Report - ixware.biz/

Report Overview

Submitted URL

ixware.biz/
IP

103.224.212.221

ASN

#133618 Trellian Pty. Limited
Submitted

2022-10-24T22:45:56Z

Access
Website Title
Final URL
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

5

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
www.google.com (1)	7	2015-05-10T13:11:19Z	2023-03-10T10:45:20Z	359	55653	142.250.74.164
contile.services.mozilla.com (1)	1114	2021-05-27T20:32:35Z	2023-03-10T05:10:00Z	321	229	34.117.237.239
ww25.ixware.biz (7)	unknown	2022-10-15T01:45:09Z	2023-02-17T03:41:01Z	3043	29235	199.59.243.222
ocsp.digicert.com (1)	86	2012-05-21T09:02:23Z	2023-03-10T13:49:44Z	329	797	93.184.220.29
ocsp.pki.goog (11)	175	2018-07-01T08:43:07Z	2023-03-10T05:11:10Z	3641	7697	142.250.74.35
fonts.gstatic.com (2)	unknown	2014-09-09T02:40:21Z	2023-03-10T13:37:03Z	976	32940	216.58.207.195
fonts.googleapis.com (1)	8877	2013-06-10T22:14:26Z	2023-03-10T12:25:49Z	389	746	142.250.74.10
r3.o.lencr.org (6)	344	2020-12-02T09:52:13Z	2023-03-10T05:09:10Z	1956	5321	23.36.77.32
ixware.biz (1)	unknown	2021-08-19T17:59:40Z	2023-02-17T03:20:05Z	330	342	103.224.212.221
push.services.mozilla.com (1)	2140	2014-10-24T10:27:06Z	2023-03-10T05:10:02Z	594	127	52.41.252.32
img-getpocket.cdn.mozilla.net (6)	1631	2018-06-22T01:36:00Z	2023-03-10T05:10:04Z	3173	63171	34.120.237.76
firefox.settings.services.mozilla.com (2)	867	2020-06-04T22:08:41Z	2023-03-10T05:10:00Z	758	2777	143.204.55.27
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03T13:26:46Z	2023-03-10T05:12:35Z	401	5843	34.160.144.191
afs.googleusercontent.com (2)	12123	2013-05-06T21:11:00Z	2023-03-10T11:12:37Z	874	2424	142.250.74.33

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-10-24	medium	ixware.biz/	Malware
2022-10-24	medium	ww25.ixware.biz/?subid1=20221025-0945-453a-a002-b3b254b5eb41	Malware
2022-10-24	medium	ww25.ixware.biz/js/parking.2.99.1.js	Malware
2022-10-24	medium	ww25.ixware.biz/_fd?subid1=20221025-0945-453a-a002-b3b254b5eb41	Malware
2022-10-24	medium	ww25.ixware.biz/_tr	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (6)

Pretty

URL

ww25.ixware.biz/?subid1=20221025-0945-453a-a002-b3b254b5eb41
IP

199.59.243.222:0
ASN

#16509 AMAZON-02

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-03-10 14:32:55

Last Seen2023-03-10 14:32:55

Times Seen1
Hash

2d3e1a3a3b8b52d4ab1ac7c3ca41ca81

8608d86a475d06b4e63557f0f37ac71bddb19cfe

09c603fbfe87973792f48e8ff6d38ef10e4cf1895a6614a51cb7655ab1b28348

Pretty

URL

ww25.ixware.biz/js/parking.2.99.1.js
IP

199.59.243.222:0
ASN

#16509 AMAZON-02

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-03-10 12:34:19

Last Seen2023-03-10 16:47:29

Times Seen1
Hash

50daf5e1da10f33beb2adf679c703f38

dff90c7336d75701ac2646c70542c458b60527e2

a085178826286d51f3664758976d463443d34a4327de587c5d1110a763381875

Pretty

URL

www.google.com/adsense/domains/caf.js
IP

142.250.74.164:0
ASN

#15169 GOOGLE

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-03-10 11:57:52

Last Seen2023-03-10 14:50:40

Times Seen1
Hash

3af330f76e9f8b58da1c84e82fb3a7c3

a5f440ff952ca7e5e1eff5c65d307708bad6e39e

c3d854c933dda05d9e9dd2fdaadb37090698c83a4fcacc0708519f24d8315054

Pretty

URL

partner.googleadservices.com/gampad/cookie.js?domain=ww25.ixware.biz&client=dp-bodis30_3ph&product=SAS&callback=__sasCookie
IP

0.0.0.0:0
ASN

#0

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-03-10 14:32:55

Last Seen2023-03-10 14:32:55

Times Seen1
Hash

e17c61109f30be46ef440fb1784ed527

9d621f9091f522720a707bce3d8f2dc40d3e206d

894a2a32859a8f08e45297be796063a7b62467710e0ec8978f207c321320e741

Pretty

URL

www.google.com/afs/ads?adtest=off&psid=7049491253&pcsa=false&channel=pid-bodis-gcontrol56%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol322%2Cpid-bodis-gcontrol152%2Cpid-bodis-gcontrol491&client=dp-bodis30_3ph&r=m&hl=en&max_radlink_len=50&type=3&uiopt=false&swp=as-drid-2497786236455022&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17300953%2C17300956%2C17301094%2C17301097&format=r3&nocache=5341666651544780&num=0&output=afd_ads&domain_name=ww25.ixware.biz&v=3&bsl=8&pac=2&u_his=1&u_tz=0&dt=1666651544780&u_w=1280&u_h=1024&biw=1152&bih=836&psw=1136&psh=79&frm=0&cl=481684741&uio=-&cont=rs&jsid=caf&jsv=481684741&rurl=http%3A%2F%2Fww25.ixware.biz%2F%3Fsubid1%3D20221025-0945-453a-a002-b3b254b5eb41&adbw=master-1%3A1136
IP

0.0.0.0:0
ASN

#0

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-03-10 14:32:56

Last Seen2023-03-10 14:32:56

Times Seen1
Hash

cf2b8ee54bac1edbbea78d48ef59d4a7

49f847345e244096f42ce4ebe2c48e2fe393a110

12252c5c6b659a776fb7090bdd2b98fa8fd8384ed1e6fde9e628a962c26930a3

HTTP Transactions (43)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

143.204.55.27

200 OK

939

URL HTTP/1.1

firefox.settings.services.mozilla.com/v1/
IP

143.204.55.27:0
ASN

#16509 AMAZON-02

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

cd8d0809aa5948f2a6ee41d2158861af

098cd24ac587cdc70137af412678526de4d43969

88e6741d6bf076bf7132c7cf98456702cc775476095aafd839888edff52fb03e

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Backoff, Alert, Retry-After, Content-Length, Content-Type
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 24 Oct 2022 21:53:04 GMT
Expires: Mon, 24 Oct 2022 22:03:00 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Bp889nHrrJIg9YWVS6v4wCWLQ7zEj43vQTAieD6ggS2_kHBiG0R_9g==
Age: 3161

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

73c4166ca864f777db2cc1cd8658a7c2

c56b66b0b7c8516d4d5bfafe0c166711c78f3d25

310c633350812c064e159275b6dbbdba6d6a5991a54ccfcc23459320c6513572

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "310C633350812C064E159275B6DBBDBA6D6A5991A54CCFCC23459320C6513572"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10536
Expires: Tue, 25 Oct 2022 01:41:21 GMT
Date: Mon, 24 Oct 2022 22:45:45 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

cecd3b2e0cd07173ee1fb63b0a744119

774e0935fffd5bb39799c040098e32c3dc88702f

78c2c60f2d752f572f1711e23aa3f82d5e5bce1940064405f6f989886f6315df

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "78C2C60F2D752F572F1711E23AA3F82D5E5BCE1940064405F6F989886F6315DF"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2604
Expires: Mon, 24 Oct 2022 23:29:09 GMT
Date: Mon, 24 Oct 2022 22:45:45 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

67d5a988edcda47bc3b3b3f65d32b4b6

d4f0e0da8b3690cc7da925026d3414b68c7d954f

55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: zMDcSEUX9tND6naqRsniaJsFRXuFDngPY4VOXZy2B8km0nRMCyNRL79th00lJnXBgLR6zlpfg6I=
x-amz-request-id: GKF3WZ1ZC5T274DJ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 24 Oct 2022 22:38:33 GMT
age: 432
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

ixware.biz/

103.224.212.221

302 Found

URL HTTP/1.1

ixware.biz/
IP

103.224.212.221:0
ASN

#133618 Trellian Pty. Limited

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET / HTTP/1.1
Host: ixware.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 302 Found
Date: Mon, 24 Oct 2022 22:45:45 GMT
Server: Apache/2.4.38 (Debian)
Set-Cookie: __tad=1666651545.2808814; expires=Thu, 21-Oct-2032 22:45:45 GMT; Max-Age=315360000
Location: http://ww25.ixware.biz/?subid1=20221025-0945-453a-a002-b3b254b5eb41
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Mon, 24 Oct 2022 22:45:45 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ww25.ixware.biz/?subid1=20221025-0945-453a-a002-b3b254b5eb41

199.59.243.222

200 OK

1055

URL HTTP/1.1

ww25.ixware.biz/?subid1=20221025-0945-453a-a002-b3b254b5eb41
IP

199.59.243.222:0
ASN

#16509 AMAZON-02

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1515), with no line terminators

Size

1055
Hash

7ddadcf3884dabfeb0f8d6ad4a1b69c8

0f73da55d2c6e4d56e5defaf2c42c95e08be6ef0

dc7e7cf140d7fafc7baf6ac097c2b567829cbc44c1bf0e67d6bb9b239f29409e

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /?subid1=20221025-0945-453a-a002-b3b254b5eb41 HTTP/1.1
Host: ww25.ixware.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 200 OK
Server: openresty
Date: Mon, 24 Oct 2022 22:45:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: parking_session=10776552-3890-5537-3442-dfdc34be9563; expires=Mon, 24-Oct-2022 23:00:45 GMT; Max-Age=900; path=/; HttpOnly
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_BDmATaEJ9iOwL4SVONvh+G8CeQOvtWw0Hst5YKOrA3dqaqN2hgtEReCGYl9t+znT6HCJkA7j0h2W1wJKG3EtJA==
Accept-CH: sec-ch-prefers-color-scheme
Critical-CH: sec-ch-prefers-color-scheme
Vary: sec-ch-prefers-color-scheme
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.27

200 OK

329

URL HTTP/1.1

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

143.204.55.27:0
ASN

#16509 AMAZON-02

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Mon, 24 Oct 2022 22:33:32 GMT
Expires: Mon, 24 Oct 2022 22:58:55 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: YQJ6-JgQ7JAEoCET4Cvjdfb6Hcz9Hggf5O7E2-io4hjYk7k1mq2UVQ==
Age: 733

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

7c6fdc8e76ef5875b5c965ade2df503e

45d548aa2a9d7ede163743274790700878eaea62

d2ff6eacd48af4892a2642e5d7bb925ca683062139f5a5cb4047f6f706830618

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4358
Cache-Control: max-age=124418
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 22:45:45 GMT
Etag: "63564795-1d7"
Expires: Wed, 26 Oct 2022 09:19:23 GMT
Last-Modified: Mon, 24 Oct 2022 08:06:45 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

ww25.ixware.biz/js/parking.2.99.1.js

199.59.243.222

200 OK

22240

URL HTTP/1.1

ww25.ixware.biz/js/parking.2.99.1.js
IP

199.59.243.222:0
ASN

#16509 AMAZON-02

Magic

HTML document, ASCII text, with very long lines (65536), with no line terminators

Size

22240
Hash

e75e2c34902b6655ec1f2ae35df00b40

fdf1f6beaf3a106f06a7658c145055da61c1e8c1

e5602d7fe5b7ef8696041d580057da7627ba95990cfc812ad5b763109102da73

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /js/parking.2.99.1.js HTTP/1.1
Host: ww25.ixware.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww25.ixware.biz/?subid1=20221025-0945-453a-a002-b3b254b5eb41
Cookie: parking_session=10776552-3890-5537-3442-dfdc34be9563

                                        HTTP/1.1 200 OK
Server: openresty
Date: Mon, 24 Oct 2022 22:45:45 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Mon, 24 Oct 2022 18:55:08 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip

ww25.ixware.biz/_fd?subid1=20221025-0945-453a-a002-b3b254b5eb41

199.59.243.222

200 OK

2700

URL HTTP/1.1

ww25.ixware.biz/_fd?subid1=20221025-0945-453a-a002-b3b254b5eb41
IP

199.59.243.222:0
ASN

#16509 AMAZON-02

Magic

ASCII text, with very long lines (5381), with no line terminators

Size

2700
Hash

52edf2b93fdbd23a56384e537eaac1bc

52c4445249780acfcd5a20e72aee85e8b229a3da

7563688aa8551d56cf5dfde9ddca7f530121c74af450d731a12971177449c605

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        POST /_fd?subid1=20221025-0945-453a-a002-b3b254b5eb41 HTTP/1.1
Host: ww25.ixware.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww25.ixware.biz/?subid1=20221025-0945-453a-a002-b3b254b5eb41
Content-Type: application/json
Origin: http://ww25.ixware.biz
Connection: keep-alive
Cookie: parking_session=10776552-3890-5537-3442-dfdc34be9563
Content-Length: 0

                                        HTTP/1.1 200 OK
Server: openresty
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 24 Oct 2022 22:45:45 GMT
X-Version: 2.99.1
Set-Cookie: parking_session=10776552-3890-5537-3442-dfdc34be9563; expires=Mon, 24-Oct-2022 23:00:45 GMT; Max-Age=900; path=/; httponly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip

ww25.ixware.biz/px.gif?ch=1&rn=2.359125265827021

199.59.243.222

200 OK

URL HTTP/1.1

ww25.ixware.biz/px.gif?ch=1&rn=2.359125265827021
IP

199.59.243.222:0
ASN

#16509 AMAZON-02

Magic

GIF image data, version 89a, 1 x 1\012- data

Size

42
Hash

d89746888da2d9510b64a9f031eaecd5

d5fceb6532643d0d84ffe09c40c481ecdf59e15a

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

                                        GET /px.gif?ch=1&rn=2.359125265827021 HTTP/1.1
Host: ww25.ixware.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww25.ixware.biz/?subid1=20221025-0945-453a-a002-b3b254b5eb41
Cookie: parking_session=10776552-3890-5537-3442-dfdc34be9563

                                        HTTP/1.1 200 OK
Server: openresty
Date: Mon, 24 Oct 2022 22:45:46 GMT
Content-Type: image/gif
Content-Length: 42
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Accept-Ranges: bytes

ww25.ixware.biz/px.gif?ch=2&rn=2.359125265827021

199.59.243.222

200 OK

URL HTTP/1.1

ww25.ixware.biz/px.gif?ch=2&rn=2.359125265827021
IP

199.59.243.222:0
ASN

#16509 AMAZON-02

Magic

GIF image data, version 89a, 1 x 1\012- data

Size

42
Hash

d89746888da2d9510b64a9f031eaecd5

d5fceb6532643d0d84ffe09c40c481ecdf59e15a

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

                                        GET /px.gif?ch=2&rn=2.359125265827021 HTTP/1.1
Host: ww25.ixware.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww25.ixware.biz/?subid1=20221025-0945-453a-a002-b3b254b5eb41
Cookie: parking_session=10776552-3890-5537-3442-dfdc34be9563

                                        HTTP/1.1 200 OK
Server: openresty
Date: Mon, 24 Oct 2022 22:45:46 GMT
Content-Type: image/gif
Content-Length: 42
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

c560beed39cecb5417cb24d408e854bd

8128cbbdbb9357227cff89cf4a0825d62e1821cd

a116fd57470c119c471df4fa54525043cddf2cd4d1c91eaf450155a2293d26f8

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 22:45:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

push.services.mozilla.com/

52.41.252.32

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

52.41.252.32:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: y7tMAiyGiWe/tcgf7FwW/Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: snCFGjCHX137NJ05Z4AVXWbaDt0=

ww25.ixware.biz/favicon.ico

199.59.243.222

200 OK

URL HTTP/1.1

ww25.ixware.biz/favicon.ico
IP

199.59.243.222:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /favicon.ico HTTP/1.1
Host: ww25.ixware.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww25.ixware.biz/?subid1=20221025-0945-453a-a002-b3b254b5eb41
Cookie: parking_session=10776552-3890-5537-3442-dfdc34be9563

                                        HTTP/1.1 200 OK
Server: openresty
Date: Mon, 24 Oct 2022 22:45:46 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
ETag: "61424bb6-0"
x-backend-server: ip-10-201-16-22.ec2.internal
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

4fe08d6ffc931438b886eb80f073ad2e

dae5e9eb8bd9053329d24a55b8017c8162cb21d2

49a26dbac4208540e0d361219db57bea3922a33b0fd692212fec7a61727d387c

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 22:45:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

afe612730e70afff2504f8e9ce4dadea

a62af125a0b32c9bd4c415e902dfb650dba273ee

fc3424c011e26f3431130b282aac3ecb142774dda00593e2bf1e29b133436ebd

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 22:45:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/adsense/domains/caf.js

142.250.74.164

200 OK

54752

URL HTTP/2

www.google.com/adsense/domains/caf.js
IP

142.250.74.164:0
ASN

#15169 GOOGLE

Magic

ASCII text, with very long lines (1885)

Size

54752
Hash

7f2829a5b320f5e72dd87ab5d9495e66

66ac41b67de82cd86131f2bd03c6e97f630efb02

b591d56731db45b9ff06aadef3836a2abab40b56bba95f6146e6885bf67c4493

HTTP Headers

                                        GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww25.ixware.biz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Mon, 24 Oct 2022 22:45:46 GMT
expires: Mon, 24 Oct 2022 22:45:46 GMT
cache-control: private, max-age=3600
etag: "10014152689509628694"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

afe612730e70afff2504f8e9ce4dadea

a62af125a0b32c9bd4c415e902dfb650dba273ee

fc3424c011e26f3431130b282aac3ecb142774dda00593e2bf1e29b133436ebd

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 22:45:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

d114ab00b1cfe7f9b4f56c7b3655b55d

641e580d6148329b0c9eb2d49f5f8a30c08f30e9

e5420e919b2c05c148179c7d85a210941be6862b1f65ccfafcfc38d960bf38d7

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 22:45:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

d114ab00b1cfe7f9b4f56c7b3655b55d

641e580d6148329b0c9eb2d49f5f8a30c08f30e9

e5420e919b2c05c148179c7d85a210941be6862b1f65ccfafcfc38d960bf38d7

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 22:45:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

68bd833d6e834b8d876d653751246cf8

fddb68b479878afe5f0e557fd7772b299394129a

c40f3028befadba8b9d60c18e2c9fc83016348759f3fb06817972ab71ccd27e3

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 22:45:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

68bd833d6e834b8d876d653751246cf8

fddb68b479878afe5f0e557fd7772b299394129a

c40f3028befadba8b9d60c18e2c9fc83016348759f3fb06817972ab71ccd27e3

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 22:45:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%2302198b

142.250.74.33

200 OK

272

URL HTTP/2

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%2302198b
IP

142.250.74.33:0
ASN

#15169 GOOGLE

Magic

SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (390)

Size

272
Hash

ab1acb76dd408583614a7a6cedf41866

e2d2d7074479023d37474ab62755b658d22d4ab1

8622edbe2503910e3cbeecef073a09e662fd2507436c3aabf885d155afd96565

HTTP Headers

                                        GET /ad_icons/standard/publisher_icon_image/search.svg?c=%2302198b HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 272
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Mon, 24 Oct 2022 11:25:05 GMT
expires: Tue, 25 Oct 2022 10:25:05 GMT
cache-control: public, max-age=82800
age: 40841
last-modified: Thu, 19 Dec 2019 14:15:00 GMT
content-type: image/svg+xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff

142.250.74.33

200 OK

278

URL HTTP/2

afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff
IP

142.250.74.33:0
ASN

#15169 GOOGLE

Magic

SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (306)

Size

278
Hash

bb7fc36f627255dd4783f849dca0932e

80e89ef8f3c2c8ee982523757fce214ea7323a69

735f48c2876099e6a731c65fc46ec1ec133c316e0997d04eb0ee246741bee647

HTTP Headers

                                        GET /ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 278
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Mon, 24 Oct 2022 09:48:56 GMT
expires: Tue, 25 Oct 2022 08:48:56 GMT
cache-control: public, max-age=82800
age: 46610
last-modified: Tue, 09 Feb 2021 14:15:00 GMT
content-type: image/svg+xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

eb9238eaa63063c98563a1961fbbfefa

9b23eea87129d9516b8e7527cce7b8b1efcfa1fe

ff87d571f813dd558347df32a52e27ebb6c66968a6d2e584e6b6467944ef40fb

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 22:45:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/michroma/v16/PN_zRfy9qWD8fEagAPg9pTk.woff2

216.58.207.195

200 OK

17156

URL HTTP/2

fonts.gstatic.com/s/michroma/v16/PN_zRfy9qWD8fEagAPg9pTk.woff2
IP

216.58.207.195:0
ASN

#15169 GOOGLE

Magic

Web Open Font Format (Version 2), TrueType, length 17156, version 1.0\012- data

Size

17156
Hash

402cbe860d64ae2e13145e34cbc7889c

7af4691dc306b7583365b9ff2ead0c1f6db017c5

da748253b458c5fc9c9a5e3c108b1cda280f52df4008702b9cea695ec23332aa

HTTP Headers

                                        GET /s/michroma/v16/PN_zRfy9qWD8fEagAPg9pTk.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17156
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 20 Oct 2022 17:25:35 GMT
expires: Fri, 20 Oct 2023 17:25:35 GMT
cache-control: public, max-age=31536000
age: 364811
last-modified: Tue, 26 Apr 2022 14:38:29 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

68bd833d6e834b8d876d653751246cf8

fddb68b479878afe5f0e557fd7772b299394129a

c40f3028befadba8b9d60c18e2c9fc83016348759f3fb06817972ab71ccd27e3

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 22:45:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

eb9238eaa63063c98563a1961fbbfefa

9b23eea87129d9516b8e7527cce7b8b1efcfa1fe

ff87d571f813dd558347df32a52e27ebb6c66968a6d2e584e6b6467944ef40fb

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 22:45:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/quicksand/v30/6xK-dSZaM9iE8KbpRA_LJ3z8mH9BOJvgkP8o58a-wg.woff2

216.58.207.195

200 OK

13888

URL HTTP/2

fonts.gstatic.com/s/quicksand/v30/6xK-dSZaM9iE8KbpRA_LJ3z8mH9BOJvgkP8o58a-wg.woff2
IP

216.58.207.195:0
ASN

#15169 GOOGLE

Magic

Web Open Font Format (Version 2), TrueType, length 13888, version 1.0\012- data

Size

13888
Hash

099548fac114f5f6498c5c75b943581d

7505fcaf9f4fe36634352b322a9f5fed1256a9f6

e36165510050fc4ef1d87cc430dd4d1d0f6a705c5f4aa7b3a97493921884bb05

HTTP Headers

                                        GET /s/quicksand/v30/6xK-dSZaM9iE8KbpRA_LJ3z8mH9BOJvgkP8o58a-wg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ww25.ixware.biz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13888
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 24 Oct 2022 21:55:36 GMT
expires: Tue, 24 Oct 2023 21:55:36 GMT
cache-control: public, max-age=31536000
age: 3010
last-modified: Mon, 18 Jul 2022 19:12:09 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ww25.ixware.biz/_tr

199.59.243.222

200 OK

URL HTTP/1.1

ww25.ixware.biz/_tr
IP

199.59.243.222:0
ASN

#16509 AMAZON-02

Magic

ASCII text, with no line terminators

Size

22
Hash

5cfde9b47de2d84bd26fc473632647c0

fd53c70631b6068328be57daec71bd94bf004d41

47fd05ef74fef5da03fa22483e63fc977cad8e026ae41dadbbcc3745907f306b

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        POST /_tr HTTP/1.1
Host: ww25.ixware.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww25.ixware.biz/?subid1=20221025-0945-453a-a002-b3b254b5eb41
Content-Type: application/json
Origin: http://ww25.ixware.biz
Content-Length: 2165
Connection: keep-alive
Cookie: parking_session=10776552-3890-5537-3442-dfdc34be9563; __gsas=ID=a3485e40a1efc15d:T=1666651546:S=ALNI_MaoXXphe5RS2Tk0fbB4up-R189XnQ

                                        HTTP/1.1 200 OK
Server: openresty
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Mon, 24 Oct 2022 22:45:46 GMT
X-Version: 2.99.1
Set-Cookie: parking_session=10776552-3890-5537-3442-dfdc34be9563; expires=Mon, 24-Oct-2022 23:00:46 GMT; Max-Age=900; path=/; httponly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

398e3c90084d7d71fc1e9fd833116f5f

3e202da5559a8f219144adee3639d063a98559c0

724547db3ed9f1779308e9dd6604664e6ffa3580ca076fbdc1dfb1b75591bba4

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14972
Expires: Tue, 25 Oct 2022 02:55:19 GMT
Date: Mon, 24 Oct 2022 22:45:47 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

398e3c90084d7d71fc1e9fd833116f5f

3e202da5559a8f219144adee3639d063a98559c0

724547db3ed9f1779308e9dd6604664e6ffa3580ca076fbdc1dfb1b75591bba4

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14972
Expires: Tue, 25 Oct 2022 02:55:19 GMT
Date: Mon, 24 Oct 2022 22:45:47 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

398e3c90084d7d71fc1e9fd833116f5f

3e202da5559a8f219144adee3639d063a98559c0

724547db3ed9f1779308e9dd6604664e6ffa3580ca076fbdc1dfb1b75591bba4

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14972
Expires: Tue, 25 Oct 2022 02:55:19 GMT
Date: Mon, 24 Oct 2022 22:45:47 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

398e3c90084d7d71fc1e9fd833116f5f

3e202da5559a8f219144adee3639d063a98559c0

724547db3ed9f1779308e9dd6604664e6ffa3580ca076fbdc1dfb1b75591bba4

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14972
Expires: Tue, 25 Oct 2022 02:55:19 GMT
Date: Mon, 24 Oct 2022 22:45:47 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Facb7f3ea-1b51-4cac-a5ab-7201a12df641.jpeg

34.120.237.76

200 OK

8735

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Facb7f3ea-1b51-4cac-a5ab-7201a12df641.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

8735
Hash

8502c90bf679dce29b1c2a87606bbb3e

7940c911dea3882ab8a7ff70240f4edc1b89a56d

ccc5ab3068b7f90276124148a812eb26951a95d7c146bdcf28a69a3d05f76ee2

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Facb7f3ea-1b51-4cac-a5ab-7201a12df641.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 8735
x-amzn-requestid: 51dfaabc-ee88-465f-8da7-fd6739cf7794
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aZSHjHeLIAMF8mQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635396fc-1e4ad2d647a7f07a094574be;Sampled=0
x-amzn-remapped-date: Sat, 22 Oct 2022 07:08:44 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: dgxcF8hXUOo_WqQwpd0yctMNPuB-IfmSRxD1_TRG7zuV3b5EbpVIig==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 07:48:43 GMT
age: 53824
etag: "7940c911dea3882ab8a7ff70240f4edc1b89a56d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9209

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5d616770-e793-4da0-8ebe-826e806ececd.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

9209
Hash

89448f1a52030b28e9ecfcdc190787d4

5080ba75c230fd2b303f29a9b64868c6e8771df8

10a736997d441e274a54e9689c349d407087fef7aa7c0f4d0a7a603e446fdabd

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5d616770-e793-4da0-8ebe-826e806ececd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 9209
x-amzn-requestid: 94dad7b4-9c12-4bda-9202-3b7427185182
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aLiElGzEIAMFnOg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634e16e9-3c79cd392d5bc4312a730cda;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 03:00:57 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: c5_B2RXKJx7FHrQvHdCG50zcDFWUqaaZu0GYuCxEI8fpK019dSlD3Q==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 13:16:16 GMT
age: 34171
etag: "5080ba75c230fd2b303f29a9b64868c6e8771df8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7977

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf8cfe72-ca76-42ae-a95f-b33a2edb91b3.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

7977
Hash

80bab61eeda285e378b86b3efc4f87f9

5c690531e195332c04092ce22e7bdcecccc3c9d5

0c4dec046835501b598b5165acd592c3baeb2d6e21b6ac5fd549e790a802cd02

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf8cfe72-ca76-42ae-a95f-b33a2edb91b3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 7977
x-amzn-requestid: 3e217877-33a2-4efc-a21f-b75764a8ced9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ah3FWGRooAMFagw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63570555-2bc77cb653ef022b4aab7f71;Sampled=0
x-amzn-remapped-date: Mon, 24 Oct 2022 21:36:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: CWRIYnB8Zcc-9L-EdFq_ahTPlv8AMqnBGlZmRTN-0BsZIUWF3eUOfg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 21:37:08 GMT
age: 4119
etag: "5c690531e195332c04092ce22e7bdcecccc3c9d5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7361

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f505e74-07f3-4154-bfa4-5dfc184b8262.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

7361
Hash

01dacddfb62128799a20e0541bf5a18c

1bb8047c270b76c9dfcd8dba4a63b25c7604f03d

65f5c51b84ff7a131a3a695142ae9d82a73a516792abdd2d137714a1a3cf3bb5

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f505e74-07f3-4154-bfa4-5dfc184b8262.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 7361
x-amzn-requestid: 33e339c8-c7e8-439d-a593-d7e19bd3b3eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aYvRkGGIIAMFdYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63535f3d-7cbcf593571aa2df6a97f077;Sampled=0
x-amzn-remapped-date: Sat, 22 Oct 2022 03:10:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 0iPBD-KhZZI_L24QKVStukb8MwWC7Q2AzSOfwnV--BxOreqD4e9Kfw==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 05:43:46 GMT
age: 61321
etag: "1bb8047c270b76c9dfcd8dba4a63b25c7604f03d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11916

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ac739ea-5d5d-4900-8e3f-c815c25f5c8d.png
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

11916
Hash

1f22a424f72f369a3511d6af25d67a82

e9aabd2daee2d2e6265a69e309542c5b5983d1f2

600f1a4989fe65b14cfe5234c8bc723834d53543026c13eaf8217b22d3a3a9a9

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9ac739ea-5d5d-4900-8e3f-c815c25f5c8d.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 11916
x-amzn-requestid: 319eaac6-dfda-4a48-ae9a-612650705bd6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: afdKuHK6IAMFnXA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63560f11-61545bf1110795c0299b85f4;Sampled=0
x-amzn-remapped-date: Mon, 24 Oct 2022 04:05:37 GMT
x-amz-cf-pop: SFO53-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: wrxksbQXK96TvYk2rEf5biIaLtjbB1ia0FpYxnd908Dd_MkKQSRCtQ==
via: 1.1 0da7848263e39308b12bac6a925793b0.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 15:02:35 GMT
etag: "e9aabd2daee2d2e6265a69e309542c5b5983d1f2"
content-type: image/jpeg
age: 27792
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11622

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33fda234-9118-4b4b-86d9-02c36810eda5.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

11622
Hash

b949df0edd9d64aa962e3bf4b267889e

3ef04f8c638dddf8bb8b70aae74770892307c814

e6c42bdd84bc9661c25a201599c29257b843d86d638ec479e7b5fa7bf81bc961

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33fda234-9118-4b4b-86d9-02c36810eda5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 11622
x-amzn-requestid: 2d6c3eb8-6a67-40bb-b970-a92caf783a4f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aYPSZFWpoAMFU1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63532c0f-14a2cd9f68bda5a01a765a2d;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 23:32:31 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: _AwDcPb8X7mPlOseeJZxw4kaQsR4d_HDyqEUM7I4RfurX2iDap87YA==
via: 1.1 7514e5e25722778fd4b1744d4ecc67e0.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 03:36:20 GMT
age: 68967
etag: "3ef04f8c638dddf8bb8b70aae74770892307c814"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Michroma&display=swap

142.250.74.10

200 OK

URL HTTP/2

fonts.googleapis.com/css?family=Michroma&display=swap
IP

142.250.74.10:0
ASN

#15169 GOOGLE

Magic

Size

0
Hash

HTTP Headers

                                        GET /css?family=Michroma&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 24 Oct 2022 22:45:46 GMT
date: Mon, 24 Oct 2022 22:45:46 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (6)

#1 JS:Script (size: 893)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#2 JS:Script (size: 69189)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#3 JS:Script (size: 149656)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#4 JS:Script (size: 187)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#5 JS:Script (size: 5352)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#1 JS:Eval (size: 793)

Observations

Hash

HTTP Transactions (43)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic