firefox.settings.services.mozilla.com/v1/
54.230.111.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 54.230.111.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 14:47:16 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: BC5k-OF50qJ6iLvV_MgwMufCLkaL1IEf5uQyP0KxeEJt5vxy5BhFCw==
Age: 1313
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 282f6e1328452c1cb41f6a6272fff757
20b9ff1b5f4f81b645769bd4b4cf7bf7dfc16262
6a8070ebe51259cb11db68cca2c81f3c7408fad481d8c14cc1c38912442c63f4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A8070EBE51259CB11DB68CCA2C81F3C7408FAD481D8C14CC1C38912442C63F4"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7513
Expires: Wed, 05 Oct 2022 17:14:22 GMT
Date: Wed, 05 Oct 2022 15:09:09 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
54.230.111.14200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 54.230.111.14:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 05 Oct 2022 04:02:33 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
x-cache: Hit from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: pRSfTRATY2irpFZPM9p5MugH5nXH3-9gIVyFTCvx2yfSYvNpfZgeWA==
age: 39997
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 15:09:09 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
4721227.fls.doubleclick.net/activityi;src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html?
142.250.74.70200 OK 386 B URL HTTP/1.1 4721227.fls.doubleclick.net/activityi;src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html?
IP 142.250.74.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (514), with no line terminators
Hash 296deb3695167c3c5554400fac013f71
6d2e86f0cae8fecc3f6e86fe5c749a687a681ec6
7e5eb591696539bfc010e9c16144f877f6b027804491e4910fce2068bdbff984
GET /activityi;src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html? HTTP/1.1
Host: 4721227.fls.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Date: Wed, 05 Oct 2022 15:09:09 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Strict-Transport-Security: max-age=21600
Content-Type: text/html; charset=UTF-8
Pragma: no-cache
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 386
X-XSS-Protection: 0
www.scdn.co/build/js/sp-analytics-a3e2493d01.js
151.101.86.248301 Moved Permanently 0 B URL HTTP/1.1 www.scdn.co/build/js/sp-analytics-a3e2493d01.js
IP 151.101.86.248:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /build/js/sp-analytics-a3e2493d01.js HTTP/1.1
Host: www.scdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Retry-After: 0
Location: https://www.scdn.co/build/js/sp-analytics-a3e2493d01.js
Accept-Ranges: bytes
Date: Wed, 05 Oct 2022 15:09:09 GMT
X-Served-By: cache-bma1626-BMA
X-Cache: HIT
X-Cache-Hits: 0
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&ca11a78d20ee8d7a0c974d2b813ddb24&dispatch=b49f101badbb57ccca1d9cdafc5c001b7f835e89
163.44.198.59200 OK 29 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&ca11a78d20ee8d7a0c974d2b813ddb24&dispatch=b49f101badbb57ccca1d9cdafc5c001b7f835e89
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (743)
Hash 08ce35e754d2234cd96dd99e7ff451d6
d143e70cbb9cad1cb08d702eed9c556e69da4b1a
1ece5ebafae25c9db69d85036fb6e7a1960d115b980ac2b1716e0d0e5d6ad0f0
Analyzer Verdict Alert urlquery Phishing - Spotify
GET /~cp785288/hlep/Login/billing.php?verify_account=session=NL&ca11a78d20ee8d7a0c974d2b813ddb24&dispatch=b49f101badbb57ccca1d9cdafc5c001b7f835e89 HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:09:09 GMT
Server: Apache
X-Powered-By: PHP/5.6.40
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=tb3konc5njludhki1e7gk8fnn3; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
www.scdn.co/build/js/sp-analytics-a3e2493d01.js
151.101.86.248200 OK 2.9 kB URL HTTP/1.1 www.scdn.co/build/js/sp-analytics-a3e2493d01.js
IP 151.101.86.248:0
File type ASCII text, with very long lines (7916)
Hash 46f7394944aba4665f842d75ef972bb3
65046fbc4dc0c4d397210e6141702bb70873e273
602d76b0de139658e9c504c4e8f7f1c5858d33d2da30040766d78fb1c9702964
GET /build/js/sp-analytics-a3e2493d01.js HTTP/1.1
Host: www.scdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 2934
Last-Modified: Thu, 09 Aug 2018 08:55:55 GMT
ETag: "3b8ea9b9fed8d12d22fd1c7b7c4367b8"
x-goog-generation: 1533804955085745
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 7969
x-amz-meta-goog-reserved-file-mtime: 1533804724
Content-Type: application/javascript
Content-Encoding: gzip
Accept-Ranges: bytes
Date: Wed, 05 Oct 2022 15:09:09 GMT
Age: 1799959
Timing-Allow-Origin: *
X-Served-By: cache-chi-klot8100061-CHI, cache-bma1625-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 1
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash f9371f81e2eeeead7fe351a49f3b1c40
ae23d6c6c57dd7cf568c3a74594c377b7bb7df43
03c4ba0faa3199d061d1bb37df5d48ba6d81f77a83e243922075efc4d4acf456
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 15:09:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/ddm/fls/i/src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html
142.250.74.162200 OK 385 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html
IP 142.250.74.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (513), with no line terminators
Hash 6da5969356df80d83312d6b0bca604e8
a352bd59cfe4068c776cc9d3acb723eb4e1609af
4514880eba4798114d09a67b93f1433cf06ece4beeee8266b101fd27b3070d5e
GET /ddm/fls/i/src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://4721227.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 15:09:09 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 385
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash f936b953fdf91692463e6745f5151375
9f94b177ba59497086040cbec72f9e26e22a54c3
21c4c1a25e3f41ea5d0262216d19cb081023a79500eae7dab8b8c1f5022ad18e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 15:09:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 3272320faa10c8205cf15a77befdc660
5d591ee0ca240de70d62f2728b2b8be7274faf07
e7dca5142a10acc70cd47ebcfce3c2780f3b25056267de0d46e876a877f2cba0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 15:09:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
54.230.111.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 54.230.111.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Pragma, Content-Length, Backoff, Last-Modified, Cache-Control, Content-Type, Retry-After, ETag, Expires, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Wed, 05 Oct 2022 14:29:33 GMT
Expires: Wed, 05 Oct 2022 14:35:32 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Q16SHeKyIU7FgCbca8qCjvzqTftvyHeaM1ER7hqrmJzwVMUXfqZvVg==
Age: 2377
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/activityi(2).html
163.44.198.59200 OK 526 B URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/activityi(2).html
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 4111ba0635356cb00c95c1e7df71bc7a
478e66ccd3ea1606c21b0bc2dc7be11fb4980c81
368050e24650d085ae45ff96cb255eafd8196154f484969f0492ceaab7d9d9c5
Analyzer Verdict Alert urlquery Phishing - Spotify
fortinet Phishing
GET /~cp785288/hlep/Login/files/activityi(2).html HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&ca11a78d20ee8d7a0c974d2b813ddb24&dispatch=b49f101badbb57ccca1d9cdafc5c001b7f835e89
Cookie: PHPSESSID=tb3konc5njludhki1e7gk8fnn3
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:09:09 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "20e-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 526
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
adservice.google.no/ddm/fls/i/src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html
142.250.74.130302 Found 0 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ddm/fls/i/src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 15:09:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://4721227.fls.doubleclick.net/ddm/fls/r/src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 1d4c3917173bd92c4b3208cdf2c7c345
726a9aa16eef5844afde825f9faf1b505d31e69b
572eebfaf735eb8aa1b3563d0317d52f5d22e9e83e5f5b6723f65da83fb15f22
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 15:09:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 03aa53df423fbcabed7e7ea8b5b21daa
c87027f8318719091a2cbcc428c47297fca60a46
3c4c8ae282397bf93a74e824e6cd971d0ba5e5aae0cd81cf679a6bff75dbcb77
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 15:09:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
4721227.fls.doubleclick.net/ddm/fls/r/src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html
142.250.74.70200 OK 810 B URL HTTP/2 4721227.fls.doubleclick.net/ddm/fls/r/src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html
IP 142.250.74.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (605)
Hash 491829d94d11c593c5e13c746519b674
676caaca2116a50807fe27a04675afdead57f8a2
91b4b4087bafc56e81cd7586ea02acf165671395e607698d4d0f78c7e37eeccd
GET /ddm/fls/r/src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html HTTP/1.1
Host: 4721227.fls.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://adservice.google.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 15:09:10 GMT
expires: Wed, 05 Oct 2022 15:09:10 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 810
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 05-Oct-2022 15:24:10 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f24f49dce99bf22d6f1834c2f702f1f4
5c683d0f6be8cd1a60d95a0cb892007f4363005a
3b3e804ba36f52b1aaad872cd62a8b1f67d59a41c62a68c96d13605103329ff1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 15:09:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f20fe13aa606c9bab526566128e53a62
01fa0b83c3c7f7895a1d7f3907f48664e59b1802
1dc0050819a03d8ac0c440802faf716ce744e3d89e833e3ca752452689648b3e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 15:09:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googleadservices.com/pagead/conversion.js
142.250.74.130200 OK 17 kB URL HTTP/2 www.googleadservices.com/pagead/conversion.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (2021)
Hash facf633646edbf5b62983e22d11aa160
0373848f224ca40d2982581b205a8cf28b72dd7c
ce5955eb70e6611579323a75ba5536d9af9a224a593fe1a2d8d204fa1127f524
GET /pagead/conversion.js HTTP/1.1
Host: www.googleadservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 05 Oct 2022 15:09:10 GMT
expires: Wed, 05 Oct 2022 15:09:10 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 11313833467736987248
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 16840
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1561c6be7c89d1357a80d12de47b6e74
9a705277922ecca583c867af58b3efce099f83bd
e33dc034dbf4b3b627cd3c1af2d942e2ca5704ec9a4aad5c46ad39eb070e82ab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5402
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 15:09:10 GMT
Last-Modified: Wed, 05 Oct 2022 13:39:08 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash fb0b7065b5d78223d5a4221d0be7ba0b
02b522ffb61f33ae676db5c1fc07284d7bb76b6d
61a3a4e39dca43603372cdf4cbd992cade907c64d874bf77ad19409927d9b891
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 15:09:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.maskedinput.js
163.44.198.59200 OK 10 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.maskedinput.js
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
Hash 6f7c106ad7a91b4d75ffbdce35b1907b
e1937b367daea561b96d7f47be85132a5a8ad55b
b63e5bcbf53f3f1ab4bcf0845a900fab7b25981693e753d73cfd2784a8046446
Analyzer Verdict Alert urlquery Phishing - Spotify
fortinet Phishing
GET /~cp785288/hlep/Login/files/jquery.maskedinput.js HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&ca11a78d20ee8d7a0c974d2b813ddb24&dispatch=b49f101badbb57ccca1d9cdafc5c001b7f835e89
Cookie: PHPSESSID=tb3konc5njludhki1e7gk8fnn3
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:09:10 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "2805-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 10245
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/embedded-checkout-7f51b6350a.css
163.44.198.59200 OK 16 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/embedded-checkout-7f51b6350a.css
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type ASCII text, with very long lines (16242), with no line terminators
Hash 7f51b6350a9a704d466a234099088106
c86c363d221743f1fd094dc449ebd173c9978998
c98fd9d8e74817c15654a9bc1381f9cd3850b87fc5da82d92f1f6aa7558ba09f
Analyzer Verdict Alert urlquery Phishing - Spotify
GET /~cp785288/hlep/Login/files/embedded-checkout-7f51b6350a.css HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&ca11a78d20ee8d7a0c974d2b813ddb24&dispatch=b49f101badbb57ccca1d9cdafc5c001b7f835e89
Cookie: PHPSESSID=tb3konc5njludhki1e7gk8fnn3
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:09:10 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "3f72-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 16242
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
push.services.mozilla.com/
52.39.175.179101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.39.175.179:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Ofh9rWx3ZKaqfFQBa9vjOg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: uc2R7aJU19R7YWFWpRUpdsh8DH4=
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.v-form.js
163.44.198.59200 OK 7.1 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.v-form.js
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
Hash 8d3893b549d0d074acd24a67fa6bb19c
e1612052c6092b2ed31a89bd4f2657fd7ca960f6
4e5b8d16044077193472b2bad96dabf3f322452461b533f469846de23b94995f
Analyzer Verdict Alert urlquery Phishing - Spotify
fortinet Phishing
GET /~cp785288/hlep/Login/files/jquery.v-form.js HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&ca11a78d20ee8d7a0c974d2b813ddb24&dispatch=b49f101badbb57ccca1d9cdafc5c001b7f835e89
Cookie: PHPSESSID=tb3konc5njludhki1e7gk8fnn3
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:09:10 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "1bc7-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 7111
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.additional-methods.js
163.44.198.59200 OK 22 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.additional-methods.js
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type Unicode text, UTF-8 text, with very long lines (1231)
Hash 90ea2fdca7a2817e04c6f508fc70fc82
8ea4223a744c83d354c257bbce3e85e6804e9147
72d04d4e4fec062d1c4ef989026f021267b61ffa1d0350855a7007e81f49bba6
Analyzer Verdict Alert urlquery Phishing - Spotify
fortinet Phishing
GET /~cp785288/hlep/Login/files/jquery.additional-methods.js HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&ca11a78d20ee8d7a0c974d2b813ddb24&dispatch=b49f101badbb57ccca1d9cdafc5c001b7f835e89
Cookie: PHPSESSID=tb3konc5njludhki1e7gk8fnn3
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:09:10 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "56ed-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 22253
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.20.226:0
Hash 710758e186f708aee3f4282382e0fef4
016226529258f98988d9b45c88984ac1bc7e2fd7
731496e0a698632d84112d06ab4fe0fd6a619e4fbdd72bb035e947a51c917bd7
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:09:10 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Sun, 09 Oct 2022 13:17:59 GMT
ETag: "016226529258f98988d9b45c88984ac1bc7e2fd7"
Last-Modified: Wed, 05 Oct 2022 13:18:00 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2098
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 755713af7ec21c16-OSL
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.validate.js
163.44.198.59200 OK 46 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.validate.js
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type Unicode text, UTF-8 text, with very long lines (511)
Hash 17836a76e9a044bc7dad83f6dcef42ef
3467edcee0e9cecd3e5be5bfd21227c8676c05ac
d030f6633a5d0efd3f76fcf5ec98a0468c76770e618a401ffe5ddc7f6ccc844b
Analyzer Verdict Alert urlquery Phishing - Spotify
fortinet Phishing
GET /~cp785288/hlep/Login/files/jquery.validate.js HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&ca11a78d20ee8d7a0c974d2b813ddb24&dispatch=b49f101badbb57ccca1d9cdafc5c001b7f835e89
Cookie: PHPSESSID=tb3konc5njludhki1e7gk8fnn3
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:09:10 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "b4bb-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 46267
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.js
163.44.198.59200 OK 86 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.js
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type ASCII text, with very long lines (32034), with CRLF line terminators
Hash 1a0d5be2d25ff036a0e088e0ec0b3600
7a9ae64f46b3c59ab06648d5681434a89c3d605c
2a1f1370eb7b24a307312112427dfd544fb838a8bef66babc936f5e870a22e52
Analyzer Verdict Alert urlquery Phishing - Spotify
fortinet Phishing
GET /~cp785288/hlep/Login/files/jquery.js HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&ca11a78d20ee8d7a0c974d2b813ddb24&dispatch=b49f101badbb57ccca1d9cdafc5c001b7f835e89
Cookie: PHPSESSID=tb3konc5njludhki1e7gk8fnn3
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:09:10 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "15147-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 86343
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.CardValidator.js
163.44.198.59200 OK 6.4 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.CardValidator.js
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
Hash 27c724fa448269f77118494361b0fc0c
7455679ba0a9811fd31ab5ea8f76ebfe4ba22ec9
8802adf5641c1056fcf4feeeabb83be1b1e3724d9b460cecc791dfdd6422bc3b
Analyzer Verdict Alert urlquery Phishing - Spotify
fortinet Phishing
GET /~cp785288/hlep/Login/files/jquery.CardValidator.js HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&ca11a78d20ee8d7a0c974d2b813ddb24&dispatch=b49f101badbb57ccca1d9cdafc5c001b7f835e89
Cookie: PHPSESSID=tb3konc5njludhki1e7gk8fnn3
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:09:10 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "18df-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 6367
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.mask.js
163.44.198.59200 OK 18 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.mask.js
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
Hash 219d169a80568884a3d6baab3e5e7def
61d00104de8c972c820cd9b527d8e2edb30e5c4a
cf1f0d954cbbbcb32d170b1ff68c5b082a1086f34f2bbee825ca88b7c9fb213a
Analyzer Verdict Alert fortinet Phishing
GET /~cp785288/hlep/Login/files/jquery.mask.js HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&ca11a78d20ee8d7a0c974d2b813ddb24&dispatch=b49f101badbb57ccca1d9cdafc5c001b7f835e89
Cookie: PHPSESSID=tb3konc5njludhki1e7gk8fnn3
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:09:11 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "47fe-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 18430
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/form_offer_panel.html
163.44.198.59200 OK 5.3 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/form_offer_panel.html
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (993)
Hash c118ac3a4ba997458c78eade2e1fdac4
faf216d9d3d102571af688fa9aa4b52da44257fb
cfa2f7dc5b0d7b3bc7190aab46525cefb46185c2c0251de98a3290440b5282d1
Analyzer Verdict Alert urlquery Phishing - Spotify
fortinet Phishing
GET /~cp785288/hlep/Login/files/form_offer_panel.html HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&ca11a78d20ee8d7a0c974d2b813ddb24&dispatch=b49f101badbb57ccca1d9cdafc5c001b7f835e89
Cookie: PHPSESSID=tb3konc5njludhki1e7gk8fnn3
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:09:11 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "1489-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 5257
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/account-4445741da9.css
163.44.198.59200 OK 113 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/account-4445741da9.css
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type ASCII text, with very long lines (65536), with no line terminators
Size 113 kB (113191 bytes)
Hash 4445741da9c2fcc072a15b124aca043b
6496e6d22375b3c56470b0d163a704e5f5a1dd72
279c2837ecb9591e8dcfd0d1da12755faf0360ff9154f5a2dfde51f138c09489
Analyzer Verdict Alert urlquery Phishing - Spotify
GET /~cp785288/hlep/Login/files/account-4445741da9.css HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&ca11a78d20ee8d7a0c974d2b813ddb24&dispatch=b49f101badbb57ccca1d9cdafc5c001b7f835e89
Cookie: PHPSESSID=tb3konc5njludhki1e7gk8fnn3
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:09:10 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "1ba27-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 113191
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6502
Expires: Wed, 05 Oct 2022 16:57:33 GMT
Date: Wed, 05 Oct 2022 15:09:11 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6502
Expires: Wed, 05 Oct 2022 16:57:33 GMT
Date: Wed, 05 Oct 2022 15:09:11 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6502
Expires: Wed, 05 Oct 2022 16:57:33 GMT
Date: Wed, 05 Oct 2022 15:09:11 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8857940-5ca2-44ba-8a66-f396a605d5b4.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8857940-5ca2-44ba-8a66-f396a605d5b4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 229c99cfb655a8c9f1a22de69fdff73c
6b5db8fbfb56f083d54b13e7660d0e4bc866aa00
f4099e9153c3dc481add95b0f24dbb8f6d65cc74ad5631d9cb6c6f2a0351843d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8857940-5ca2-44ba-8a66-f396a605d5b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7021
x-amzn-requestid: 2e30bdac-360e-4d0a-8bb7-c3144e074abe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zf8ucHb1oAMFjYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ca7f5-18ba6bc50cb32b1e14c882bd;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 21:39:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Sd2_YDHr3j7ym7wfFyQh9kg8FP-Et2nJUOo1v_TNbI3PvpzEY5KJ2Q==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 22:07:19 GMT
age: 61312
etag: "6b5db8fbfb56f083d54b13e7660d0e4bc866aa00"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78bf691d-76e8-4176-884d-dbc06604dded.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78bf691d-76e8-4176-884d-dbc06604dded.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 100559d746bedd7c3802661c875c35ee
5261a6c2ee6d6cc87e91ee82e32d8be234db393e
ff06f31267ddcc9a0d84ddc68932872bfed29d072783c3a1dd3790d41c280aec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78bf691d-76e8-4176-884d-dbc06604dded.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8816
x-amzn-requestid: b9f3ec8a-f478-4405-b275-e21f2d7d89d4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZKK7gFPJIAMF-7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6333f1e3-250348e6140f3c74762263ea;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 07:04:03 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: F1ZWwxLKhRC6oSh6gnUxEm5AnYcY-mezJw9mNJ8GmNWnATAKx1JxSg==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 22:42:26 GMT
age: 59205
etag: "5261a6c2ee6d6cc87e91ee82e32d8be234db393e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb178720-854c-4c9e-85c1-58cb5419ca69.jpeg
34.120.237.76200 OK 3.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb178720-854c-4c9e-85c1-58cb5419ca69.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5d7d7df8d4c440f9db445c3d99e818d6
612b6dbd4ba895c167964ff7e6d9263013b52b0a
bf527a814c78f9e010cce4ba593c9146d54a2137d1f147f7a6250fbad81956ac
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb178720-854c-4c9e-85c1-58cb5419ca69.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3585
x-amzn-requestid: ccb6f0c8-4d9b-48b8-aaf6-16781dc4c86b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZaHFlEcFoAMFS3g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a5223-5c9276c873efee993ba54667;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 03:08:19 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: T8m1q2L45TWDVRBa-R2W70yq9BauBK3G4IX54AGIxdRhG736T974kg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 04:05:29 GMT
age: 39822
etag: "612b6dbd4ba895c167964ff7e6d9263013b52b0a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5704624d-eb81-4a5b-bcb7-08db5681c677.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5704624d-eb81-4a5b-bcb7-08db5681c677.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1de7c17a0ba9295135e7f8b490b6a8d3
70e8d1589f3daf71378965dd197934e220fb6aa4
ee559ce3166479e2b930be7d18525f5c2d164aed8ca005302ddaf3bfe37eec24
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5704624d-eb81-4a5b-bcb7-08db5681c677.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8926
x-amzn-requestid: 27fc8976-af8d-40a3-b701-0642fa135ec4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zf8s1GSbIAMFTiw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ca7eb-4d4c7837576e0fdb5828fe3b;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 21:38:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YzVofPSJC-YVU1Q1V9AnjNeQTa1BQEh6ZiH2HjSeeX5RygysFP7oAA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 21:42:34 GMT
age: 62797
etag: "70e8d1589f3daf71378965dd197934e220fb6aa4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ca20164-9b52-49c5-9e63-1fc0ae719f45.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ca20164-9b52-49c5-9e63-1fc0ae719f45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4fc2ddd86450d64d3fb659ab4e78be58
bbe71936b78a8c34d03ab87948dc840b35c6948f
84a760397a5912bd05f61bc8a953c13a88a677e2d17fbbf74bdf7d7ff4d3942f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ca20164-9b52-49c5-9e63-1fc0ae719f45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10158
x-amzn-requestid: def1fc7e-8008-466f-9271-20fa1ab0fa5a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZaqZCH7doAMFcPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a8aa0-7fd2fb1249366f2277d719d6;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 07:09:20 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: szhtD9f4RuQaDKXe7LElSR0yOKo9cYa1i2YMeG3eSpBXP8ePcdzQig==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 07:29:32 GMT
age: 27579
etag: "bbe71936b78a8c34d03ab87948dc840b35c6948f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23595c4d-609a-48f3-a52f-e88e478d7653.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23595c4d-609a-48f3-a52f-e88e478d7653.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3257b782efae9b64e6e18a547866ec50
4daf0c001e86af8477fb097e8ca932edb8e5f981
899f9692e86405aa288d88dd285a6fe26bedab1a2ca4693212476063890b01a5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23595c4d-609a-48f3-a52f-e88e478d7653.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5832
x-amzn-requestid: c4427edd-3d71-47d0-a2d3-b3bfed089535
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zf8s1FuUoAMFhBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ca7eb-46ddff150da4141d23fc0d8a;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 21:38:51 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: WWClzLGprno--c75q63i1TFi8oBEdAYW-J4lCk9V8IELQXe6q0A05A==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 21:42:34 GMT
age: 62797
etag: "4daf0c001e86af8477fb097e8ca932edb8e5f981"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
insight.adsrvr.org/track/conv/?adv=3ysyqec&ct=0:2azffrr&fmt=3
3.33.220.150200 OK 103 kB URL HTTP/2 insight.adsrvr.org/track/conv/?adv=3ysyqec&ct=0:2azffrr&fmt=3
IP 3.33.220.150:0
File type GIF image data, version 89a, 1 x 1\012- data
Size 103 kB (102572 bytes)
Hash 0abe6640be0a92b0c11e6396a1af8a8e
2d76c386bb1d3fec3714efa8977c7d83a41a0aa4
a06a49590536c9910336442e2a66b3f28884df574c8118414e35f151549491bb
GET /track/conv/?adv=3ysyqec&ct=0:2azffrr&fmt=3 HTTP/1.1
Host: insight.adsrvr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 15:09:11 GMT
content-type: image/gif
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
set-cookie: TDID=99297c53-ea7a-4d98-adf0-6de576649e71; domain=.adsrvr.org; expires=Thu, 05-Oct-2023 15:09:11 GMT; path=/; secure; SameSite=None
TDCPM=CAEYBTgBQgQiAggB; domain=.adsrvr.org; expires=Thu, 05-Oct-2023 15:09:11 GMT; path=/; secure; SameSite=None
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/spotify-543b91ee3c.css
163.44.198.59200 OK 334 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/spotify-543b91ee3c.css
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type ASCII text, with very long lines (65371)
Size 334 kB (333717 bytes)
Hash 543b91ee3c2476d8cef5ea60c31e9c89
6d966ee2076be0b1497de6584b2f4b03b4dfcdc2
758ad9846aa8db4fd6d7958b03c8db3a2416c1e200fd203c4da5d0129f701e94
Analyzer Verdict Alert urlquery Phishing - Spotify
GET /~cp785288/hlep/Login/files/spotify-543b91ee3c.css HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&ca11a78d20ee8d7a0c974d2b813ddb24&dispatch=b49f101badbb57ccca1d9cdafc5c001b7f835e89
Cookie: PHPSESSID=tb3konc5njludhki1e7gk8fnn3
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:09:10 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "51795-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 333717
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
sp-bootstrap.global.ssl.fastly.net/8.2.0/images/flags/int.svg
151.101.85.194200 OK 20 kB URL HTTP/1.1 sp-bootstrap.global.ssl.fastly.net/8.2.0/images/flags/int.svg
IP 151.101.85.194:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (48095), with no line terminators
Hash f0502bfcc1f3e782c835f8451b65b007
121a2c65c3081cfbc124f475b411adb92b2bc1bc
4d148629e85b4da29493dd19bd6d02acfcf63b3085475b7154e3279811cdfa56
Analyzer Verdict Alert urlquery Phishing - Spotify
GET /8.2.0/images/flags/int.svg HTTP/1.1
Host: sp-bootstrap.global.ssl.fastly.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 20408
Last-Modified: Mon, 21 Mar 2022 12:56:04 GMT
ETag: "d15d3150af5b38c95ccbe16ba344d47f"
x-goog-generation: 1647867364791394
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 48095
x-amz-meta-goog-reserved-file-mtime: 1504812661
Content-Type: image/svg+xml
Content-Encoding: gzip
Accept-Ranges: bytes
Date: Wed, 05 Oct 2022 15:09:12 GMT
Age: 3109559
X-Served-By: cache-chi-klot8100114-CHI, cache-bma1655-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 136, 1
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
sp-bootstrap.global.ssl.fastly.net/8.2.0/fonts/circular-bold.woff2
151.101.85.194200 OK 69 kB URL HTTP/1.1 sp-bootstrap.global.ssl.fastly.net/8.2.0/fonts/circular-bold.woff2
IP 151.101.85.194:0
File type Web Open Font Format (Version 2), TrueType, length 69140, version 1.66\012- data
Hash 14bfce9501e5a5dc0adbe559dd630bc6
1347f73fa1907fd9762431cbcfc1e14918cdbddc
0e1e4f36fc8076dd1b5f30ac8aeaeed4b5927e475d0d4e7b8d63a33beb2fd0b5
Analyzer Verdict Alert urlquery Phishing - Spotify
GET /8.2.0/fonts/circular-bold.woff2 HTTP/1.1
Host: sp-bootstrap.global.ssl.fastly.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://cpanel10wh.bkk1.cloud.z.com
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 69140
Last-Modified: Mon, 21 Mar 2022 12:56:03 GMT
ETag: "14bfce9501e5a5dc0adbe559dd630bc6"
x-goog-generation: 1647867363593511
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 69140
x-amz-meta-goog-reserved-file-mtime: 1504812661
Content-Type: font/woff2
Accept-Ranges: bytes
Date: Wed, 05 Oct 2022 15:09:12 GMT
Age: 2507971
X-Served-By: cache-chi-klot8100108-CHI, cache-bma1651-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 3266, 1
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
sp-bootstrap.global.ssl.fastly.net/8.2.0/fonts/circular-medium.woff2
151.101.85.194200 OK 66 kB URL HTTP/1.1 sp-bootstrap.global.ssl.fastly.net/8.2.0/fonts/circular-medium.woff2
IP 151.101.85.194:0
File type Web Open Font Format (Version 2), TrueType, length 66268, version 1.66\012- data
Hash 251eb282f9ea3a40421d0ae5a549fb92
1a82cf4b6869398509c5bd982495e461c1eb3823
a9d8ae96f7d8b1c672c9cdf8709e876e76172e41c2d9f15a842fc6d9c6f5573d
Analyzer Verdict Alert urlquery Phishing - Spotify
GET /8.2.0/fonts/circular-medium.woff2 HTTP/1.1
Host: sp-bootstrap.global.ssl.fastly.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://cpanel10wh.bkk1.cloud.z.com
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 66268
Last-Modified: Mon, 21 Mar 2022 12:56:03 GMT
ETag: "251eb282f9ea3a40421d0ae5a549fb92"
x-goog-generation: 1647867363628825
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 66268
x-amz-meta-goog-reserved-file-mtime: 1504812661
Content-Type: font/woff2
Accept-Ranges: bytes
Date: Wed, 05 Oct 2022 15:09:12 GMT
Age: 1313458
X-Served-By: cache-chi-kigq8000155-CHI, cache-bma1632-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 37, 1
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
sp-bootstrap.global.ssl.fastly.net/8.2.0/fonts/circular-black.woff2
151.101.85.194200 OK 69 kB URL HTTP/1.1 sp-bootstrap.global.ssl.fastly.net/8.2.0/fonts/circular-black.woff2
IP 151.101.85.194:0
File type Web Open Font Format (Version 2), TrueType, length 69188, version 1.66\012- data
Hash 9e0ddf791ff8bdc860603330b6b1c88e
9a721a21c1928f089ee0eae1988acd8c83fa1a33
769dae020149617e3d70328c3e1557fa3ca53fa128a9743ab389b2bfcb5327f1
Analyzer Verdict Alert urlquery Phishing - Spotify
GET /8.2.0/fonts/circular-black.woff2 HTTP/1.1
Host: sp-bootstrap.global.ssl.fastly.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://cpanel10wh.bkk1.cloud.z.com
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 69188
Last-Modified: Mon, 21 Mar 2022 12:56:03 GMT
ETag: "9e0ddf791ff8bdc860603330b6b1c88e"
x-goog-generation: 1647867363538571
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 69188
x-amz-meta-goog-reserved-file-mtime: 1504812660
Content-Type: font/woff2
Accept-Ranges: bytes
Date: Wed, 05 Oct 2022 15:09:12 GMT
Age: 2431699
X-Served-By: cache-chi-kigq8000145-CHI, cache-bma1681-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 1
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
sp-bootstrap.global.ssl.fastly.net/8.2.0/fonts/circular-book.woff2
151.101.85.194200 OK 64 kB URL HTTP/1.1 sp-bootstrap.global.ssl.fastly.net/8.2.0/fonts/circular-book.woff2
IP 151.101.85.194:0
File type Web Open Font Format (Version 2), TrueType, length 64512, version 1.66\012- data
Hash 0c0dfc4df72c07c84b15651ab6f951a6
06d7669306b19fffec534f47b18eedce61c5aa73
16f860a080d405f412750f83c4ee2168302cd1f3347416b5b3ae50bae3571b28
Analyzer Verdict Alert urlquery Phishing - Spotify
GET /8.2.0/fonts/circular-book.woff2 HTTP/1.1
Host: sp-bootstrap.global.ssl.fastly.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://cpanel10wh.bkk1.cloud.z.com
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 64512
Last-Modified: Mon, 21 Mar 2022 12:56:03 GMT
ETag: "0c0dfc4df72c07c84b15651ab6f951a6"
x-goog-generation: 1647867363540028
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 64512
x-amz-meta-goog-reserved-file-mtime: 1504812661
Content-Type: font/woff2
Accept-Ranges: bytes
Date: Wed, 05 Oct 2022 15:09:12 GMT
Age: 5804567
X-Served-By: cache-chi-kigq8000061-CHI, cache-bma1621-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 18
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
bat.bing.com/bat.js
13.107.21.200200 OK 11 kB IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (38826), with no line terminators
Hash 293ae3e0fc8b0d5c143fdf9d8490228d
3976c659b908e70818a3a1ac71860b497fe2d1a9
04a840d967ae836e14179bde574cabf14a1fc871182ca0f8193e7a0b06c727ab
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 11367
content-type: application/javascript
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ranges: bytes
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
set-cookie: MUID=340359DB5FF964B53B654BEF5EAE6545; domain=.bing.com; expires=Mon, 30-Oct-2023 15:09:12 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4A8E8374D91D4815AA73243F3548A434 Ref B: OSL30EDGE0313 Ref C: 2022-10-05T15:09:12Z
date: Wed, 05 Oct 2022 15:09:11 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash eac86f868b3967f1946c7f5fc712b25f
e2ae8eb09715a0af0791c085eb35bf66e0548e30
bceb14e7a478c0e34a0f1d8286eb954566c62051e996bc36189de922a76a6e06
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 15:09:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/sprites_cc_logos.png
163.44.198.59200 OK 24 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/sprites_cc_logos.png
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type PNG image data, 37 x 948, 8-bit/color RGBA, non-interlaced\012- data
Hash 0cc5525016888556c3fb82f2cdab246a
f7fbe9b43f6d01cad02f9b016d4b0f0abb8c4423
a47f9feda7682c5085fa780e2560144c5bc70caa592a8d1a345a852948efa94a
Analyzer Verdict Alert urlquery Phishing - Spotify
GET /~cp785288/hlep/Login/files/sprites_cc_logos.png HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&ca11a78d20ee8d7a0c974d2b813ddb24&dispatch=b49f101badbb57ccca1d9cdafc5c001b7f835e89
Cookie: PHPSESSID=tb3konc5njludhki1e7gk8fnn3
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:09:12 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "5e74-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 24180
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
cpanel10wh.bkk1.cloud.z.com/build/i/sprite/icon-provider-9b3624f0bb.png
163.44.198.59404 Not Found 10 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/build/i/sprite/icon-provider-9b3624f0bb.png
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4070)
Hash 764b169512ba7a19381b8e0320821c0d
cbfaf4c108707e2a422bcd904fd3d2dfccc4f4a3
8b0dc0a0b09bb64848704af42dd224120c3f65019a27691773114acd920be97b
GET /build/i/sprite/icon-provider-9b3624f0bb.png HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/account-4445741da9.css
Cookie: PHPSESSID=tb3konc5njludhki1e7gk8fnn3
HTTP/1.1 404 Not Found
Date: Wed, 05 Oct 2022 15:09:12 GMT
Server: Apache
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
googleads.g.doubleclick.net/pagead/viewthroughconversion/938675917/?random=1664982552300&cv=9&fst=1664982552300&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F4721227.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D4721227%3Btype%3Duidfq0%3Bcat%3Dspoti0%3Bord%3D5160187481151%3Bgtm%3DG1u%3Bu2%3Dundefined%3B~oref%3Dfile%253A%252F%252F%252FC%253A%252FAppServ%252Fwww%252FOVO%252520v2.7%252FSpotify%252FSubscription%252520and%252520payment%252520-%252520Spotify.html&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&rfmt=3&fmt=4
216.58.207.194200 OK 1.2 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/938675917/?random=1664982552300&cv=9&fst=1664982552300&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F4721227.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D4721227%3Btype%3Duidfq0%3Bcat%3Dspoti0%3Bord%3D5160187481151%3Bgtm%3DG1u%3Bu2%3Dundefined%3B~oref%3Dfile%253A%252F%252F%252FC%253A%252FAppServ%252Fwww%252FOVO%252520v2.7%252FSpotify%252FSubscription%252520and%252520payment%252520-%252520Spotify.html&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&rfmt=3&fmt=4
IP 216.58.207.194:0
File type ASCII text, with very long lines (2718), with no line terminators
Hash d70c122f14e554e4f83feb0e90523fd6
436377cb981170aeb10234bb691cd9984724bee2
c104d2bb4bdaa9145540104de67ef3106df157c008af106ff99525f744405c8a
GET /pagead/viewthroughconversion/938675917/?random=1664982552300&cv=9&fst=1664982552300&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F4721227.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D4721227%3Btype%3Duidfq0%3Bcat%3Dspoti0%3Bord%3D5160187481151%3Bgtm%3DG1u%3Bu2%3Dundefined%3B~oref%3Dfile%253A%252F%252F%252FC%253A%252FAppServ%252Fwww%252FOVO%252520v2.7%252FSpotify%252FSubscription%252520and%252520payment%252520-%252520Spotify.html&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 15:09:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1154
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 05-Oct-2022 15:24:12 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bat.bing.com/p/action/5489004.js
13.107.21.200204 No Content 0 B URL HTTP/2 bat.bing.com/p/action/5489004.js
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/5489004.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: private,max-age=1800
set-cookie: MUID=33A02D00ADD967C70FB73F34AC8E6661; domain=.bing.com; expires=Mon, 30-Oct-2023 15:09:12 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 65D1AEAEDDBB4548A1F8DD47309DEDC4 Ref B: OSL30EDGE0313 Ref C: 2022-10-05T15:09:12Z
date: Wed, 05 Oct 2022 15:09:11 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 84e9010310622f392dc53ecd26b72e9b
454a6f2c6c050f7ec5ede31bf5c891619e42a232
522a643360e59c591cbeb45058e81f9d8f54408f025067e717e03c03ed9839ff
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 15:09:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 40a4de06678d96242b71d5318f2fd4ef
546a7d1d92df81916f14155943427b5453ae3924
aed9af25ae57c181702a137d48cb00f5b30297180161451de3b628359dc9ec6f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 15:09:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/938675917/?random=1664982552300&cv=9&fst=1664982000000&num=1&guid=ON&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=2&url=https%3A%2F%2F4721227.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D4721227%3Btype%3Duidfq0%3Bcat%3Dspoti0%3Bord%3D5160187481151%3Bgtm%3DG1u%3Bu2%3Dundefined%3B~oref%3Dfile%253A%252F%252F%252FC%253A%252FAppServ%252Fwww%252FOVO%252520v2.7%252FSpotify%252FSubscription%252520and%252520payment%252520-%252520Spotify.html&ref=https%3A%2F%2Fadservice.google.com%2F&fmt=3&is_vtc=1&random=3424171023&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/938675917/?random=1664982552300&cv=9&fst=1664982000000&num=1&guid=ON&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=2&url=https%3A%2F%2F4721227.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D4721227%3Btype%3Duidfq0%3Bcat%3Dspoti0%3Bord%3D5160187481151%3Bgtm%3DG1u%3Bu2%3Dundefined%3B~oref%3Dfile%253A%252F%252F%252FC%253A%252FAppServ%252Fwww%252FOVO%252520v2.7%252FSpotify%252FSubscription%252520and%252520payment%252520-%252520Spotify.html&ref=https%3A%2F%2Fadservice.google.com%2F&fmt=3&is_vtc=1&random=3424171023&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/938675917/?random=1664982552300&cv=9&fst=1664982000000&num=1&guid=ON&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=2&url=https%3A%2F%2F4721227.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D4721227%3Btype%3Duidfq0%3Bcat%3Dspoti0%3Bord%3D5160187481151%3Bgtm%3DG1u%3Bu2%3Dundefined%3B~oref%3Dfile%253A%252F%252F%252FC%253A%252FAppServ%252Fwww%252FOVO%252520v2.7%252FSpotify%252FSubscription%252520and%252520payment%252520-%252520Spotify.html&ref=https%3A%2F%2Fadservice.google.com%2F&fmt=3&is_vtc=1&random=3424171023&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 15:09:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bat.bing.com/action/0?ti=5489004&Ver=2&mid=f91d45a1-7da9-40c7-b436-c3d6caee2989&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&p=https%3A%2F%2Fadservice.google.com%2F&r=<=2347&evt=pageLoad&ifm=1&sv=1&rn=64446
13.107.21.200204 No Content 0 B URL HTTP/2 bat.bing.com/action/0?ti=5489004&Ver=2&mid=f91d45a1-7da9-40c7-b436-c3d6caee2989&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&p=https%3A%2F%2Fadservice.google.com%2F&r=<=2347&evt=pageLoad&ifm=1&sv=1&rn=64446
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=5489004&Ver=2&mid=f91d45a1-7da9-40c7-b436-c3d6caee2989&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&p=https%3A%2F%2Fadservice.google.com%2F&r=<=2347&evt=pageLoad&ifm=1&sv=1&rn=64446 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=21E06219D96764A92D11702DD83065CC; domain=.bing.com; expires=Mon, 30-Oct-2023 15:09:12 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C6C8C46CE87B49D194ED56C2AFDCEE5E Ref B: OSL30EDGE0313 Ref C: 2022-10-05T15:09:12Z
date: Wed, 05 Oct 2022 15:09:11 GMT
X-Firefox-Spdy: h2
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/vv.gif
163.44.198.59404 Not Found 10 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/vv.gif
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4070)
Hash a836f3bc8049188685349182e7cfe5aa
8f9d60cfa8d9bec0612b5f80e09ad75d4e40b505
7b885b963f8938eedb4a2b6a9c6034d8f4c93a24524bc8e0adb24e5c36a2bc2c
GET /~cp785288/hlep/Login/vv.gif HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&ca11a78d20ee8d7a0c974d2b813ddb24&dispatch=b49f101badbb57ccca1d9cdafc5c001b7f835e89
Cookie: PHPSESSID=tb3konc5njludhki1e7gk8fnn3
HTTP/1.1 404 Not Found
Date: Wed, 05 Oct 2022 15:09:12 GMT
Server: Apache
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
www.google.com/pagead/1p-user-list/938675917/?random=1664982552300&cv=9&fst=1664982000000&num=1&guid=ON&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=2&url=https%3A%2F%2F4721227.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D4721227%3Btype%3Duidfq0%3Bcat%3Dspoti0%3Bord%3D5160187481151%3Bgtm%3DG1u%3Bu2%3Dundefined%3B~oref%3Dfile%253A%252F%252F%252FC%253A%252FAppServ%252Fwww%252FOVO%252520v2.7%252FSpotify%252FSubscription%252520and%252520payment%252520-%252520Spotify.html&ref=https%3A%2F%2Fadservice.google.com%2F&fmt=3&is_vtc=1&random=3424171023&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/938675917/?random=1664982552300&cv=9&fst=1664982000000&num=1&guid=ON&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=2&url=https%3A%2F%2F4721227.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D4721227%3Btype%3Duidfq0%3Bcat%3Dspoti0%3Bord%3D5160187481151%3Bgtm%3DG1u%3Bu2%3Dundefined%3B~oref%3Dfile%253A%252F%252F%252FC%253A%252FAppServ%252Fwww%252FOVO%252520v2.7%252FSpotify%252FSubscription%252520and%252520payment%252520-%252520Spotify.html&ref=https%3A%2F%2Fadservice.google.com%2F&fmt=3&is_vtc=1&random=3424171023&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/938675917/?random=1664982552300&cv=9&fst=1664982000000&num=1&guid=ON&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=2&url=https%3A%2F%2F4721227.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D4721227%3Btype%3Duidfq0%3Bcat%3Dspoti0%3Bord%3D5160187481151%3Bgtm%3DG1u%3Bu2%3Dundefined%3B~oref%3Dfile%253A%252F%252F%252FC%253A%252FAppServ%252Fwww%252FOVO%252520v2.7%252FSpotify%252FSubscription%252520and%252520payment%252520-%252520Spotify.html&ref=https%3A%2F%2Fadservice.google.com%2F&fmt=3&is_vtc=1&random=3424171023&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 05 Oct 2022 15:09:12 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3bc65ffbec7f4295cf1d9cc6bef4e3de
23459eda8229eaebd9c87c4443529f5e746178a4
e56db65b09e8073623e32be83f02b8b3cb436aaa06db8dd19657045e48eef0ad
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2394
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 15:09:12 GMT
Last-Modified: Wed, 05 Oct 2022 14:29:18 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/signals/config/1483047915331997?v=2.8.12&r=stable
31.13.72.12200 OK 54 kB URL HTTP/2 connect.facebook.net/signals/config/1483047915331997?v=2.8.12&r=stable
IP 31.13.72.12:0
File type ASCII text, with very long lines (64471)
Hash bce307d0ef67c7342ccfe268fe3312a1
d9dbb303356f665a85d2e603902c0b470fa3f6b5
124417fd77d49f29833acff339b8faab28590fd5807f1b5e837699064562cc81
GET /signals/config/1483047915331997?v=2.8.12&r=stable HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: 8Zk6AZKpyaHi2GVC1KfpGzgMYKcPD+Bboh5RjKcD5gNFyd00latCelsOxxDrdlal2dQFHZG2ELhwXy4aU9gL3w==
priority: u=3,i
content-length: 54020
x-fb-trip-id: 1904183273
date: Wed, 05 Oct 2022 15:09:12 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3bc65ffbec7f4295cf1d9cc6bef4e3de
23459eda8229eaebd9c87c4443529f5e746178a4
e56db65b09e8073623e32be83f02b8b3cb436aaa06db8dd19657045e48eef0ad
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2394
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 15:09:12 GMT
Last-Modified: Wed, 05 Oct 2022 14:29:18 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/download.ico
163.44.198.59200 OK 5.4 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/download.ico
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash ace4d8543bbb017893402a1e9d1ac1fa
70a0e66f27ae1b004628117d4d9e9b4110f91651
d2534e9fb333a6e277f1edf9b9843564e094027fb79979081e41fd778c339ae5
Analyzer Verdict Alert urlquery Phishing - Spotify
fortinet Phishing
GET /~cp785288/hlep/Login/files/download.ico HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&ca11a78d20ee8d7a0c974d2b813ddb24&dispatch=b49f101badbb57ccca1d9cdafc5c001b7f835e89
Cookie: PHPSESSID=tb3konc5njludhki1e7gk8fnn3
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 15:09:12 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "1536-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 5430
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/x-icon