21b3706d81b6a29
GET /ajax/libs/angular.js/1.5.8/angular-sanitize.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:22:16 GMT
content-type: application/javascript; charset=utf-8
content-length: 2728
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03d27-16e5"
last-modified: Mon, 04 May 2020 16:04:55 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 5242775
expires: Sat, 18 Nov 2023 08:22:16 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G3rEqjwkqRXzZpCkxhPxMdoCXQjKDEwqNbCS9MsBCC5xJpvI0jVb3MHWKhFH0fl5n%2BlSBq%2B5udsldRFW3ABxLlRm1FEzH7o1et7HyDldbptpTdCwhGEWH8tOh5ALk42np0OjxUge"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7711b1e0bcf4b4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
uk-fastburgfries.lp.ohyousweeps.com/js/flowpage.min.js?rel=1669370744766
143.204.55.115200 OK 221 kB URL HTTP/2 uk-fastburgfries.lp.ohyousweeps.com/js/flowpage.min.js?rel=1669370744766
IP 143.204.55.115:0
Size 221 kB (221236 bytes)
Hash 45142142f9aec9d19b65572364fae292
f089e291df4e0485f323795227c4677d93df0ad5
587d248614acab95216790bd63042542c5463f874aee8f029d123bc1b48c4268
Analyzer Verdict Alert fortinet Phishing
GET /js/flowpage.min.js?rel=1669370744766 HTTP/1.1
Host: uk-fastburgfries.lp.ohyousweeps.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
server: nginx
date: Mon, 28 Nov 2022 08:21:35 GMT
last-modified: Mon, 28 Nov 2022 08:13:24 GMT
etag: W/"63846da4-ca4a5"
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Myaccvm_9oT-GnCW66Yno244wByjhQyW-rB5Lm5ZAZ0UU1FwQ-gu3A==
age: 41
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/postscribe/2.0.6/postscribe.min.js
104.17.24.14200 OK 5.0 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/postscribe/2.0.6/postscribe.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (17117)
Hash c418dbc7ffcf6d7874db7ce864797577
7b2351ed37568cb0a9edf82c5fea0a4c1b9fe161
2c571556f8548fcea79358c058c978e076a37d2053ff7e5424f30a26ddd00b68
GET /ajax/libs/postscribe/2.0.6/postscribe.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:22:16 GMT
content-type: application/javascript; charset=utf-8
content-length: 4996
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03faa-43d5"
last-modified: Mon, 04 May 2020 16:15:38 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1081744
expires: Sat, 18 Nov 2023 08:22:16 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FzKJqkGJglBlqFk7FcjAZxN25FvLoLEm2vwp73g7AborIo0DPExbIiLuR6NpydFN0hkTI%2BqrqEHP%2FAirwKZ4AbZ6z8DjSkqjbwEjRTO2vvrEa9KJlmPQF0%2BoMpnl2SriMR0xZjIX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7711b1e0ccf8b4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash c621d4c62f1b73d7db42f083617dc8db
1a78ba537afba7aea6308288c5c41c90de74b3ba
d7b3c5b2e9ea4ad8e5c33649a912d471545651f643b62238beb7d33188146322
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 437
Cache-Control: max-age=130206
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:22:16 GMT
Etag: "6383c7a1-118"
Expires: Tue, 29 Nov 2022 20:32:22 GMT
Last-Modified: Sun, 27 Nov 2022 20:25:05 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash dfc6d93c89faf83ac654cd676c02764d
ce10d3ff46b50f22f7f79a7df65b0b7a6ddb741d
83947c7c69062338e3712fe76a493a2798aa2d1f63709eac14ba908d71080dd0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:22:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.1/moment.min.js
104.17.24.14200 OK 17 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.1/moment.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (58823)
Hash 48342f85265e1ef95883b48352d8a901
4aca39aa1a6059cd73a3c6c8e8db6e704d5f6172
8d42979137cc37cb51593048aa96e73d7035948b75d4152fcd352052fb3c49ed
GET /ajax/libs/moment.js/2.29.1/moment.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://uk-fastburgfries.lp.ohyousweeps.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:22:16 GMT
content-type: application/javascript; charset=utf-8
content-length: 16919
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5f7c5ca4-e5ee"
last-modified: Tue, 06 Oct 2020 12:01:40 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1522098
expires: Sat, 18 Nov 2023 08:22:16 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uP6c40%2FhGade7lgsyE2RQFDWkyBkQgKPMoy9ac%2BeQLV%2BElphLau%2Fj%2FhzR6UAqFmqlFiEzfUStNEPe7buuzzkEpGi17fG1Ywo7HZCtneKjzU%2FfNV5TLU5JXVth31YsJFf%2Fd3g8o1%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7711b1e109bcb523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash dfc6d93c89faf83ac654cd676c02764d
ce10d3ff46b50f22f7f79a7df65b0b7a6ddb741d
83947c7c69062338e3712fe76a493a2798aa2d1f63709eac14ba908d71080dd0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:22:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash c621d4c62f1b73d7db42f083617dc8db
1a78ba537afba7aea6308288c5c41c90de74b3ba
d7b3c5b2e9ea4ad8e5c33649a912d471545651f643b62238beb7d33188146322
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4987
Cache-Control: max-age=134756
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:22:16 GMT
Etag: "6383c7a1-118"
Expires: Tue, 29 Nov 2022 21:48:12 GMT
Last-Modified: Sun, 27 Nov 2022 20:25:05 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 280
cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/animate.min.css
104.17.24.14200 OK 4.2 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/animate.min.css
IP 104.17.24.14:0
File type ASCII text, with very long lines (65348)
Hash eefc9abe5bc10d658a2393a70d052566
dd49deafcd3ebe1306cda0b843f2da265f8a90e1
6011c33e447455e96e1d4926b0e15ca399eb993163a8e5ee0c523947396d66c3
GET /ajax/libs/animate.css/4.1.1/animate.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:22:16 GMT
content-type: text/css; charset=utf-8
content-length: 4216
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5f5628a2-11846"
last-modified: Mon, 07 Sep 2020 12:33:38 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2780544
expires: Sat, 18 Nov 2023 08:22:16 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p8IYuLNeYNboJSDtKyDD4LUP8QL3v5tZy8vaAuhbYFDCIHayQQOYd1%2F9xnl5GTqN0oC4N%2FFlLXpAh4WQfzCez8cfiMwBxUwlrXvRiZHLY3auvr%2FdbXYaEpvD8fjSMOSusMtPZOks"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7711b1e10d39b4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/angularjs/1.5.8/angular.min.js
142.250.74.170200 OK 57 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/angularjs/1.5.8/angular.min.js
IP 142.250.74.170:0
File type ASCII text, with very long lines (639)
Hash 16abe8134746c9d66a3436006e47a3d1
eef0f59e50cd12a6a19b2d95ea448d0dbc96672a
93fc080850df170ab2a705d758b118b030545c1b6b3240d085a477ea4dfdde9c
GET /ajax/libs/angularjs/1.5.8/angular.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 56572
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 25 Nov 2022 23:43:26 GMT
expires: Sat, 25 Nov 2023 23:43:26 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 203930
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 2975be1a24010f9ae650d5944c970895
b3ec16a234325cdf7dd26a3cea299a94dc66aef3
0b7ff76813822f9de5c7f9f0424b0fac38a4c0b905bef90c4f25a99f7475a266
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=120415
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:22:16 GMT
Etag: "6383a317-118"
Expires: Tue, 29 Nov 2022 17:49:11 GMT
Last-Modified: Sun, 27 Nov 2022 17:49:11 GMT
Server: nginx
Content-Length: 280
ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js
142.250.74.170200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js
IP 142.250.74.170:0
File type ASCII text, with very long lines (32014)
Hash 28f3d6d8267f129fc0f17d06cf79d668
c115b6f5777693610e4badea0bb3d3093a4d8e0a
6fe4b034f874ace44678689986c0918e5100ba85ba89a59dc2ab237cc20c4214
GET /ajax/libs/jquery/3.1.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30211
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 21:33:59 GMT
expires: Wed, 22 Nov 2023 21:33:59 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 470897
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 6b4620c230107c4a41a550936ae73d30
41c55d76d7fec5f9e9b6b41c63be76039ab51d7b
84323dcb2bf41d37624d351e7102832e267b2af6772e06575f52012d510ebacb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3779
Cache-Control: max-age=171720
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:22:16 GMT
Etag: "63845cbd-116"
Expires: Wed, 30 Nov 2022 08:04:16 GMT
Last-Modified: Mon, 28 Nov 2022 07:01:17 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 278
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 28 Nov 2022 08:08:55 GMT
cache-control: public,max-age=3600
age: 801
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash dfc6d93c89faf83ac654cd676c02764d
ce10d3ff46b50f22f7f79a7df65b0b7a6ddb741d
83947c7c69062338e3712fe76a493a2798aa2d1f63709eac14ba908d71080dd0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:22:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a6fee11dfe1b88cd768a0ca3e2bd0c89
59cec9a44a4a92467678afe65f347f68641a2174
50870c499aae4d5dfd6df25a36cd04b6d185b66ef0590e46933984bf52e2483f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2823
Cache-Control: max-age=91899
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:22:16 GMT
Etag: "638328ac-1d7"
Expires: Tue, 29 Nov 2022 09:53:55 GMT
Last-Modified: Sun, 27 Nov 2022 09:06:52 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 2975be1a24010f9ae650d5944c970895
b3ec16a234325cdf7dd26a3cea299a94dc66aef3
0b7ff76813822f9de5c7f9f0424b0fac38a4c0b905bef90c4f25a99f7475a266
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=120415
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:22:16 GMT
Etag: "6383a317-118"
Expires: Tue, 29 Nov 2022 17:49:11 GMT
Last-Modified: Sun, 27 Nov 2022 17:49:11 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash cfa608d7bc15a0e340f8bb81349b6021
a53132ce0eb181359fdba44db5a9cd1ac8994143
87755dcc8eb5f0c5dd3c73637c40c3adc9ca46a5fb37776922353e8721c88f3f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=103854
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:22:16 GMT
Etag: "63836266-116"
Expires: Tue, 29 Nov 2022 13:13:10 GMT
Last-Modified: Sun, 27 Nov 2022 13:13:10 GMT
Server: nginx
Content-Length: 278
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:22:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash cfa608d7bc15a0e340f8bb81349b6021
a53132ce0eb181359fdba44db5a9cd1ac8994143
87755dcc8eb5f0c5dd3c73637c40c3adc9ca46a5fb37776922353e8721c88f3f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=103854
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:22:16 GMT
Etag: "63836266-116"
Expires: Tue, 29 Nov 2022 13:13:10 GMT
Last-Modified: Sun, 27 Nov 2022 13:13:10 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 278
uk-fastburgfries.lp.ohyousweeps.com/service-worker.js
143.204.55.115200 OK 311 B URL HTTP/2 uk-fastburgfries.lp.ohyousweeps.com/service-worker.js
IP 143.204.55.115:0
Hash f084cc87b7319fb95e82733f0d86b16c
be6175371b3726e65e2b3ae08ce165418cc5e9b6
93a66e6be593ba82e9bcf7150cab00d859d0f189c839048be0d76ce3a394eb57
Analyzer Verdict Alert fortinet Phishing
GET /service-worker.js HTTP/1.1
Host: uk-fastburgfries.lp.ohyousweeps.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 311
server: nginx
date: Sun, 27 Nov 2022 09:12:24 GMT
last-modified: Fri, 25 Nov 2022 10:03:05 GMT
etag: "638092d9-137"
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: o8SfaImgdcQlzknQHOtgYC4xF-xMnwtAv-u4VcFsLdcfUDr7S4J1ZA==
age: 83392
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.163.49.154101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.163.49.154:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vb2tRIbZoY/EbApnieV0OQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: gdzU9Yo1csM9xekKGAWFBTN4Jyo=
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
216.58.207.195200 OK 7.9 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Hash 9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://uk-fastburgfries.lp.ohyousweeps.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 21:48:50 GMT
expires: Thu, 23 Nov 2023 21:48:50 GMT
cache-control: public, max-age=31536000
age: 383606
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:22:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
uk-fastburgfries.lp.ohyousweeps.com/templates/empty/config.json
143.204.55.115200 OK 12 B URL HTTP/2 uk-fastburgfries.lp.ohyousweeps.com/templates/empty/config.json
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 90040e8e63a0c0c1ee1178c7958e8568
e96c1454ae27ca16e0d1256f514a9636f1973982
602e35a92eec4bc0a2ec6ae113f07bfc6933322fb69fe8dee416e5a67217e2a2
Analyzer Verdict Alert fortinet Phishing
GET /templates/empty/config.json HTTP/1.1
Host: uk-fastburgfries.lp.ohyousweeps.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/json
content-length: 12
server: nginx
date: Mon, 28 Nov 2022 08:21:36 GMT
last-modified: Mon, 28 Nov 2022 08:13:25 GMT
etag: "63846da5-c"
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 58JjlERvKYxsLH0xXWRCtegi2u3nh5Edhnaf4Hbqc5GnOe6gdwDOZg==
age: 41
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
216.58.207.195200 OK 7.8 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 7816, version 1.0\012- data
Hash 25b0e113ca7cce3770d542736db26368
cb726212d5d525021752a1d8470a0fb593e0c49e
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
GET /s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://uk-fastburgfries.lp.ohyousweeps.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:30:59 GMT
expires: Thu, 23 Nov 2023 19:30:59 GMT
cache-control: public, max-age=31536000
age: 391878
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
uk-fastburgfries.lp.ohyousweeps.com/templates/productdetailer/images/finish-icon.png
143.204.55.115200 OK 5.0 kB URL HTTP/2 uk-fastburgfries.lp.ohyousweeps.com/templates/productdetailer/images/finish-icon.png
IP 143.204.55.115:0
File type PNG image data, 100 x 129, 8-bit/color RGBA, non-interlaced\012- data
Hash 2121da2d746f6e56175be9e4bc441775
b972d65b5a7e05a100dad1c45ffb800627bc4e3a
6137553a8a5a7f310a8a8a2e5eb3de6f6ad1257803fb1156e4dee18f38cb7bc1
GET /templates/productdetailer/images/finish-icon.png HTTP/1.1
Host: uk-fastburgfries.lp.ohyousweeps.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 5031
server: nginx
date: Mon, 28 Nov 2022 08:21:37 GMT
last-modified: Mon, 28 Nov 2022 08:13:25 GMT
etag: "63846da5-13a7"
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: NHhret26tS7K9lNdCzWAlKopDiAabgm8TttZ_AB5tjv6y5pZh8X47Q==
age: 40
X-Firefox-Spdy: h2
uk-fastburgfries.lp.ohyousweeps.com/templates/productdetailer/images/deliver.png
143.204.55.115200 OK 7.4 kB URL HTTP/2 uk-fastburgfries.lp.ohyousweeps.com/templates/productdetailer/images/deliver.png
IP 143.204.55.115:0
File type PNG image data, 480 x 380, 8-bit/color RGBA, non-interlaced\012- data
Hash ad2a250d519cc9d1f873c64367e19f30
87526e47708e804239bb1a1b980aa5827d27d0f8
8c7dc7c62f2f69c766de6bc0b32c7567cfdd2a7c851df58112f5e35a5b7bf2b8
GET /templates/productdetailer/images/deliver.png HTTP/1.1
Host: uk-fastburgfries.lp.ohyousweeps.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 7436
server: nginx
date: Mon, 28 Nov 2022 08:21:37 GMT
last-modified: Mon, 28 Nov 2022 08:13:25 GMT
etag: "63846da5-1d0c"
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: eLDh4gEFcvBzSTb5QbWw2QT2bt4uUGWqyRfLjtoIwL_cMF1CTjJQLg==
age: 40
X-Firefox-Spdy: h2
uk-fastburgfries.lp.ohyousweeps.com/favicon.ico
143.204.55.115204 No Content 0 B URL HTTP/2 uk-fastburgfries.lp.ohyousweeps.com/favicon.ico
IP 143.204.55.115:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: uk-fastburgfries.lp.ohyousweeps.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Mon, 28 Nov 2022 08:22:17 GMT
x-cache: Miss from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: eNmmMPOb6nnx2J5jufcB9lbsgbehdyDU85tG5hsAHr7Sz6W6HLZ3mQ==
X-Firefox-Spdy: h2
uk-fastburgfries.lp.ohyousweeps.com/templates/empty/teaser-web.html
143.204.55.115200 OK 548 B URL HTTP/2 uk-fastburgfries.lp.ohyousweeps.com/templates/empty/teaser-web.html
IP 143.204.55.115:0
File type exported SGML document, ASCII text
Hash 08be06c819e1378db98538de1fdfc4b7
79b53185d7d006a1369f2934751f7cf9e984e8df
973cb0e8d8ddd82cb9fe9ea4e31f3fc41448c9fe9bee70ba80ef2b2ffdc5968d
Analyzer Verdict Alert fortinet Phishing
GET /templates/empty/teaser-web.html HTTP/1.1
Host: uk-fastburgfries.lp.ohyousweeps.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html
server: nginx
date: Mon, 28 Nov 2022 08:22:17 GMT
last-modified: Mon, 28 Nov 2022 08:13:25 GMT
etag: W/"63846da5-8b7"
content-encoding: br
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 1eBcg4QHX6-6A6uwnXJRZdJl8jEn56rwqVh1WgUjLZcPXSvD_wj3IQ==
X-Firefox-Spdy: h2
uk-fastburgfries.lp.ohyousweeps.com/templates/empty/css/teaser.css
143.204.55.115200 OK 75 kB URL HTTP/2 uk-fastburgfries.lp.ohyousweeps.com/templates/empty/css/teaser.css
IP 143.204.55.115:0
Hash 66483e9368b812b69d75cda72144017d
8064bf670e5ba6863dc26acea5bbb4df4cc321f5
8d75791906587ba0509e635e96e8c5aca819e453712d05d343764cee4dd2be80
GET /templates/empty/css/teaser.css HTTP/1.1
Host: uk-fastburgfries.lp.ohyousweeps.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: nginx
date: Mon, 28 Nov 2022 08:21:37 GMT
last-modified: Mon, 28 Nov 2022 08:13:25 GMT
etag: W/"63846da5-513"
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 7Nu814w3bsuMRXHaZspJx2buQJ7uML7iuTg_YEGttFKoThF74JnMIg==
age: 40
X-Firefox-Spdy: h2
uk-fastburgfries.lp.ohyousweeps.com/%7B%7Bcms.image_2%7D%7D
143.204.55.115200 OK 8.9 kB URL HTTP/2 uk-fastburgfries.lp.ohyousweeps.com/%7B%7Bcms.image_2%7D%7D
IP 143.204.55.115:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (38278)
Hash 04421546e2e7e1b6532456bb93f18c0a
a47dbba47ce38cdf68a900322bcb4058cab2a2a6
96dd709211dc01efa50efc233a83800fe59658d2fb20864ed85a40615b754ae4
Analyzer Verdict Alert fortinet Phishing
GET /%7B%7Bcms.image_2%7D%7D HTTP/1.1
Host: uk-fastburgfries.lp.ohyousweeps.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
server: nginx
date: Mon, 28 Nov 2022 08:22:17 GMT
x-powered-by: PHP/7.3.33
access-control-allow-credentials: true
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: wLwrNAoQuhPb3hJ0tl5eoK2bKZdH7V9A9rbIc_QxbLExD9YwuUkhMQ==
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/57dkwyrvdw
172.64.169.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/57dkwyrvdw
IP 172.64.169.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /register/event_log/57dkwyrvdw HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Origin: https://uk-fastburgfries.lp.ohyousweeps.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:22:17 GMT
content-length: 0
access-control-allow-headers: content-type
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://uk-fastburgfries.lp.ohyousweeps.com
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 1800
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oA0hCBppjM8m5583eVeL8%2B%2BCVnaQ1OQNIrFBrITW5HbRtbd%2BnIcQKQstgVPEzl1ziUiveC%2BQDHnDKBt2W7iM%2Beq%2Bcj8kvRAu0p7HV6A9dcJIWa6NXVgYEqV5oD8i%2Fvq7zaSUXKbk303rRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7711b1e77e217306-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 99fb27a6435a9c2979d6d43ca11a884e
461017d8070af88af05b210710594c6dd117ee9d
4cd9e4c20d2e51241e4b7b4cfe5a467c8f01ffe5949e08fcd51987b8ca40ea07
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=161065
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:22:17 GMT
Etag: "638441e2-118"
Expires: Wed, 30 Nov 2022 05:06:42 GMT
Last-Modified: Mon, 28 Nov 2022 05:06:42 GMT
Server: nginx
Content-Length: 280
im.d-promo.com/upload/1561383747_yellow-banner-en.png
104.21.11.51200 OK 18 kB URL HTTP/2 im.d-promo.com/upload/1561383747_yellow-banner-en.png
IP 104.21.11.51:0
File type PNG image data, 390 x 202, 8-bit/color RGBA, non-interlaced\012- data
Hash 066aef31568da98155418415a9f0fba8
31f9c23162109c2746ebc6669483eb9ec849dec3
6346556c46447018f7c3e32f9e0ee261fa5d524d60872441796a3b7f3707b1f6
GET /upload/1561383747_yellow-banner-en.png HTTP/1.1
Host: im.d-promo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:22:17 GMT
content-type: image/png
content-length: 17965
last-modified: Mon, 24 Jun 2019 13:42:27 GMT
etag: "5d10d343-462d"
access-control-allow-credentials: true
cache-control: max-age=14400
cf-cache-status: HIT
age: 1918
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e4sRMOkPpfOiKdb%2BLOb9rrGemJr7fWoLk%2FgJA5YNPfBmEzqTZ%2BMGOBEiS6LLcwlHmrd9%2BUU0ctO40w5J28%2BydwOPeQiscvApjXjSYk4%2BGipoXUZE%2F08U%2BHluNkG96kw7iw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7711b1e8db73b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/57dkwyrvdw
172.64.169.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/57dkwyrvdw
IP 172.64.169.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /register/event_log/57dkwyrvdw HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json
Origin: https://uk-fastburgfries.lp.ohyousweeps.com
Content-Length: 109
Connection: keep-alive
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:22:17 GMT
content-length: 0
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-pushplatformapp-params:
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
x-frame-options: DENY
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://uk-fastburgfries.lp.ohyousweeps.com
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eaocFw7Tq5mwLHbGKC4f%2Fnex5uFPG1OfW2k%2FGkWnv%2BSQZr7AULV3oLrklx%2BWrrLcFouKndZgTagdoBBRGcn9e3sd4%2BEmG%2Bnq0IEG2vHTqJQu1Z6Oxp0IJhC21sIrq3CGKar82mZk9rOmVw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7711b1e84f127306-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
event.trk-consulatu.com/register/event_log/57dkwyrvdw
172.64.169.3200 OK 0 B URL HTTP/2 event.trk-consulatu.com/register/event_log/57dkwyrvdw
IP 172.64.169.3:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /register/event_log/57dkwyrvdw HTTP/1.1
Host: event.trk-consulatu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/json
Origin: https://uk-fastburgfries.lp.ohyousweeps.com
Content-Length: 148
Connection: keep-alive
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:22:17 GMT
content-length: 0
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
x-pushplatformapp-params:
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
x-frame-options: DENY
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-allow-origin: https://uk-fastburgfries.lp.ohyousweeps.com
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-credentials: true
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O7qLpfXsEwxnYn01PAA9TP7R8ExCfp9BRl7ZRY7G1uQkHa7Bm5Khwx2WmwfTpAJl%2BXVeOQszoAsEQqzC2iZUo%2BfE4%2FI5ZaXPUdq%2Be7fkQFJ%2BsTqumAGyahcCX52KG4ljwGmWkOxRBV%2B%2FPA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7711b1e84f137306-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 99fb27a6435a9c2979d6d43ca11a884e
461017d8070af88af05b210710594c6dd117ee9d
4cd9e4c20d2e51241e4b7b4cfe5a467c8f01ffe5949e08fcd51987b8ca40ea07
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=161065
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:22:17 GMT
Etag: "638441e2-118"
Expires: Wed, 30 Nov 2022 05:06:42 GMT
Last-Modified: Mon, 28 Nov 2022 05:06:42 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 280
ocsp2.globalsign.com/gsalphasha2g2
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.21.226:0
Hash bbfe32ac23aa2e65f358cc27abafaf89
6497fe2d61ec6199414e6b37c7e9f069d0d52a46
608a1c74211c49fc176756f9ab00cbc7c09a21ee99d4a74ac29c9232285c6464
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 08:22:17 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Fri, 02 Dec 2022 05:54:49 GMT
ETag: "6497fe2d61ec6199414e6b37c7e9f069d0d52a46"
Last-Modified: Mon, 28 Nov 2022 05:54:50 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: EXPIRED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7711b1e37db01c0e-OSL
rdroot.com/p.ashx?o=&e=1019&t=&r=
79.125.50.206200 OK 2 B URL HTTP/1.1 rdroot.com/p.ashx?o=&e=1019&t=&r=
IP 79.125.50.206:0
File type ASCII text, with no line terminators
Hash 227dc251e1411f6b6fffcd1c30486f4d
8c71b835789865c9f242316c7ebbdc25cea35b2d
6a4b804705e725b9f4fd4adf6500180b54cc5ddefed460e48d1be724fed155d6
GET /p.ashx?o=&e=1019&t=&r= HTTP/1.1
Host: rdroot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 2
Content-Type: text/plain; charset=utf-8
Date: Mon, 28 Nov 2022 08:22:16 GMT
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection: close
uk-fastburgfries.lp.ohyousweeps.com/templates/surfeyo_2/css/animate.css
143.204.55.115200 OK 7.1 kB URL HTTP/2 uk-fastburgfries.lp.ohyousweeps.com/templates/surfeyo_2/css/animate.css
IP 143.204.55.115:0
Hash fa4ebdb93fa50be2a2c60075ffbb74c5
815f8a285d6475585fc32b091c63473ce754557c
b0ccadb7494f28e19cc29e7c979bad6320092e3761c2077b9b54fd1ccf63266c
GET /templates/surfeyo_2/css/animate.css HTTP/1.1
Host: uk-fastburgfries.lp.ohyousweeps.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: nginx
date: Mon, 28 Nov 2022 08:21:37 GMT
last-modified: Mon, 28 Nov 2022 08:13:25 GMT
etag: W/"63846da5-1252b"
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 3hf-05ksuqhAm4fvxlxEb1GV4FyO0WjtMdSnKmHzX4cUqd7kiiCI4w==
age: 40
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5066
Expires: Mon, 28 Nov 2022 09:46:44 GMT
Date: Mon, 28 Nov 2022 08:22:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5066
Expires: Mon, 28 Nov 2022 09:46:44 GMT
Date: Mon, 28 Nov 2022 08:22:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5066
Expires: Mon, 28 Nov 2022 09:46:44 GMT
Date: Mon, 28 Nov 2022 08:22:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5066
Expires: Mon, 28 Nov 2022 09:46:44 GMT
Date: Mon, 28 Nov 2022 08:22:18 GMT
Connection: keep-alive
uk-fastburgfries.lp.ohyousweeps.com/%7B%7Bcms.image_4%7D%7D
143.204.55.115200 OK 18 kB URL HTTP/2 uk-fastburgfries.lp.ohyousweeps.com/%7B%7Bcms.image_4%7D%7D
IP 143.204.55.115:0
Hash d0dd44c09129f687f7cc6d26389df06f
3e8ec4827f080b18c2335552df5fa6cba4e693b9
7b1610180b714627daa658b4453f34d4b5ab886c62e01c07570471734264ad23
Analyzer Verdict Alert fortinet Phishing
GET /%7B%7Bcms.image_4%7D%7D HTTP/1.1
Host: uk-fastburgfries.lp.ohyousweeps.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
server: nginx
date: Mon, 28 Nov 2022 08:22:17 GMT
x-powered-by: PHP/7.3.33
access-control-allow-credentials: true
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Pq4jQsEg6VgHa8dZD4xm6Y30Txvk4yHpGGTxi9Pj6YJRZ-1Uw-d_CQ==
X-Firefox-Spdy: h2
uk-fastburgfries.lp.ohyousweeps.com/%7B%7Bcms.image_3%7D%7D
143.204.55.115200 OK 18 kB URL HTTP/2 uk-fastburgfries.lp.ohyousweeps.com/%7B%7Bcms.image_3%7D%7D
IP 143.204.55.115:0
Hash 3d796493e03a9d97a8c5363f9ff98ad4
d62d04840ac5c41691bc4967b8dce474ad7ce2ba
1a5b31d9729b86753d7d02863ea11dea1413300fec4a03aeac4c5c184c11d71c
Analyzer Verdict Alert fortinet Phishing
GET /%7B%7Bcms.image_3%7D%7D HTTP/1.1
Host: uk-fastburgfries.lp.ohyousweeps.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
server: nginx
date: Mon, 28 Nov 2022 08:22:17 GMT
x-powered-by: PHP/7.3.33
access-control-allow-credentials: true
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: FNW15nBB4CE2NpkiMtstJFrMTdH_DVuZfQznH5KJDXs-vAk-o9l4QQ==
X-Firefox-Spdy: h2
trk-consulatu.com/scripts/push/script/z0grz0mex9?url=uk-fastburgfries.lp.ohyousweeps.com&alturl=/
172.64.168.3200 OK 8.4 kB URL HTTP/2 trk-consulatu.com/scripts/push/script/z0grz0mex9?url=uk-fastburgfries.lp.ohyousweeps.com&alturl=/
IP 172.64.168.3:0
File type ASCII text, with very long lines (6943)
Hash 48636f1b13dcd0761948caf8cf3792dd
aa174d7aec3ce4157855f2f2bc819421b9178079
4aa2c165a71f4181b22808b0cea94c297ef52bba478d1db83f328dd63117e0ba
GET /scripts/push/script/z0grz0mex9?url=uk-fastburgfries.lp.ohyousweeps.com&alturl=/ HTTP/1.1
Host: trk-consulatu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:22:16 GMT
content-type: application/javascript;charset=UTF-8
expires: 0
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-xss-protection: 1; mode=block
pragma: no-cache
x-frame-options: DENY
referrer-policy: strict-origin-when-cross-origin
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options: nosniff
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BqfJwTjYJscTh4v7wTg9hoTNZfbFELFIw3Q24zR053Ohy92TNMdZTbhjEBlHcx9WRhJ%2BeJ%2BRlDXuv6uiQVoZCN0BuhI6i2AW%2BaT%2B28FjFyadK%2BQVr%2F2QiE29vwKMlQtQ%2BBqQ4g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7711b1e30d637407-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 78b1389f425425d0450c94d900404dc4
53b12a8702f7c5b7cc697e2a24da824d9434be65
0c1659ab3afc6e45f9e3acb12f8865bb99e4668f7df4501b1cc740e53f5b62ed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6376
x-amzn-requestid: 25b82353-9c15-44c0-ada5-55f4697de935
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR6_KGeaoAMFb_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d860-71711cca7c063030292c5e47;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: odmAWkNyUMevvXStu7zRJyckokhyBjUwu7-JSvj8by-JWJ9eAm9P5Q==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:01:26 GMT
age: 37252
etag: "53b12a8702f7c5b7cc697e2a24da824d9434be65"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd94c980-e701-4603-9381-0bd47116d31d.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd94c980-e701-4603-9381-0bd47116d31d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fa848cb85e85df184b078fe7aa95ae52
21aa6418f3a0d2b64925b66d5fb9079b7e84a11c
37d299c166e3350dee6dee647e98a86f8bd916d186bae12c42764ed0a3177085
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd94c980-e701-4603-9381-0bd47116d31d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5989
x-amzn-requestid: db10fcc5-80ab-4650-af49-d5afe36706f3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR78LHQqIAMF9_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d9e7-4cbd19e3227894844807742c;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:43:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: P0Nx-FcvcV-f5cRPwZr5sEMb8pH3AoYFr185q_D0X2bE7z40nDn91w==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:51:04 GMT
age: 37874
etag: "21aa6418f3a0d2b64925b66d5fb9079b7e84a11c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbfe1c9b5-b323-496c-a65c-09c1511f882f.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbfe1c9b5-b323-496c-a65c-09c1511f882f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f20d5c4b208740dd4c737b9d95c0e1d0
c843c5422499736a83a80c2b07475a8dbbb8860f
f8d048a2c911aaedfa53b7d6e134638e8c36db0700a874fe99e0d8f847970a1b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbfe1c9b5-b323-496c-a65c-09c1511f882f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12555
x-amzn-requestid: 2d9827ba-fc88-4deb-9844-f5b42764b2e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR6_MHPWIAMFQMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d861-42986aeb284115943c849306;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KcI_BV4rZkM-2CmcFI5qkJLT-OOwYQnRNEPXrQJvlNA9A3Da0EzgEA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:51:04 GMT
age: 37874
etag: "c843c5422499736a83a80c2b07475a8dbbb8860f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa915ba56-f7bc-48fc-b725-b932389634d5.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa915ba56-f7bc-48fc-b725-b932389634d5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0a4e0bb1e2748bdce6bbf685a910f0fc
5b97bfd787afcb912cdbef0f137f78a059082992
a7bc9adeb22cb57675e907bd961a6f554e6b7a46414ed782bcc9b53d68b1c328
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa915ba56-f7bc-48fc-b725-b932389634d5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 15639
x-amzn-requestid: 98e846b4-287f-4698-9529-25bcc2727a4a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR78dGReoAMFiDw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d9e9-62c41b2717bd8e6f3b3797da;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:43:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: fxNulyOR88nEcjtrXm1dECsulI-MsAxm2Zl0Y83uMz23lGh18d-ZBA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:56:55 GMT
age: 37530
etag: "5b97bfd787afcb912cdbef0f137f78a059082992"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
uk-fastburgfries.lp.ohyousweeps.com/%7B%7Bcms.image_2%7D%7D
143.204.55.115200 OK 0 B URL HTTP/2 uk-fastburgfries.lp.ohyousweeps.com/%7B%7Bcms.image_2%7D%7D
IP 143.204.55.115:0
Analyzer Verdict Alert fortinet Phishing
GET /%7B%7Bcms.image_2%7D%7D HTTP/1.1
Host: uk-fastburgfries.lp.ohyousweeps.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
server: nginx
date: Mon, 28 Nov 2022 08:22:17 GMT
x-powered-by: PHP/7.3.33
access-control-allow-credentials: true
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: l-IaBU8KU8nvMgrhHyWIeh31MhEm5cC0tQN8LyrYgrpn2qv9sIlx3Q==
X-Firefox-Spdy: h2
uk-fastburgfries.lp.ohyousweeps.com/directives/teaser-interest-questions/empty/en_GB.html
143.204.55.115200 OK 0 B URL HTTP/2 uk-fastburgfries.lp.ohyousweeps.com/directives/teaser-interest-questions/empty/en_GB.html
IP 143.204.55.115:0
Analyzer Verdict Alert fortinet Phishing
GET /directives/teaser-interest-questions/empty/en_GB.html HTTP/1.1
Host: uk-fastburgfries.lp.ohyousweeps.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html
server: nginx
date: Mon, 28 Nov 2022 08:21:37 GMT
last-modified: Mon, 28 Nov 2022 08:13:23 GMT
etag: W/"63846da3-f70"
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 5bKv0Q2BC9_P36c359X1ypodYls-u1nearhc1G4XQQy7n1tjJuP--A==
age: 40
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
104.18.11.207200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
IP 104.18.11.207:0
GET /bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:22:16 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: SE
cdn-edgestorageid: 632, 617, 617
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 2021-04-23 06:29:02
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 6a91d2c867066733b6d92a7a528c5c2e
cdn-cache: HIT
cf-cache-status: HIT
age: 17734073
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7711b1e10d3fb4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
uk-fastburgfries.lp.ohyousweeps.com/templates/empty/css/template.css
143.204.55.115200 OK 0 B URL HTTP/2 uk-fastburgfries.lp.ohyousweeps.com/templates/empty/css/template.css
IP 143.204.55.115:0
GET /templates/empty/css/template.css HTTP/1.1
Host: uk-fastburgfries.lp.ohyousweeps.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: nginx
date: Mon, 28 Nov 2022 08:21:36 GMT
last-modified: Mon, 28 Nov 2022 08:13:25 GMT
etag: W/"63846da5-3abf"
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: KG9iSODopJd9fk3ESs7Onre39dGp5NQMn5ur7fwt4U7CFdDkeK8RUA==
age: 40
X-Firefox-Spdy: h2
apidata.info/js
172.67.149.37200 OK 0 B IP 172.67.149.37:0
GET /js HTTP/1.1
Host: apidata.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:22:16 GMT
content-type: application/javascript;charset=UTF-8
access-control-allow-origin: *
access-control-allow-methods: POST, GET
access-control-max-age: 3600
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JMl3t41BWVn8y2WQiiUqJ71YTkO9KcexyOcKKQ7tpT9wD4Rv8ywu37np41Rc30U7hmLu18OUDQ4LgMjrD%2FxPJTTjBHwxAoNsU%2B6N%2Byowzq7U7gGI20%2FI3fsCPrI34tA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cflb=02DiuGQ4mUqJj6izyopp8yhqksk2KbwnuVSBrGeTftjbJ; SameSite=Lax; path=/; expires=Tue, 29-Nov-22 07:22:16 GMT; HttpOnly
server: cloudflare
cf-ray: 7711b1e1ce790af6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
uk-fastburgfries.lp.ohyousweeps.com/css/animations.css
143.204.55.115200 OK 0 B URL HTTP/2 uk-fastburgfries.lp.ohyousweeps.com/css/animations.css
IP 143.204.55.115:0
GET /css/animations.css HTTP/1.1
Host: uk-fastburgfries.lp.ohyousweeps.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: nginx
date: Mon, 28 Nov 2022 08:21:36 GMT
last-modified: Mon, 28 Nov 2022 08:13:23 GMT
etag: W/"63846da3-1642"
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: z7qrnBv4Eo37yV62S0_4ZKECVIDT8taN3cWIPqX0I2OOZdWZagLUng==
age: 40
X-Firefox-Spdy: h2
uk-fastburgfries.lp.ohyousweeps.com/css/vendor/pikaday.css
143.204.55.115200 OK 0 B URL HTTP/2 uk-fastburgfries.lp.ohyousweeps.com/css/vendor/pikaday.css
IP 143.204.55.115:0
GET /css/vendor/pikaday.css HTTP/1.1
Host: uk-fastburgfries.lp.ohyousweeps.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
server: nginx
date: Mon, 28 Nov 2022 08:21:36 GMT
last-modified: Mon, 28 Nov 2022 08:13:23 GMT
etag: W/"63846da3-1144"
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: LVGB8xr2jq8Hl1_4wRUu1zmie7qP2d3QWlpFCmZRH8gmtKYoV3uWDQ==
age: 40
X-Firefox-Spdy: h2
lpapi.pblinq.com/click/generate/?reqid=&oid=&aid=&cid=&sid=
172.67.214.60200 OK 0 B URL HTTP/2 lpapi.pblinq.com/click/generate/?reqid=&oid=&aid=&cid=&sid=
IP 172.67.214.60:0
GET /click/generate/?reqid=&oid=&aid=&cid=&sid= HTTP/1.1
Host: lpapi.pblinq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:22:16 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: PHP/7.4.28
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c5vcurILwyOue1%2Fa8uN2RfN0Np%2B3oAZhxEbHCeQX5gL24DzWCTm7FOCJJ43WMVOkQkU8B2ogeTWn0rGzsmopRwSSGNh28joO51uqcH3Vcda1HUKB8%2FT4EID9tn7N2x93g008"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7711b1e36f14b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
uk-fastburgfries.lp.ohyousweeps.com/templates/empty/preload-web.html
143.204.55.115200 OK 0 B URL HTTP/2 uk-fastburgfries.lp.ohyousweeps.com/templates/empty/preload-web.html
IP 143.204.55.115:0
Analyzer Verdict Alert fortinet Phishing
GET /templates/empty/preload-web.html HTTP/1.1
Host: uk-fastburgfries.lp.ohyousweeps.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html
server: nginx
date: Mon, 28 Nov 2022 08:22:17 GMT
last-modified: Mon, 28 Nov 2022 08:13:25 GMT
etag: W/"63846da5-1456"
content-encoding: br
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: UxYCUbBAsWyaWAC5Hb_5jKkBEz7nJ38ODh3clGJPOOOkMmEt33MI-A==
X-Firefox-Spdy: h2
uk-fastburgfries.lp.ohyousweeps.com/templates/empty/page-header-web.html
143.204.55.115200 OK 0 B URL HTTP/2 uk-fastburgfries.lp.ohyousweeps.com/templates/empty/page-header-web.html
IP 143.204.55.115:0
Analyzer Verdict Alert fortinet Phishing
GET /templates/empty/page-header-web.html HTTP/1.1
Host: uk-fastburgfries.lp.ohyousweeps.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html
server: nginx
date: Mon, 28 Nov 2022 08:22:17 GMT
last-modified: Mon, 28 Nov 2022 08:13:25 GMT
etag: W/"63846da5-89f"
content-encoding: br
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: _4qfNCQyg2PiJgvWk91x2kS7HNyp-q6Zz3Y1nDqYw1cE04kByH9Sng==
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
104.18.11.207200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
IP 104.18.11.207:0
GET /bootstrap/3.3.7/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uk-fastburgfries.lp.ohyousweeps.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:22:16 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
cdn-cachedat: 12/13/2021 20:18:53
cdn-edgestorageid: 755
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-proxyver: 1.02
cdn-requestid: 48135f30fbfcba704628453df5764d8f
cdn-cache: HIT
cf-cache-status: HIT
age: 15073221
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7711b1e0ed21b4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
uk-fastburgfries.lp.ohyousweeps.com/
143.204.55.115200 OK 0 B URL HTTP/2 uk-fastburgfries.lp.ohyousweeps.com/
IP 143.204.55.115:0
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: uk-fastburgfries.lp.ohyousweeps.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
server: nginx
date: Mon, 28 Nov 2022 08:21:35 GMT
x-powered-by: PHP/7.3.33
access-control-allow-credentials: true
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: LgbKPm6OLjjDzFEnl_SxRS2nwRdTDp0QQgQteFLmw3Sm5jRjqsBCXQ==
age: 41
X-Firefox-Spdy: h2