ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9b4e6c72233070ef185ff980135e9555
2f14523a3f6f9532df3b872984fd23e156d2c465
5040e340e60b331b1569d52d66afcd5649a4121e2841d38cca0974e2a4c0af75
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4394
Cache-Control: max-age=166120
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 13:35:51 GMT
Etag: "6374bbf5-1d7"
Expires: Fri, 18 Nov 2022 11:44:31 GMT
Last-Modified: Wed, 16 Nov 2022 10:31:17 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 7786cd9bd97e024b3a1d16215defaad2
786ddbb74b0b6bd9270622dbe0258d6caee407c1
9c297ccfd178eec7e472fb64a6b2e34d4c7a6dec32870f49982353e590196ba0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9C297CCFD178EEC7E472FB64A6B2E34D4C7A6DEC32870F49982353E590196BA0"
Last-Modified: Mon, 14 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3715
Expires: Wed, 16 Nov 2022 14:37:46 GMT
Date: Wed, 16 Nov 2022 13:35:51 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 16 Nov 2022 12:44:33 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3078
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash c88bc06741ab9fb81c2544acfcc34aa2
362cab19cff5aba27f472cc00071d5dfa38192e4
314ba27975f458e13917b2be91c9d5989a3e57c9e94b5a84dd52d0e21d27ae7f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "314BA27975F458E13917B2BE91C9D5989A3E57C9E94B5A84DD52D0E21D27AE7F"
Last-Modified: Mon, 14 Nov 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2215
Expires: Wed, 16 Nov 2022 14:12:46 GMT
Date: Wed, 16 Nov 2022 13:35:51 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: L4ExLvSsrFslZx3OxuAoiviLnkfrJJw5TXePNiwGjv52+S0lS1pOF5eSYVb+9u4zJCn/lhiazMc=
x-amz-request-id: P1GQS1SZVCMANV1Q
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 16 Nov 2022 13:14:42 GMT
age: 1269
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 16 Nov 2022 13:35:51 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 67c14445da9df364e0fbcdf41390d0cb
2820c74807976b812e03e3972bd78175289cfcee
0bc38cb092c99c7071f0ade34c4f5a6c856030f6635c709d9b9637d8c1eb420c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0BC38CB092C99C7071F0ADE34C4F5A6C856030F6635C709D9B9637D8C1EB420C"
Last-Modified: Tue, 15 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6964
Expires: Wed, 16 Nov 2022 15:31:55 GMT
Date: Wed, 16 Nov 2022 13:35:51 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Cache-Control, Pragma, Last-Modified, ETag, Alert, Backoff, Content-Type, Retry-After, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 16 Nov 2022 13:25:01 GMT
cache-control: public,max-age=3600
age: 650
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 8345d8a2ca46c3b181a81d8626d0425f
5d9d088c5dca072bbc9ad23a15450e7af7829400
663b0e6c239177f35b5b48d4203ce95aabc0e5bab7911f5b1d9fb7624cac2e25
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1315
Cache-Control: max-age=157990
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 13:35:52 GMT
Etag: "6374a83b-1d7"
Expires: Fri, 18 Nov 2022 09:29:02 GMT
Last-Modified: Wed, 16 Nov 2022 09:07:07 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.191.251.76101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.191.251.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: BH3TgEbL7vSShRBwNvNTOw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: fIHU3ap0QffO+o7ib/4DN5Xufu0=
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1fa19aff1e1cd1bcb23807998ef85c43
a4c43d274ab7c17894153b771d5fe096e2142e96
e254f31055336f837930d3dbe663ff8b96129f069d67d4d8511f13f5620b5641
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3540
Cache-Control: max-age=86398
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 13:35:52 GMT
Etag: "637387e2-1d7"
Expires: Thu, 17 Nov 2022 13:35:50 GMT
Last-Modified: Tue, 15 Nov 2022 12:36:50 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash 44ecaa3c2a4929a40141edc4540aaf84
f29a573182333b2500d41bfc389d6c5232dfb348
6589fe14578dedd4df678a909afadd7e5bc7f57c7e3e24518a7f5faac7383396
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: C6yYPRZChwiXAvV0dSRUvEcKJ7SKx/C3UGbnZBH3BZnS9E5OoQ0LMTghMtTDkoEDQkXIl049/fj2xO9P+ZoXJw==
content-length: 27340
x-fb-trip-id: 1904183273
date: Wed, 16 Nov 2022 13:35:52 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash abdbaa56ac358c53c5dc3723c7671381
48c0e50792e786d83b35f0a36efb55f4c94c694d
6e9cb55f14b8219b7495ed4cd17bae3f0ca6127735ed01d3c1979601ffeb7b1c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 13:35:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
reurl.cc/javascripts/redirect.js
35.185.130.121200 OK 20 kB URL HTTP/2 reurl.cc/javascripts/redirect.js
IP 35.185.130.121:0
File type ASCII text, with very long lines (1325)
Hash 1bbfb09028e6988dfe66cdcf01df2a53
82fbabfff3d9c9def6d19b78866b89f1ffd1b27f
e758c43ef8bd2f19ced3d3e04f57e47eeaaaf367d23831a8f314bd97237282ae
GET /javascripts/redirect.js HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/lZebA6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Wed, 16 Nov 2022 13:35:52 GMT
content-type: application/javascript
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
vary: Accept-Encoding
etag: W/"63356adf-70"
expires: Thu, 16 Nov 2023 13:35:52 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1fa19aff1e1cd1bcb23807998ef85c43
a4c43d274ab7c17894153b771d5fe096e2142e96
e254f31055336f837930d3dbe663ff8b96129f069d67d4d8511f13f5620b5641
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3338
Cache-Control: max-age=86196
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 13:35:52 GMT
Etag: "637387e2-1d7"
Expires: Thu, 17 Nov 2022 13:32:28 GMT
Last-Modified: Tue, 15 Nov 2022 12:36:50 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash abdbaa56ac358c53c5dc3723c7671381
48c0e50792e786d83b35f0a36efb55f4c94c694d
6e9cb55f14b8219b7495ed4cd17bae3f0ca6127735ed01d3c1979601ffeb7b1c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 13:35:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j98&a=1065264775&t=pageview&_s=1&dl=https%3A%2F%2Freurl.cc%2FlZebA6&ul=en-us&de=UTF-8&dt=Sign%20in%20-%20chase.com&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=458794706&gjid=547410013&cid=1394692839.1668605752&tid=UA-102456694-1&_gid=120566579.1668605752&_r=1&_slc=1&z=339559962
142.250.74.174200 OK 4 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j98&a=1065264775&t=pageview&_s=1&dl=https%3A%2F%2Freurl.cc%2FlZebA6&ul=en-us&de=UTF-8&dt=Sign%20in%20-%20chase.com&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=458794706&gjid=547410013&cid=1394692839.1668605752&tid=UA-102456694-1&_gid=120566579.1668605752&_r=1&_slc=1&z=339559962
IP 142.250.74.174:0
File type ASCII text, with no line terminators
Hash 9e92e190700c1af4539b40c2171320a9
209bcdb79e6067b51091ce8586d4b977f25b67d8
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
POST /j/collect?v=1&_v=j98&a=1065264775&t=pageview&_s=1&dl=https%3A%2F%2Freurl.cc%2FlZebA6&ul=en-us&de=UTF-8&dt=Sign%20in%20-%20chase.com&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=458794706&gjid=547410013&cid=1394692839.1668605752&tid=UA-102456694-1&_gid=120566579.1668605752&_r=1&_slc=1&z=339559962 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://reurl.cc
date: Wed, 16 Nov 2022 13:35:52 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 39623b326b67cbbcb578546e96909d50
f216701217a568cf69af313d709527e3c6877d63
f81f4d5f0dd9bdf9c3d6e1c38cb8ff29c87ab7fd44c61fd2b11cb8e7448a0a7e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=130735
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 13:35:52 GMT
Etag: "637442e7-117"
Expires: Fri, 18 Nov 2022 01:54:47 GMT
Last-Modified: Wed, 16 Nov 2022 01:54:47 GMT
Server: nginx
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 74c07a15d0960c36c1d1160344b946da
9b0d25cc445c83d1eae53deb84a2a74b152af6d4
ba99f5ae2d779e578700195798bb71dd43f11195ef6a982e0eaac735e26b5a85
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 13:35:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-102456694-1&cid=1394692839.1668605752&jid=458794706&gjid=547410013&_gid=120566579.1668605752&_u=IEBAAEAAAAAAACAAI~&z=1555089416
142.251.1.155200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-102456694-1&cid=1394692839.1668605752&jid=458794706&gjid=547410013&_gid=120566579.1668605752&_u=IEBAAEAAAAAAACAAI~&z=1555089416
IP 142.251.1.155:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-102456694-1&cid=1394692839.1668605752&jid=458794706&gjid=547410013&_gid=120566579.1668605752&_u=IEBAAEAAAAAAACAAI~&z=1555089416 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://reurl.cc
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://reurl.cc
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 16 Nov 2022 13:35:52 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 74c07a15d0960c36c1d1160344b946da
9b0d25cc445c83d1eae53deb84a2a74b152af6d4
ba99f5ae2d779e578700195798bb71dd43f11195ef6a982e0eaac735e26b5a85
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 13:35:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3a9734f9f93c8158e73e4491e35f56bd
e57dc6ee66918ae45ce20c6dea942d2e786ff17c
171dfb208dfcaa849595e79c07f998833a5560ae06c736f9f4c45f445e121ada
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 13:35:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9d96ce61547f9d3184b571ec26c13f61
9607a743ed3f0c67ffd8aa22fdc76070c00b18fc
ce83e5b84417ac34b261442b70b71cec63124f57e8baa8acee68dc22c38763c7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 13:35:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-102456694-1&cid=1394692839.1668605752&jid=458794706&_u=IEBAAEAAAAAAACAAI~&z=1294970765
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-102456694-1&cid=1394692839.1668605752&jid=458794706&_u=IEBAAEAAAAAAACAAI~&z=1294970765
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-102456694-1&cid=1394692839.1668605752&jid=458794706&_u=IEBAAEAAAAAAACAAI~&z=1294970765 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 16 Nov 2022 13:35:52 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-102456694-1&cid=1394692839.1668605752&jid=458794706&_u=IEBAAEAAAAAAACAAI~&z=1294970765
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-102456694-1&cid=1394692839.1668605752&jid=458794706&_u=IEBAAEAAAAAAACAAI~&z=1294970765
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-102456694-1&cid=1394692839.1668605752&jid=458794706&_u=IEBAAEAAAAAAACAAI~&z=1294970765 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 16 Nov 2022 13:35:52 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3a9734f9f93c8158e73e4491e35f56bd
e57dc6ee66918ae45ce20c6dea942d2e786ff17c
171dfb208dfcaa849595e79c07f998833a5560ae06c736f9f4c45f445e121ada
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 13:35:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 1b43631817b375ad10d08b6fd9ff9249
ca2988f207b07f60e4204c701e127f84a69a5446
d61ac811e9c087f7fe5a9baeaf3065ac313c1e777f169cf91516ef4b83304f1f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 13:35:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.facebook.com/tr/?id=1675200226052423&ev=PageView&dl=https%3A%2F%2Freurl.cc%2FlZebA6&rl=&if=false&ts=1668605752291&sw=1280&sh=1024&v=2.9.89&r=stable&ec=0&o=28&fbp=fb.1.1668605752290.1803036244&it=1668605751918&coo=false&rqm=GET
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=1675200226052423&ev=PageView&dl=https%3A%2F%2Freurl.cc%2FlZebA6&rl=&if=false&ts=1668605752291&sw=1280&sh=1024&v=2.9.89&r=stable&ec=0&o=28&fbp=fb.1.1668605752290.1803036244&it=1668605751918&coo=false&rqm=GET
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=1675200226052423&ev=PageView&dl=https%3A%2F%2Freurl.cc%2FlZebA6&rl=&if=false&ts=1668605752291&sw=1280&sh=1024&v=2.9.89&r=stable&ec=0&o=28&fbp=fb.1.1668605752290.1803036244&it=1668605751918&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Wed, 16 Nov 2022 13:35:53 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 39623b326b67cbbcb578546e96909d50
f216701217a568cf69af313d709527e3c6877d63
f81f4d5f0dd9bdf9c3d6e1c38cb8ff29c87ab7fd44c61fd2b11cb8e7448a0a7e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=130734
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 13:35:53 GMT
Etag: "637442e7-117"
Expires: Fri, 18 Nov 2022 01:54:47 GMT
Last-Modified: Wed, 16 Nov 2022 01:54:47 GMT
Server: nginx
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 39623b326b67cbbcb578546e96909d50
f216701217a568cf69af313d709527e3c6877d63
f81f4d5f0dd9bdf9c3d6e1c38cb8ff29c87ab7fd44c61fd2b11cb8e7448a0a7e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: max-age=130735
Content-Type: application/ocsp-response
Date: Wed, 16 Nov 2022 13:35:53 GMT
Etag: "637442e7-117"
Expires: Fri, 18 Nov 2022 01:54:48 GMT
Last-Modified: Wed, 16 Nov 2022 01:54:47 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 9426341bb128c1b6ba16e64df78152b4
08859a30ed6dee233cde4d77f2a04f058991502b
209a0520d5fb1eeb6dfa7d2f4c334a7109cc885cf4be8605bfe5a8f52232306d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "209A0520D5FB1EEB6DFA7D2F4C334A7109CC885CF4BE8605BFE5A8F52232306D"
Last-Modified: Tue, 15 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17184
Expires: Wed, 16 Nov 2022 18:22:17 GMT
Date: Wed, 16 Nov 2022 13:35:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 9426341bb128c1b6ba16e64df78152b4
08859a30ed6dee233cde4d77f2a04f058991502b
209a0520d5fb1eeb6dfa7d2f4c334a7109cc885cf4be8605bfe5a8f52232306d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "209A0520D5FB1EEB6DFA7D2F4C334A7109CC885CF4BE8605BFE5A8F52232306D"
Last-Modified: Tue, 15 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17184
Expires: Wed, 16 Nov 2022 18:22:17 GMT
Date: Wed, 16 Nov 2022 13:35:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 9426341bb128c1b6ba16e64df78152b4
08859a30ed6dee233cde4d77f2a04f058991502b
209a0520d5fb1eeb6dfa7d2f4c334a7109cc885cf4be8605bfe5a8f52232306d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "209A0520D5FB1EEB6DFA7D2F4C334A7109CC885CF4BE8605BFE5A8F52232306D"
Last-Modified: Tue, 15 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17184
Expires: Wed, 16 Nov 2022 18:22:17 GMT
Date: Wed, 16 Nov 2022 13:35:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 9426341bb128c1b6ba16e64df78152b4
08859a30ed6dee233cde4d77f2a04f058991502b
209a0520d5fb1eeb6dfa7d2f4c334a7109cc885cf4be8605bfe5a8f52232306d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "209A0520D5FB1EEB6DFA7D2F4C334A7109CC885CF4BE8605BFE5A8F52232306D"
Last-Modified: Tue, 15 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17184
Expires: Wed, 16 Nov 2022 18:22:17 GMT
Date: Wed, 16 Nov 2022 13:35:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 9426341bb128c1b6ba16e64df78152b4
08859a30ed6dee233cde4d77f2a04f058991502b
209a0520d5fb1eeb6dfa7d2f4c334a7109cc885cf4be8605bfe5a8f52232306d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "209A0520D5FB1EEB6DFA7D2F4C334A7109CC885CF4BE8605BFE5A8F52232306D"
Last-Modified: Tue, 15 Nov 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17184
Expires: Wed, 16 Nov 2022 18:22:17 GMT
Date: Wed, 16 Nov 2022 13:35:53 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e399ef-c649-4728-84e9-6fea03ea9b5a.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e399ef-c649-4728-84e9-6fea03ea9b5a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ae0ab55e0e77a4265808a6689f25cbc3
187e6b340b43eb1aa0c724b749db7c20a486706a
3881e5ad44b9b2fae82510794af43d14e304ce624f26f66523f85d58fea063dc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18e399ef-c649-4728-84e9-6fea03ea9b5a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9625
x-amzn-requestid: 9bd72b4a-2ac0-423f-b0e2-73fd51e02e97
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bqYEBHTjIAMFvOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637406e6-57f5412d5eca6d640a0f590d;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 21:38:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: qWuPuzaXg4Cfowj2mJuTEUIH3UVCely6rXVpbiNGxIDgBAt38UOBxw==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Tue, 15 Nov 2022 21:54:50 GMT
etag: "187e6b340b43eb1aa0c724b749db7c20a486706a"
content-type: image/jpeg
age: 56463
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
reurl.cc/lZebA6
35.185.130.121200 OK 12 kB IP 35.185.130.121:0
Hash 719349fe62816e0c101eb599a6389e16
a15d817185fb4c5627e3ad2ea12f0c607c2fd3ec
ef22444fa2b0ef9fca117408cdfc4dbade900c0f39514c3dfa936a6a63e572aa
GET /lZebA6 HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Wed, 16 Nov 2022 13:35:52 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
target: https://careers.xenopsi.com/wp-content/uploads/auth/home
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3b00960f-2d08-4518-83c0-1d7f0f3c973c.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3b00960f-2d08-4518-83c0-1d7f0f3c973c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 53d2d9380ba28ed0656b54c22bc56766
757f8e6306effbab70d99757c5672564cfc9f623
6d6c41527ae28cdce016470ec1eb87e0ed384f3ef721838724f29845f3bd8dac
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3b00960f-2d08-4518-83c0-1d7f0f3c973c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8990
x-amzn-requestid: cb142f4b-787e-4b3c-9d75-72579105db60
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bqYFOHi8IAMFpDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637406ee-504a14105d2be58b1ce71c18;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 21:38:54 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: K-Js3sppuhzF03KF0M0wVw5GCSaq5VfHDbzU2DyEwjiARRDsccGYbQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 15 Nov 2022 21:54:54 GMT
etag: "757f8e6306effbab70d99757c5672564cfc9f623"
content-type: image/jpeg
age: 56459
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc50c38bf-fe3d-4eec-be11-1e782b0f0bbc.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc50c38bf-fe3d-4eec-be11-1e782b0f0bbc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash edd6a84f848a83f4d1990f92b4807def
bc2bb7815b062941d51fde65574851db55be37dc
4d015538adfa6c61a5dfca3cbb224ae91ccbe1d82212e997e22f895a77387bed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc50c38bf-fe3d-4eec-be11-1e782b0f0bbc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6629
x-amzn-requestid: ff03ae40-8d00-41ec-875f-b49b1b86151c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bqY6CG9IoAMF8rA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63740840-7fdaa40f3ca9246045270665;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 21:44:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Wn2txfVMcQZgjTT0ny5o_j87O-eidXenBmzitM6zJec0i40Bs1zgGQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 1949caaabae48a894fcd770a3e1384f6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 15 Nov 2022 22:05:26 GMT
age: 55827
etag: "bc2bb7815b062941d51fde65574851db55be37dc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a667acc-25d7-4d63-8fab-1711f6b4988c.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a667acc-25d7-4d63-8fab-1711f6b4988c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 98802857df59f8eacd9211811cc59ae6
87e277a627c1085cad5c6e38bdd5100aa0a9ecee
102e73f690a972da6d3ab609ffab5f29884185d85c4230a19ec74d74c7320cf1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a667acc-25d7-4d63-8fab-1711f6b4988c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8235
x-amzn-requestid: e8a91ec0-fa93-45b6-8dc8-a405c00242fb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bqY4_HANoAMFSvw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63740839-3ebbd38b0e3e774923ad019e;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 21:44:25 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: QoxGYkibw1jcAuQl98jD4TlKooUlL6ojdOVzQ7khiF0pMwY4_0IO9Q==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 15 Nov 2022 21:48:37 GMT
age: 56836
etag: "87e277a627c1085cad5c6e38bdd5100aa0a9ecee"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F520b9f3d-222d-4840-bd88-673cedf9b5fc.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F520b9f3d-222d-4840-bd88-673cedf9b5fc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a698bf97cc6c0c464ed1a2b2adb1c1d3
a3977e8cde4b6ad7ef2e75a477e71b7bbbec21f0
64d52d8983b2bf30b9b1f260b8d6534664024b8dfda0da273307ee510ed33aad
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F520b9f3d-222d-4840-bd88-673cedf9b5fc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4919
x-amzn-requestid: aae0d2da-e891-40a6-bd83-8942fc3ef0c0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bqYFFEnxoAMFdCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637406ed-6ff1cc593aa1c934659030db;Sampled=0
x-amzn-remapped-date: Tue, 15 Nov 2022 21:38:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: EoSIjUgouoxAtnpWMBPNTjLfmm_Anv7R5mYNdb5Ik9RrgxJg_nZ1rQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 b23fb37cd7fff033ab21e3284f558a28.cloudfront.net (CloudFront), 1.1 google
date: Tue, 15 Nov 2022 21:48:37 GMT
age: 56836
etag: "a3977e8cde4b6ad7ef2e75a477e71b7bbbec21f0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
careers.xenopsi.com/wp-content/uploads/auth/home/
104.21.12.58302 Found 0 B URL HTTP/1.1 careers.xenopsi.com/wp-content/uploads/auth/home/
IP 104.21.12.58:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/uploads/auth/home/ HTTP/1.1
Host: careers.xenopsi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Wed, 16 Nov 2022 13:35:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: 2uyztk=
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5kW9Mz19NJw1tt05UDH55ZXhJTUYhr2O8fO10Drik0KGZLEXyjDhlGGoUJMvCYz7lIBgbtPnfPTvKiwGkr2sbal65U4O71x472Bng6pCd%2F79Jmougr07o7ojT6nbBysKvz9Zj%2BVJ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76b09cc83e360b06-OSL
alt-svc: h2=":443"; ma=60
careers.xenopsi.com/wp-content/uploads/auth/home/2uyztk=
104.21.12.58301 Moved Permanently 357 B URL HTTP/1.1 careers.xenopsi.com/wp-content/uploads/auth/home/2uyztk=
IP 104.21.12.58:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 0111830e9b1215e24bdf5c46d8fed49f
be500387912793734b8a3e657ed6c983d0f82d14
ce1c63de0a53a0d28c60a17cabab1e2281e3da389c4ce03a7b6718fea02f5565
GET /wp-content/uploads/auth/home/2uyztk= HTTP/1.1
Host: careers.xenopsi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Wed, 16 Nov 2022 13:35:54 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://careers.xenopsi.com/wp-content/uploads/auth/home/2uyztk=/
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gal42v5%2BUIAorO9Ow3qEvHikCkfSpnw81dMgYEuRCoGpLfYWi%2F3Q7Mm%2BQrrFdMiutfwJ8pb0uLSvlKNwtTuCu4t2C3dD%2Ba8oebLhWF1xRVCz5kK0DZLKb75TWm42IrmFV3rt29Ra"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76b09cca183d0b06-OSL
alt-svc: h2=":443"; ma=60
careers.xenopsi.com/wp-content/uploads/auth/home/2uyztk=/
104.21.12.58200 OK 3.5 kB URL HTTP/1.1 careers.xenopsi.com/wp-content/uploads/auth/home/2uyztk=/
IP 104.21.12.58:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4892)
Hash 5a5a40bf19d69aa8a73917380a2b0084
d03d4a9f0d0c6997cccb3e002502332792eac816
8142d1519c0778b8374fd2689ab9a555ac47c55f1591c6537c39cea20d17d614
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/uploads/auth/home/2uyztk=/ HTTP/1.1
Host: careers.xenopsi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Wed, 16 Nov 2022 13:35:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=um2mmi2d098vur81uccgpbsom5; path=/
PHPSESSID=jman20cb95sgo64tn0rj6a2jn2; path=/
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bd%2FFa66YmkB6TeelJln8km1EJ2%2B1U5aPBrwafU5xjHzyBUr6R33n0lmbex%2F6kEYGVNJZGM2tDzMnhEyOA1dUWH5%2F2%2B14A30ecMN1h8fxXmqU21fIxDxoik0U2ZVNOJXnlHPULDir"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76b09ccb09fc0b06-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
careers.xenopsi.com/wp-content/uploads/auth/home/2uyztk=/css%20js/appConfig.js
104.21.12.58200 OK 3.0 kB URL HTTP/1.1 careers.xenopsi.com/wp-content/uploads/auth/home/2uyztk=/css%20js/appConfig.js
IP 104.21.12.58:0
File type ASCII text, with very long lines (11521)
Hash f077da0ab06730654d39a95a2bab3149
d9832876825d54de79499fd4ad6bde9d8d81be9a
c34d78efd4471c5a3456e3d71448ed994ef543d35d8f6daa0c419e65c1c4d24b
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/uploads/auth/home/2uyztk=/css%20js/appConfig.js HTTP/1.1
Host: careers.xenopsi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://careers.xenopsi.com/wp-content/uploads/auth/home/2uyztk=/
Cookie: PHPSESSID=jman20cb95sgo64tn0rj6a2jn2
HTTP/1.1 200 OK
Date: Wed, 16 Nov 2022 13:35:54 GMT
Content-Type: application/javascript
Content-Length: 2978
Connection: keep-alive
Last-Modified: Wed, 16 Nov 2022 13:35:53 GMT
ETag: W/"2d4c-5ed968d3a8cc5-gzip"
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VeIVz3UzcGjfK6fKrHSt4pbTDLsIZj73h71kLZDRp6eeloj5hrKzBC9lOG0%2FERrqyv8vdFNbaO%2FzSZa3KEZgjIhEA3FXzM8wyfrCt6AyJniW%2FoAYnezN6V0%2FNH9TyqRRKKuM0Lvc"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76b09ccc7c5b0b06-OSL
alt-svc: h2=":443"; ma=60
careers.xenopsi.com/wp-content/uploads/auth/home/2uyztk=/css%20js/ss.js
104.21.12.58404 Not Found 234 B URL HTTP/1.1 careers.xenopsi.com/wp-content/uploads/auth/home/2uyztk=/css%20js/ss.js
IP 104.21.12.58:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 60365d954942d1f59c7a81e85d492d1c
f632fce67de035c9f05f3e8a344da5d2e6f90f48
7986bb746ac9fa2db341ef9355a7a88842dda467ee1db2b5d7d20c30dc5cd727
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/uploads/auth/home/2uyztk=/css%20js/ss.js HTTP/1.1
Host: careers.xenopsi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://careers.xenopsi.com/wp-content/uploads/auth/home/2uyztk=/
Cookie: PHPSESSID=jman20cb95sgo64tn0rj6a2jn2
HTTP/1.1 404 Not Found
Date: Wed, 16 Nov 2022 13:35:54 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X8dyHZYVvKyyJC83TWeEPHJlqLQMwp8zbQ4qxYSQ%2B%2BYn8QY9QGh4ooQb6SgCQZp3dVIqK4kX0oDUhSm5p5tRfas1TqDKqt6o4oFy1Jwo2YBFrq2K%2B7YiuNkNnYPI68TXWx0OzaqT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76b09ccc797fb4f4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
careers.xenopsi.com/wp-content/uploads/auth/home/2uyztk=/css%20js/logon.css
104.21.12.58200 OK 13 kB URL HTTP/1.1 careers.xenopsi.com/wp-content/uploads/auth/home/2uyztk=/css%20js/logon.css
IP 104.21.12.58:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 0cc81d1245e3fe082bf7c7ed180d5cbd
87558c36acfad8082989b6905bb299ac00c64d4a
94bbb09f490787d7767f26cff37373cf30f75196c5de587735b0977056fe3155
GET /wp-content/uploads/auth/home/2uyztk=/css%20js/logon.css HTTP/1.1
Host: careers.xenopsi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://careers.xenopsi.com/wp-content/uploads/auth/home/2uyztk=/
Cookie: PHPSESSID=jman20cb95sgo64tn0rj6a2jn2
HTTP/1.1 200 OK
Date: Wed, 16 Nov 2022 13:35:54 GMT
Content-Type: text/css
Content-Length: 12868
Connection: keep-alive
Last-Modified: Wed, 16 Nov 2022 13:35:53 GMT
ETag: W/"149db-5ed968d3a8cc5-gzip"
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BjnC2DfIjw6DTfyeGhaFcJfFh8J8ccVvVGsQpU8QGkYwRZXY1x2Ovu8QMvfM%2BESm7qbM8xX8xUU66b%2F87M2bF8gcQdbVvcbgzH%2FYuM%2BH4vCBTcRMuHvy9DX3pYeepBnkneGfEHCQ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76b09ccc7a85b518-OSL
alt-svc: h2=":443"; ma=60
careers.xenopsi.com/wp-content/uploads/auth/home/2uyztk=/css%20js/blue-ui.css
104.21.12.58200 OK 38 kB URL HTTP/1.1 careers.xenopsi.com/wp-content/uploads/auth/home/2uyztk=/css%20js/blue-ui.css
IP 104.21.12.58:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 33a24cbfa4dc6a546619169a42171f4f
94d7eccbd716633beb2d46d32f6d64cc33257e78
4fb949c8e5dd81cf3906ffca3904f377fe2305ba99876e48e75094d05d32f84a
GET /wp-content/uploads/auth/home/2uyztk=/css%20js/blue-ui.css HTTP/1.1
Host: careers.xenopsi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://careers.xenopsi.com/wp-content/uploads/auth/home/2uyztk=/
Cookie: PHPSESSID=jman20cb95sgo64tn0rj6a2jn2
HTTP/1.1 200 OK
Date: Wed, 16 Nov 2022 13:35:54 GMT
Content-Type: text/css
Content-Length: 37579
Connection: keep-alive
Last-Modified: Wed, 16 Nov 2022 13:35:53 GMT
ETag: W/"40697-5ed968d3a8cc5-gzip"
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9NS6ef9CNS9a6nHgvQcWlCEJBfXfMmCOcQl66iwfYgOzbtjN45qCYX%2FbINcLdeTAbVVbwjCQhCoMfsTAwrL%2BjWQFVFCjQGa%2BRuVPqI4A2qdhkicgaIOXFBSTqLww%2BhrVO1NPFJb6"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76b09ccc78960b3d-OSL
alt-svc: h2=":443"; ma=60
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash f0c0be8f8a4f154487bf86cb98da9c84
55a87efadbb7bc9f00839c2c49f14a48ae4de84d
b267453627ae4eb44ac5cce65110f0fefd0bc019bb24fc7d9b4624c9ca913c1b
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "B267453627AE4EB44AC5CCE65110F0FEFD0BC019BB24FC7D9B4624C9CA913C1B"
Last-Modified: Wed, 16 Nov 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3257
Expires: Wed, 16 Nov 2022 14:30:11 GMT
Date: Wed, 16 Nov 2022 13:35:54 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash f0c0be8f8a4f154487bf86cb98da9c84
55a87efadbb7bc9f00839c2c49f14a48ae4de84d
b267453627ae4eb44ac5cce65110f0fefd0bc019bb24fc7d9b4624c9ca913c1b
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "B267453627AE4EB44AC5CCE65110F0FEFD0BC019BB24FC7D9B4624C9CA913C1B"
Last-Modified: Wed, 16 Nov 2022 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3257
Expires: Wed, 16 Nov 2022 14:30:11 GMT
Date: Wed, 16 Nov 2022 13:35:54 GMT
Connection: keep-alive
static.chasecdn.com/content/dam/cpo-static/fonts/opensans-regular.woff
23.72.139.66200 OK 25 kB URL HTTP/2 static.chasecdn.com/content/dam/cpo-static/fonts/opensans-regular.woff
IP 23.72.139.66:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format, TrueType, length 24876, version 1.0\012- data
Hash 4eeedb4bc24c1cae309e117eea3f102f
ad5a141ef39ad1ada22a464fcd3678fcf72ac22b
b8422277fc69c8e6ab51112dbf25048e40425cc497490fee251b56d7ef0ca179
GET /content/dam/cpo-static/fonts/opensans-regular.woff HTTP/1.1
Host: static.chasecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://careers.xenopsi.com
Connection: keep-alive
Referer: http://careers.xenopsi.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 09 Sep 2022 00:02:35 GMT
accept-ranges: bytes
strict-transport-security: max-age=31536000
access-control-allow-origin: *
cache-control: max-age=2592000,s-maxage=2592000
content-type: font/woff
content-length: 24876
date: Wed, 16 Nov 2022 13:35:54 GMT
X-Firefox-Spdy: h2
static.chasecdn.com/content/geo-images/images/background.desktop.day.1.jpeg
23.72.139.66200 OK 306 kB URL HTTP/2 static.chasecdn.com/content/geo-images/images/background.desktop.day.1.jpeg
IP 23.72.139.66:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1080, components 3\012- data
Size 306 kB (306152 bytes)
Hash ff4ccdb7a4428ead513943583665aa4e
07bec642d24ae6fbc965251e147992df17bb71f0
01978e63789284edde4bb064e7d3215fad57fb5b7ea373b031b5b97021868085
GET /content/geo-images/images/background.desktop.day.1.jpeg HTTP/1.1
Host: static.chasecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://careers.xenopsi.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Mon, 28 Sep 2020 21:37:24 GMT
accept-ranges: bytes
content-length: 306152
strict-transport-security: max-age=31536000
access-control-allow-origin: *
cache-control: max-age=2592000,s-maxage=2592000
content-type: image/jpeg
date: Wed, 16 Nov 2022 13:35:54 GMT
X-Firefox-Spdy: h2
careers.xenopsi.com/wp-content/uploads/auth/home/2uyztk=/css%20js/Capture.PNG
104.21.12.58200 OK 632 B URL HTTP/1.1 careers.xenopsi.com/wp-content/uploads/auth/home/2uyztk=/css%20js/Capture.PNG
IP 104.21.12.58:0
File type PNG image data, 178 x 21, 8-bit/color RGB, non-interlaced\012- data
Hash 1e3b6cdd75ef4cf2c013022f23958579
96b53f01b06123147b012d58a81546dadce77ad8
774da4f67a524dd237c2feeb02b64dece2e23fb3f8272f17e121ebf8e78ef174
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/uploads/auth/home/2uyztk=/css%20js/Capture.PNG HTTP/1.1
Host: careers.xenopsi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://careers.xenopsi.com/wp-content/uploads/auth/home/2uyztk=/
Cookie: PHPSESSID=jman20cb95sgo64tn0rj6a2jn2
HTTP/1.1 200 OK
Date: Wed, 16 Nov 2022 13:35:55 GMT
Content-Type: image/png
Content-Length: 632
Connection: keep-alive
Last-Modified: Wed, 16 Nov 2022 13:35:53 GMT
ETag: "278-5ed968d3a8cc5"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ESXLlm3Q%2BBueWiKuh33mwUb0%2BfZnlQ0F6mmxyUgKq2fZFv4qwF7P5z7gDYhXR1PU238HKHec46HJ4Lux2YN8sWhBV0WgNfJCuBfgOv6p%2FlO9iKwTnDLjYEuHWo3gS6vsfgE6O3Xx"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76b09ccf2c79b4f4-OSL
alt-svc: h2=":443"; ma=60
careers.xenopsi.com/wp-content/uploads/auth/home/img/wordmark-white.svg
104.21.12.58200 OK 639 B URL HTTP/1.1 careers.xenopsi.com/wp-content/uploads/auth/home/img/wordmark-white.svg
IP 104.21.12.58:0
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 8eeb5025f76da52d5eccf112958e4f87
819fc3f227bde4469047c4112eecfca46a3c63c9
a23f80faefc5074e01d0397733f6285210340bc911e3048d59a5e2fff0d9e80a
Analyzer Verdict Alert urlquery Phishing - Chase
fortinet Phishing
GET /wp-content/uploads/auth/home/img/wordmark-white.svg HTTP/1.1
Host: careers.xenopsi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://careers.xenopsi.com/wp-content/uploads/auth/home/2uyztk=/
Cookie: PHPSESSID=jman20cb95sgo64tn0rj6a2jn2
HTTP/1.1 200 OK
Date: Wed, 16 Nov 2022 13:35:55 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 21 Mar 2022 04:59:30 GMT
ETag: W/"581-5dab35c887080"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8XAGdN3a4UaWyBnVoQY21RGYWAOpn2LiIgzAml8frL0jgSqsBi5hfK%2Fr59di2MJ11nZnZNclpNFIB%2B5Gh%2BE4zrVTcAjKTX7cUO7uK5xx10E4jtnZ2tk3Tk%2FqxmSWA0hnoakEm2WE"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76b09ccf2d66b518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
careers.xenopsi.com/wp-content/uploads/auth/home/2uyztk=/css%20js/fonts/dcefont.woff
104.21.12.58404 Not Found 281 B URL HTTP/1.1 careers.xenopsi.com/wp-content/uploads/auth/home/2uyztk=/css%20js/fonts/dcefont.woff
IP 104.21.12.58:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash be391b6a460d5fe33503a6dd56b2db8a
3c33376c2909d3e5e52f6003264fccbf9f1c3a3c
ca6a09d2c798d84d57c94a0d6b0529446ba7812272e3271854ab96408b8e4411
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/uploads/auth/home/2uyztk=/css%20js/fonts/dcefont.woff HTTP/1.1
Host: careers.xenopsi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://careers.xenopsi.com/wp-content/uploads/auth/home/2uyztk=/css%20js/blue-ui.css
Cookie: PHPSESSID=jman20cb95sgo64tn0rj6a2jn2
HTTP/1.1 404 Not Found
Date: Wed, 16 Nov 2022 13:35:55 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lm9S%2FrPtiUgfbOY3SEG8GLARPGgvug1Dr2TZJ6or71BNl8cVg7Yu3w6JMxXfTeFlqmaTtbq7zfbFsJqwWYWNiceif0vkQNky4JFIVxMqo8u%2BgUdKfoWhqzEbg8VnTyh6auhqnXGk"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76b09ccf7bc60b3d-OSL
alt-svc: h2=":443"; ma=60
careers.xenopsi.com/wp-content/uploads/auth/home/2uyztk=/css%20js/fonts/dcefont.ttf
104.21.12.58404 Not Found 234 B URL HTTP/1.1 careers.xenopsi.com/wp-content/uploads/auth/home/2uyztk=/css%20js/fonts/dcefont.ttf
IP 104.21.12.58:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 60365d954942d1f59c7a81e85d492d1c
f632fce67de035c9f05f3e8a344da5d2e6f90f48
7986bb746ac9fa2db341ef9355a7a88842dda467ee1db2b5d7d20c30dc5cd727
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/uploads/auth/home/2uyztk=/css%20js/fonts/dcefont.ttf HTTP/1.1
Host: careers.xenopsi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://careers.xenopsi.com/wp-content/uploads/auth/home/2uyztk=/css%20js/blue-ui.css
Cookie: PHPSESSID=jman20cb95sgo64tn0rj6a2jn2
HTTP/1.1 404 Not Found
Date: Wed, 16 Nov 2022 13:35:56 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tj6dF4CHnoTKy77GkPc0MbP5DwMYzRx2nqTV4L%2BweDcl0yXT1QLACf9DXViZmuxo4bu%2FTlGbZ8DdG%2B60tdrR4Ld4gQIh8n9s2HG%2BWsxWfLkpnaYasmM24AcF%2FOijwN896%2F7KC8Lj"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76b09cd3290f0b3d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
careers.xenopsi.com/wp-content/uploads/auth/home/img/chasefavicon.ico
104.21.12.58200 OK 2.3 kB URL HTTP/1.1 careers.xenopsi.com/wp-content/uploads/auth/home/img/chasefavicon.ico
IP 104.21.12.58:0
File type MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash c3ef0d1a6cb37e845fd0be0c4e49d4e5
6a09c153dbf7ce2ba4e9f5a2fad9b58755c82f40
61f5844e5b004c97857533a044ce533f695c08664f175442d8be16aa19bc8e23
Analyzer Verdict Alert urlquery Phishing - Chase
fortinet Phishing
GET /wp-content/uploads/auth/home/img/chasefavicon.ico HTTP/1.1
Host: careers.xenopsi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://careers.xenopsi.com/wp-content/uploads/auth/home/2uyztk=/
Cookie: PHPSESSID=jman20cb95sgo64tn0rj6a2jn2
HTTP/1.1 200 OK
Date: Wed, 16 Nov 2022 13:35:56 GMT
Content-Type: image/vnd.microsoft.icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 28 Jan 2018 14:12:44 GMT
ETag: W/"7d26-563d6b9264f00"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LhM4zwXysWJPAFbtaOWnMCfVdjqhxsdsM3RTXVrbcQUqTInZHa%2FCx%2FqQd%2FTaTztd%2FowI188JPojwZkOLKUWqR5X3xuTcYTnIKCMIouIPSIAsM9PpSEJrUHq3BVHNOzYOTc85ubZ7"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76b09cd1a8c3b518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
careers.xenopsi.com/wp-content/uploads/auth/home
172.67.193.179301 Moved Permanently 0 B URL HTTP/2 careers.xenopsi.com/wp-content/uploads/auth/home
IP 172.67.193.179:0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/uploads/auth/home HTTP/1.1
Host: careers.xenopsi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Wed, 16 Nov 2022 13:35:53 GMT
content-type: text/html; charset=iso-8859-1
location: http://careers.xenopsi.com/wp-content/uploads/auth/home/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CrSUIrCyWsNbWQlRiWU0SumZypC225M7Sog4qPaWhZCTVipW%2FpHINay0VHzR%2FCqBIQgEqVULBH9sFjeUqaRM6FJctrfk6LT2NVS2wPv6rZLM91cqAzYUL15YERUfov3kMJv2Go4H"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76b09cc66925b50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
reurl.cc/javascripts/ga.js
35.185.130.121200 OK 0 B URL HTTP/2 reurl.cc/javascripts/ga.js
IP 35.185.130.121:0
GET /javascripts/ga.js HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/lZebA6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Wed, 16 Nov 2022 13:35:52 GMT
content-type: application/javascript
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
vary: Accept-Encoding
etag: W/"63356adf-170"
expires: Thu, 16 Nov 2023 13:35:52 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
reurl.cc/javascripts/pixel.js
35.185.130.121200 OK 0 B URL HTTP/2 reurl.cc/javascripts/pixel.js
IP 35.185.130.121:0
GET /javascripts/pixel.js HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/lZebA6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Wed, 16 Nov 2022 13:35:52 GMT
content-type: application/javascript
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
vary: Accept-Encoding
etag: W/"63356adf-1ad"
expires: Thu, 16 Nov 2023 13:35:52 GMT
cache-control: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
connect.facebook.net/signals/config/1675200226052423?v=2.9.89&r=stable
31.13.72.12200 OK 0 B URL HTTP/2 connect.facebook.net/signals/config/1675200226052423?v=2.9.89&r=stable
IP 31.13.72.12:0
GET /signals/config/1675200226052423?v=2.9.89&r=stable HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: tRR+3TSUT4yBguylISJyXCQnj7oxqCiipxp/v2sOl5k5tMgNc++a5zwk5kQ6Zk9deU5VepAuNE1asy5wfs/Kgw==
priority: u=3,i
x-fb-trip-id: 1904183273
date: Wed, 16 Nov 2022 13:35:53 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2