Report - www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/

Report Overview

Submitted URL
www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/
IP
162.241.194.161
ASN
#46606 UNIFIEDLAYER-AS-1
Submitted
2022-09-24 20:23:18
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
20

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	13.224.132.44
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	987 B	2.1 kB	93.184.220.29
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	662 B	1.4 kB	142.250.74.3
clickforcontent.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	542 B	18 kB	162.241.194.161
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	810 B	570 B	142.250.74.174
sb.resonabank.co.jp	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	3.7 kB	23.36.79.33
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	13.224.132.7
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	54.70.239.215
www.resonacard.co.jp	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	384 B	813 B	138.113.139.233
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.3 kB	6.2 kB	23.36.76.226
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
www.clickforcontent.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	11 kB	285 kB	162.241.194.161
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	50 kB	34.120.237.76
static.karte.io	67834	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	362 B	499 B	18.165.122.39

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-09-24	medium	www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/	Resona Card Co.

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-24	medium	www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/	Malware
2022-09-24	medium	www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/custom_4e588d08afda9814698a46572afbf27c.js	Malware
2022-09-24	medium	www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/SResonaCommon.js	Malware
2022-09-24	medium	www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/analytics.js	Malware
2022-09-24	medium	www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/empt.htm	Malware
2022-09-24	medium	www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/tracker.js	Malware
2022-09-24	medium	www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/js	Malware
2022-09-24	medium	www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/empt_data/build.js	Malware
2022-09-24	medium	www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/gtm.js	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (16)

	URL	Size	First Seen	Last Seen
	www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/	337 B	2023-03-07	2023-03-14
Pretty URL www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/ IP 162.241.194.161 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:46:32 Last Seen2023-03-14 02:51:36 Times Seen1 Hash adaba0d67d1501d974250d6fbafb7818 4cb317ed19683464c86e6413b00f3a1718049797 cbb41bcd33c797783648ea2bdc6830154da5cac00113e0e16cd665abf214613a Loading...

	www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/	454 B	2023-03-07	2023-03-14
Pretty URL www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/ IP 162.241.194.161 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:46:32 Last Seen2023-03-14 02:51:36 Times Seen1 Hash 4deab01ecc6cc355d26591f67a62951a 67322566c0c8ee8009e7e2b8e4adcb94d5e9a2e5 469cef02ff9750d0a96140aad7fe3a6a30df17cc933ce268b5b3317de7fb8cd4 Loading...

	www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/	88 B	2023-03-07	2023-03-14
Pretty URL www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/ IP 162.241.194.161 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:46:32 Last Seen2023-03-14 02:51:36 Times Seen1 Hash 2f6f20b6d02152fcfd3f400549fb0e7a c91e2c99d42050c46b4ab746b9beae0f65860866 0ccf0e1b836dec968fa3de97ec374aceef7cc66e186fbdcfb527429a6fd46e05 Loading...

	www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/	929 B	2023-03-07	2024-02-17
Pretty URL www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/ IP 162.241.194.161 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:46:32 Last Seen2024-02-17 06:47:28 Times Seen7 Hash 5c024e4dcac97f3639c61ef750854f2a 524bbd5f1d3ecbe4d6cc6469858b7b77447dcd3b c26b20d8b5c7edd95f28ae0b72d76f34301462993196fbbcf973af648218e7c6 Loading...

	static.karte.io/libs/tracker.js	314 kB	2023-03-07	2023-03-13
Pretty URL static.karte.io/libs/tracker.js IP 18.165.122.39 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:00 Last Seen2023-03-13 21:32:31 Times Seen1 Hash fc69b59d6a74cacc75e414b21d0c341b c26db25a9434d069d80b39d46872118456d5fcee 5dd6053b7b4515542e69009f0217adc815324f361537510bb09768861d16ef64 Loading...

	unknown	0 B	2023-03-07	2024-04-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-27 06:46:36 Times Seen37113120 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/empt_data/build.js	105 kB	2023-03-07	2023-12-25
Pretty URL www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/empt_data/build.js IP 162.241.194.161 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:46:32 Last Seen2023-12-25 06:51:26 Times Seen44 Hash 8f7b03c4597c463a5b72ff25b9a5d7a2 deec535ab3683ae22ecbb3b40dc25e5204145072 7b5538ffa3c5d4e18bdafe5af55bb39242b2d72c3b9d8ef687974c418b42c56b Loading...

	www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/custom_4e588d08afda9814698a46572afbf27c.js	6.8 kB	2023-03-07	2023-03-14
Pretty URL www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/custom_4e588d08afda9814698a46572afbf27c.js IP 162.241.194.161 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:46:32 Last Seen2023-03-14 02:51:36 Times Seen1 Hash 33fa1649ae37d8fca662a216fc831116 2643191baf5a3405f8547fdeba1f681e1bad1311 7a4dd228db6d78de230fd00022761ecc57db7b05f8d4b4e494d5e0fdc9a8c931 Loading...

	www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/	80 B	2023-03-07	2023-12-02
Pretty URL www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/ IP 162.241.194.161 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:46:32 Last Seen2023-12-02 03:48:29 Times Seen4 Hash 0ac3e644f9754479d2f4b30880002944 47995b39e2ce4096855454ef1a641c9664b9abce 1dee7c0697f4499da5da3f4814cb3889f8fdb6de2bb97927029a0df2b87a7d7f Loading...

	www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/analytics.js	50 kB	2023-03-07	2024-04-25
Pretty URL www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/analytics.js IP 162.241.194.161 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-25 19:24:16 Times Seen842 Hash d40531c5e99a6f84e42535859476fe35 a901817d77b2fe5259c298c91bc65c54d7f8a1a9 a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Loading...

	www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/	278 B	2023-03-07	2023-03-14
Pretty URL www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/ IP 162.241.194.161 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:46:32 Last Seen2023-03-14 02:51:36 Times Seen1 Hash c34b76be1411760362c97761d8c63227 7d487334b2de2d4afda161c24a8026b38c249aca 2a46f07d022334251bb8050e5756680a9533b027d4de7d66da93927e5f94ab22 Loading...

	www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/js	222 kB	2023-03-07	2023-03-14
Pretty URL www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/js IP 162.241.194.161 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:46:32 Last Seen2023-03-14 02:51:36 Times Seen1 Hash aa7b78f951f0a6bd2bfab7c7f5584d4e 0fd40025081ea03fc7bef5e5a04453ee358edd9a 489b80f26bdc7cb6f57e4d34cc5ece491943c1481e5fd2f65a7f67035f2bfddc Loading...

	www.googletagmanager.com/gtm.js?id=GTM-5FQFWZZ	455 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-5FQFWZZ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:38:03 Last Seen2023-03-08 00:38:03 Times Seen1 Hash 0f2fd86e9d5bffe732a2368572290969 b0279645cd5e0a8ca70b1648cbc020e549ec43aa 56b7852a615c09320f5ef812b6382f865e7b30ad0f10088faf014b1356f842fa Loading...

	www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/gtm.js	452 kB	2023-03-07	2023-03-14
Pretty URL www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/gtm.js IP 162.241.194.161 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:46:32 Last Seen2023-03-14 02:51:36 Times Seen1 Hash ef9677023fe90eb4f0b07b8de6a0a64a 659e069d85dbc6bb6d1793582ea3a6015ab1b189 a369471f01b52db523d9a31013992013edc753e7f52fcdf5dd01da6d6cb28c64 Loading...

	www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/	47 B	2023-03-07	2023-03-14
Pretty URL www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/ IP 162.241.194.161 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:46:32 Last Seen2023-03-14 02:51:36 Times Seen1 Hash fe1bb7ce172a751b29644f3ce07e4b8a c181f556bf34da2c2e285af4d4f59a226a796c3b bd0cbbf088a23765e8531ed5adca38f4489c09d04638f5ddce97a7b0b07fd07d Loading...

		Size	First Seen	Last Seen
	#1 Eval - 43bebea3d96cf3710d4a77ccb08cf1af	48 B	2023-03-07	2024-02-17
Pretty Observations First Seen2023-03-07 15:46:32 Last Seen2024-02-17 06:47:29 Times Seen7 Hash 43bebea3d96cf3710d4a77ccb08cf1af 4dd86b62b802f541564cd361cdbe694c82223333 ba2d150e4f6f98f3a6e81aa03477eb87eae3e32291d109e443753619bc8f9bda Loading...

HTTP Transactions (44)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

13.224.132.44

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
13.224.132.44:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 24 Sep 2022 20:05:45 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 0d28fd7b073340c78cdcd5a3e2e0fe5a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR3-C2
X-Amz-Cf-Id: X1oCVKk6I8i0OC3fu2W53ZEjefSBLWdaWnfreJ4byLh1EgkY2Y2RNQ==
Age: 1042

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
09a973de929ab7452edc342c780d3668
3f14f6e0a36f76863c0aea6fb561c266404a7ea3
e82ca5f310e37267fbf792427747e65c2bb35e684d3f629c0aa302f688bc4f80

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16482
Expires: Sun, 25 Sep 2022 00:57:49 GMT
Date: Sat, 24 Sep 2022 20:23:07 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

13.224.132.7

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
13.224.132.7:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 24 Sep 2022 04:13:03 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 1de7ecec44e546a1e71d662ee3f2ba42.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR3-C2
x-amz-cf-id: yqHs9CzNpl6yYuWkVc8R7V9Pze0yNIulrSy3VCP7ipWkQ23bznhsgA==
age: 58204
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5ebf5eb6d2dcb1f5c6149b2236a49519
d11dc6aa3ab533ca879176568ee76b0fb7f39891
41c3bec0671d7adb47bf7fcf6afc8e91b376ca7a8e85a338efa03dc40203df05

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41C3BEC0671D7ADB47BF7FCF6AFC8E91B376CA7A8E85A338EFA03DC40203DF05"
Last-Modified: Fri, 23 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sun, 25 Sep 2022 02:23:07 GMT
Date: Sat, 24 Sep 2022 20:23:07 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 20:23:07 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

13.224.132.44

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
13.224.132.44:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Expires, Alert, Content-Length, ETag, Cache-Control, Content-Type, Backoff, Pragma, Last-Modified
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Sat, 24 Sep 2022 20:20:46 GMT
Expires: Sat, 24 Sep 2022 21:02:43 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 95b26b715ee81beaff56d7e9f185da2e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR3-C2
X-Amz-Cf-Id: s8soqEv2IkwbvzwjYQBCihQoR_T3dX3Xbr6vjFXhsyOC1F2kxWvbEA==
Age: 142

www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/

162.241.194.161

200 OK

6.0 kB

URL HTTP/2
www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/
IP
162.241.194.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1414)
Size
6.0 kB (5958 bytes)
Hash
80bbbf18c9d65c1dd33ba848dd2fd444
2c91da5607d6994d3f26fb8e9c8c80edceb59343
9e386243bfe542303f26ce9c6c5868bf24ac768fa6aea1c9aa5a31cad94aef65

Detections

Analyzer	Verdict	Alert
openphish	Resona Card Co.
fortinet	Malware

HTTP Headers

GET /wp-includes/Text/tab/dab/conect/6ca42/ HTTP/1.1
Host: www.clickforcontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:23:07 GMT
server: Apache
content-type: text/html; charset=UTF-8
content-length: 5958
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
content-encoding: gzip
x-server-cache: true
x-proxy-cache: MISS
set-cookie: PHPSESSID=53cdf2d233ab56176c5b1dbfa9f97a4a; path=/
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
a7809de115ea73f8b61f3d20a9978493
01fc65a2b694d7aadd5204d21801e87b2b55b73e
72692486033feeb149424c59576c6c75b17228dfc89b4c369d2e17cc4bff3d52

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3590
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:23:08 GMT
Last-Modified: Sat, 24 Sep 2022 19:23:18 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471

www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/common.css

162.241.194.161

200 OK

3.4 kB

URL HTTP/2
www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/common.css
IP
162.241.194.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Non-ISO extended-ASCII text, with CRLF line terminators
Size
3.4 kB (3376 bytes)
Hash
a7661ca868fe8c999b15ffbd54cb635d
d34237baadf29da1cceeaabc49fe109cb9902891
5a226b7dc795c3522e6855f035c79ffbd319f6276bc4d12ae3d371dda0f578d9

HTTP Headers

GET /wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/common.css HTTP/1.1
Host: www.clickforcontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/
Cookie: PHPSESSID=53cdf2d233ab56176c5b1dbfa9f97a4a
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Sep 2022 09:11:05 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 3376
content-type: text/css
date: Sat, 24 Sep 2022 20:23:08 GMT
server: Apache
X-Firefox-Spdy: h2

www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/custom_4e588d08afda9814698a46572afbf27c.js

162.241.194.161

200 OK

1.6 kB

URL HTTP/2
www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/custom_4e588d08afda9814698a46572afbf27c.js
IP
162.241.194.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
Unicode text, UTF-8 text, with very long lines (6524), with no line terminators
Size
1.6 kB (1621 bytes)
Hash
bb15daa91b7e5f11a3b944dedcc6734a
bff255d6fead3554757aa1f8fdbdf18fd8513438
b0f240e991fe56107237163ae0b0cd35cdab9fea0402aa7bb63f746a90c03069

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/custom_4e588d08afda9814698a46572afbf27c.js HTTP/1.1
Host: www.clickforcontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/
Cookie: PHPSESSID=53cdf2d233ab56176c5b1dbfa9f97a4a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Sep 2022 09:11:05 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1621
content-type: application/javascript
date: Sat, 24 Sep 2022 20:23:08 GMT
server: Apache
X-Firefox-Spdy: h2

push.services.mozilla.com/

54.70.239.215

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.70.239.215:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 6thOTkEKHcMOsrhr/fovAQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: h1fqYmy7PqKTgLPIaz4jJ4EagTM=

www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/SResonaCommon.js

162.241.194.161

200 OK

1.2 kB

URL HTTP/2
www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/SResonaCommon.js
IP
162.241.194.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- exported SGML document, Non-ISO extended-ASCII text, with CRLF line terminators
Size
1.2 kB (1243 bytes)
Hash
43cdde14be966ea647f2dc7bb13db3b2
b8634b08747f3615383eb2d91dc634eea3b70cc1
152467e192c5e90b75c0ac7a155d070196cd67f1e5bef29ba6451b1adbf7c65e

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/SResonaCommon.js HTTP/1.1
Host: www.clickforcontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/
Cookie: PHPSESSID=53cdf2d233ab56176c5b1dbfa9f97a4a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Sep 2022 09:11:05 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1243
content-type: application/javascript
date: Sat, 24 Sep 2022 20:23:08 GMT
server: Apache
X-Firefox-Spdy: h2

www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/logo.png

162.241.194.161

200 OK

4.2 kB

URL HTTP/2
www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/logo.png
IP
162.241.194.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 126 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
4.2 kB (4179 bytes)
Hash
f534e361b03a9a1384140e1293fce6cc
da2cf6df7d628da88e5ca88ed4a87017f0cb6a11
2930fe159b32a9dd59017b729e11979f74eabfec285c1657391146ecf3663d70

HTTP Headers

GET /wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/logo.png HTTP/1.1
Host: www.clickforcontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/
Cookie: PHPSESSID=53cdf2d233ab56176c5b1dbfa9f97a4a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Sep 2022 09:11:05 GMT
accept-ranges: bytes
content-length: 4179
content-type: image/png
date: Sat, 24 Sep 2022 20:23:08 GMT
server: Apache
X-Firefox-Spdy: h2

www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/SCS1902010.css

162.241.194.161

200 OK

359 B

URL HTTP/2
www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/SCS1902010.css
IP
162.241.194.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with CRLF line terminators
Size
359 B (359 bytes)
Hash
d538201958198fe84fb6d2d55c1b2480
6bbf9868f8a51827c28ab4f92091907482ca1902
fc3d41b67faa8d468d6a87ebcb951c5700853ef40b910223c5116414b12c5dfc

HTTP Headers

GET /wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/SCS1902010.css HTTP/1.1
Host: www.clickforcontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/
Cookie: PHPSESSID=53cdf2d233ab56176c5b1dbfa9f97a4a
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Sep 2022 09:11:05 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 359
content-type: text/css
date: Sat, 24 Sep 2022 20:23:08 GMT
server: Apache
X-Firefox-Spdy: h2

www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/help.png

162.241.194.161

200 OK

6.5 kB

URL HTTP/2
www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/help.png
IP
162.241.194.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 260 x 140, 8-bit/color RGBA, non-interlaced\012- data
Size
6.5 kB (6531 bytes)
Hash
a7bd90057cb80c2795e94e147772e008
317065a4a3f6550a8d5ec017b438f7bd51b2471f
6e08ac11997ad16818789ec272d6af1f2603a7d1425e74a604adfeb9153ab130

HTTP Headers

GET /wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/help.png HTTP/1.1
Host: www.clickforcontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/
Cookie: PHPSESSID=53cdf2d233ab56176c5b1dbfa9f97a4a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Sep 2022 09:11:05 GMT
accept-ranges: bytes
content-length: 6531
content-type: image/png
date: Sat, 24 Sep 2022 20:23:08 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
58b52380a6b5c598d1ad88e8da148137
a56206a0277aea6e8e2f7629793aba713d8edd0c
561a57c27dfa1f8651a89292428576b626e8700b9cd6b8173a0ce121aa8f9f4a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:23:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/analytics.js

162.241.194.161

200 OK

128 kB

URL HTTP/2
www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/analytics.js
IP
162.241.194.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
data
Size
128 kB (128433 bytes)
Hash
44b759e3a432a8861cd01984e1c19816
6828c4f67b3c743ef207cd4126b9f4db63686236
a4cbb1e1c6b28e34baa20e90709f54a0b9520df48934c75fc974a5061e96c106

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/analytics.js HTTP/1.1
Host: www.clickforcontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/
Cookie: PHPSESSID=53cdf2d233ab56176c5b1dbfa9f97a4a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Sep 2022 09:11:05 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Sat, 24 Sep 2022 20:23:08 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f81d321c15c87e7147d792d08ebb7513
47f30d4ca38e6753a393965219321b0394ebb597
390ae5f5435d3f8c8b7f1fa8d7e2a3ebf55ea5dbe98aa3528dd562df4c295753

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:23:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/ci.gif

162.241.194.161

200 OK

2.9 kB

URL HTTP/2
www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/ci.gif
IP
162.241.194.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
GIF image data, version 89a, 122 x 33\012- data
Size
2.9 kB (2872 bytes)
Hash
ac3d42802042a690adf5328a0cc8e239
7616199e2d188a271d6e4cd13ea4e37db7febc42
7be78c98a5f6c37f9eb313cfc3c07b1c525807b1c0ac350e3b639413d63e0daa

HTTP Headers

GET /wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/ci.gif HTTP/1.1
Host: www.clickforcontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/
Cookie: PHPSESSID=53cdf2d233ab56176c5b1dbfa9f97a4a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Sep 2022 09:11:05 GMT
accept-ranges: bytes
content-length: 2872
content-type: image/gif
date: Sat, 24 Sep 2022 20:23:08 GMT
server: Apache
X-Firefox-Spdy: h2

www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/bullet_arrow_top.png

162.241.194.161

200 OK

170 B

URL HTTP/2
www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/bullet_arrow_top.png
IP
162.241.194.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 9 x 9, 8-bit/color RGBA, non-interlaced\012- data
Size
170 B (170 bytes)
Hash
1ef2d9ad1765b6134febc2d696ce0976
3a5eb23ea8d32c103ccf951837b2ac2f5f61fb9c
9a5c1c7d2aa5626a759eecc3402cae440dd07cb971142d51bbc5adb743923896

HTTP Headers

GET /wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/bullet_arrow_top.png HTTP/1.1
Host: www.clickforcontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/
Cookie: PHPSESSID=53cdf2d233ab56176c5b1dbfa9f97a4a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Sep 2022 09:11:05 GMT
accept-ranges: bytes
content-length: 170
content-type: image/png
date: Sat, 24 Sep 2022 20:23:08 GMT
server: Apache
X-Firefox-Spdy: h2

www.clickforcontent.com/IB/Images/SmartPhone/SP1.png

162.241.194.161

301 Moved Permanently

0 B

URL HTTP/2
www.clickforcontent.com/IB/Images/SmartPhone/SP1.png
IP
162.241.194.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /IB/Images/SmartPhone/SP1.png HTTP/1.1
Host: www.clickforcontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/common.css
Cookie: PHPSESSID=53cdf2d233ab56176c5b1dbfa9f97a4a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 301 Moved Permanently
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: https://clickforcontent.com/IB/Images/SmartPhone/SP1.png
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 24 Sep 2022 20:23:08 GMT
server: Apache
X-Firefox-Spdy: h2

www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/empt.htm

162.241.194.161

200 OK

167 B

URL HTTP/2
www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/empt.htm
IP
162.241.194.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
9fa32a0ec02cf0d013bc46c803112737
a0c784832cc7b4b92a7296260b77e99415401bde
8f623e90adae05768787b4e9bff1fd103a77b65e7a8a79a5aebda0a8a83ae1fb

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/empt.htm HTTP/1.1
Host: www.clickforcontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/
Cookie: PHPSESSID=53cdf2d233ab56176c5b1dbfa9f97a4a
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:23:08 GMT
server: Apache
content-type: text/html
content-length: 167
last-modified: Sat, 24 Sep 2022 09:11:05 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
x-server-cache: false
X-Firefox-Spdy: h2

www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/icon_comment.png

162.241.194.161

200 OK

1.7 kB

URL HTTP/2
www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/icon_comment.png
IP
162.241.194.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 23 x 25, 8-bit/color RGB, non-interlaced\012- data
Size
1.7 kB (1749 bytes)
Hash
7eebe59a91352e88ddc8bdeb33351192
5d20632f19f4fbe1e35b3db32735bca97dda7e8b
0923b154b710ec5c80a8477ab7617e0620ac9da66937bf9e8e2780fe0556860b

HTTP Headers

GET /wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/icon_comment.png HTTP/1.1
Host: www.clickforcontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/
Cookie: PHPSESSID=53cdf2d233ab56176c5b1dbfa9f97a4a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Sep 2022 09:11:05 GMT
accept-ranges: bytes
content-length: 1749
content-type: image/png
date: Sat, 24 Sep 2022 20:23:08 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
aa58ca16387e8f05dd9fbf268dd7a748
024b9be8676598e2eba669d56f152983f67eecb2
2cab1c2148538cff208d26e26bd8b761adc3591c3ed1dc7549836a1dc624c740

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5213
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:23:09 GMT
Last-Modified: Sat, 24 Sep 2022 18:56:16 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471

clickforcontent.com/IB/Images/SmartPhone/SP1.png

162.241.194.161

404 Not Found

18 kB

URL HTTP/2
clickforcontent.com/IB/Images/SmartPhone/SP1.png
IP
162.241.194.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8657), with CRLF, LF line terminators
Size
18 kB (17635 bytes)
Hash
539e95a21f08ad271c00c5162b1e37ad
34edbc5821f2be4ff886c45dcd7206451ff690f4
dc05b157236ab643c28a9215f2cd0db91198c399e21ce7301429093a7bb6b326

HTTP Headers

GET /IB/Images/SmartPhone/SP1.png HTTP/1.1
Host: clickforcontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.clickforcontent.com/
Connection: keep-alive
Cookie: _gcl_au=1.1.1263966831.1664050988; _ga_HLL26LQ1WH=GS1.1.1664050987.1.0.1664050987.0.0.0; _ga=GA1.1.230549994.1664050988
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://clickforcontent.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
content-length: 17635
content-type: text/html; charset=UTF-8
date: Sat, 24 Sep 2022 20:23:09 GMT
server: Apache
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5588
Expires: Sat, 24 Sep 2022 21:56:17 GMT
Date: Sat, 24 Sep 2022 20:23:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5588
Expires: Sat, 24 Sep 2022 21:56:17 GMT
Date: Sat, 24 Sep 2022 20:23:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5588
Expires: Sat, 24 Sep 2022 21:56:17 GMT
Date: Sat, 24 Sep 2022 20:23:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5588
Expires: Sat, 24 Sep 2022 21:56:17 GMT
Date: Sat, 24 Sep 2022 20:23:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5588
Expires: Sat, 24 Sep 2022 21:56:17 GMT
Date: Sat, 24 Sep 2022 20:23:09 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10279 bytes)
Hash
8ea5f06ad31f0cedd2cb5c6df82f35f4
60a83a1618ffae06e49ca3002bac1db9980dcfe8
5f6a4cb92c016ef0f229b11d727e9680a15b10782b5bfe9e66ad9d100b458d8d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10279
x-amzn-requestid: 0f361c26-1f12-421a-9752-7d4fcdf839ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4V65GTXIAMF9-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd045-25677a637307879044de8242;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:14:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NcnEyVD-vG10pOpPCBMjKGqVw-rstkPIt-oqkIc5urAGE934fxL0VQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 04:12:38 GMT
age: 58231
etag: "60a83a1618ffae06e49ca3002bac1db9980dcfe8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10032 bytes)
Hash
aa150280eb113504d61a25935c0f0127
ed04f74fbb4c77b21e2babc51a82857f5e23d169
07df17fffb391aa82efb09e30d97e88fa4dbe6df00e37bb90304f69179f4848e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10032
x-amzn-requestid: 521c4012-9834-4100-a7ed-30093502f1a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sPBHGYoAMFh-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e272c-77b03c321240d76a572d603a;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:37:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lAQOV9_fZ2RFvhRKMtDOeRTWJc-Jo1u-DrtJshcQuCSOUXVbNMjhaw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:56:56 GMT
age: 80773
etag: "ed04f74fbb4c77b21e2babc51a82857f5e23d169"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/tracker.js

162.241.194.161

200 OK

124 kB

URL HTTP/2
www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/tracker.js
IP
162.241.194.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
data
Size
124 kB (123964 bytes)
Hash
6599d45ae41f2beec29e2325615fcb31
0a3b68f01765db3ccb6456afffbb8a5c7704d764
cadcc9f9e0f3b38617f5f4a583456aa39262eae986f46d982b21c7cadcd00437

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/tracker.js HTTP/1.1
Host: www.clickforcontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/
Cookie: PHPSESSID=53cdf2d233ab56176c5b1dbfa9f97a4a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Sep 2022 09:11:05 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Sat, 24 Sep 2022 20:23:08 GMT
server: Apache
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5039669-74cb-4d54-9208-94257c765b35.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.9 kB (9935 bytes)
Hash
55d224ac83a417772c98bc5080fb6689
a30f9044330824e70dde0dcc785890d981e6fdf5
b2ea4dea200109019a65834b98e31e8fac718a199513810a2819858be2b4470a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5039669-74cb-4d54-9208-94257c765b35.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9935
x-amzn-requestid: 9eb8463d-172a-40a2-8eed-3c97b1260afe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sQ5FARoAMFXQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e2738-3709a2f22ecc033532223b26;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:38:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: e5eETCL5yFnoG4HPx0Qv8hjGnlXx5vOL4syMx9uato8nuIHkSvMezg==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:53:50 GMT
age: 80959
etag: "a30f9044330824e70dde0dcc785890d981e6fdf5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (8029 bytes)
Hash
02a682b4703bb9d6381c762726c05531
1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54
fb672de67420a239fe5d7e2588f640150ed29883fe2a46ded160385e3265004c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8029
x-amzn-requestid: 2fc5c63d-5cef-42f4-a6d2-b55f51c57af6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0tHjGoAMFcFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-73f2f78a2d1ca8fc666d2571;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 7DX67a-HmEh76IorINvRU61AKtSiimdPnHFnYeR2OJezZJ1_mJq0MA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:59:08 GMT
age: 80641
etag: "1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F76fa20bb-9883-4867-b55e-fc56c8f8fc57.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.4 kB (6386 bytes)
Hash
d8d9af95acfc8b9b431eb1e020157f6d
f6f926be6e265a597aaede424f05fcd7c76fcc20
0b61d6cb0e0908cb8d303b9e951e2854166bd232e0291b5d698a6b757c064e88

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F76fa20bb-9883-4867-b55e-fc56c8f8fc57.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6386
x-amzn-requestid: 4380489e-d0ba-4f67-ac4f-67619ba34422
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7shGHryIAMF6zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e27a0-005f9c783c7722f16c178026;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:39:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: RuUOjTDRTkcaGFf_hTWrHZ89edOajgGUdl5PjbaUV7CUppat6IYsRg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:52:36 GMT
age: 81033
etag: "f6f926be6e265a597aaede424f05fcd7c76fcc20"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.google-analytics.com/g/collect?v=2&tid=G-HLL26LQ1WH&gtm=2oe970&_p=580564160&cid=230549994.1664050988&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664050987&sct=1&seg=0&dl=https%3A%2F%2Fwww.clickforcontent.com%2Fwp-includes%2FText%2Ftab%2Fdab%2Fconect%2F6ca42%2F&dt=%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88&en=scroll&_fv=1&_nsi=1&_ss=1&epn.percent_scrolled=90

142.250.74.174

204 No Content

0 B

URL HTTP/2
www.google-analytics.com/g/collect?v=2&tid=G-HLL26LQ1WH&gtm=2oe970&_p=580564160&cid=230549994.1664050988&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664050987&sct=1&seg=0&dl=https%3A%2F%2Fwww.clickforcontent.com%2Fwp-includes%2FText%2Ftab%2Fdab%2Fconect%2F6ca42%2F&dt=%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88&en=scroll&_fv=1&_nsi=1&_ss=1&epn.percent_scrolled=90
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-HLL26LQ1WH&gtm=2oe970&_p=580564160&cid=230549994.1664050988&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664050987&sct=1&seg=0&dl=https%3A%2F%2Fwww.clickforcontent.com%2Fwp-includes%2FText%2Ftab%2Fdab%2Fconect%2F6ca42%2F&dt=%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88&en=scroll&_fv=1&_nsi=1&_ss=1&epn.percent_scrolled=90 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.clickforcontent.com
Connection: keep-alive
Referer: https://www.clickforcontent.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://www.clickforcontent.com
date: Sat, 24 Sep 2022 20:23:09 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
26beff72f002aacbf1ca608df3d0b81e
a192d26312a9cc033a5b5c9b200095a8f13d56ff
b7ae292e4037096a508e369823dbb5fc636438ce6a7c8bf486ca5096aa033d6e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 20:23:09 GMT
Server: ECS (amb/6B7D)
Content-Length: 471

www.resonacard.co.jp/favicon.ico

138.113.139.233

200 OK

318 B

URL HTTP/1.1
www.resonacard.co.jp/favicon.ico
IP
138.113.139.233:0
ASN
#54994 QUANTILNETWORKS

File type
MS Windows icon resource - 1 icon, 16x16, 16 colors\012- data
Size
318 B (318 bytes)
Hash
15cb18c4b4ba3e32f5a229d328f47911
f96ef91718ab997015fe5d7772ed80c285a405a3
72dee9206d303ed0273e3a1cd587deaf223f4d8e37e4ab438601d813a534872d

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.resonacard.co.jp
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clickforcontent.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 20:23:10 GMT
Content-Type: image/x-icon
Content-Length: 318
Connection: keep-alive
Strict-Transport-Security: max-age=31536000
Last-Modified: Wed, 13 Sep 2017 03:40:49 GMT
ETag: "13e-55909ecfaf240"
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
Age: 100
Via: 1.1 bd134:5 (W), 1.1 PSrbdjTYO3sc112:16 (W)
X-Px: ht PSrbdjTYO3sc112HND
X-Ws-Request-Id: 632f672e_PSrbdjTYO3op110_18642-18307
Server: PWS/8.3.1.0.8
Cache-Control: max-age=600

sb.resonabank.co.jp/IB/Images/SmartPhone/home.png

23.36.79.33

200 OK

3.5 kB

URL HTTP/2
sb.resonabank.co.jp/IB/Images/SmartPhone/home.png
IP
23.36.79.33:0
ASN
#20940 Akamai International B.V.

File type
PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced\012- data
Size
3.5 kB (3453 bytes)
Hash
288cc2518e6e5f07d6094ef29aebb119
14ab61f4240d82499a3807f6477b10274349d3f4
ef77512d33280ababb1456865c24cd504f2a05d22eb27e2c4aea7f0bad58cd4e

HTTP Headers

GET /IB/Images/SmartPhone/home.png HTTP/1.1
Host: sb.resonabank.co.jp
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clickforcontent.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/png
last-modified: Tue, 20 Dec 2011 08:30:00 GMT
accept-ranges: bytes
etag: "0f4b90f1becc1:0"
content-length: 3453
date: Sat, 24 Sep 2022 20:23:10 GMT
X-Firefox-Spdy: h2

static.karte.io/libs/tracker.js

18.165.122.39

200 OK

0 B

URL HTTP/2
static.karte.io/libs/tracker.js
IP
18.165.122.39:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /libs/tracker.js HTTP/1.1
Host: static.karte.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clickforcontent.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 30 Aug 2022 04:23:36 GMT
server: AmazonS3
content-encoding: gzip
date: Sat, 24 Sep 2022 20:19:14 GMT
cache-control: max-age=300
etag: W/"fc69b59d6a74cacc75e414b21d0c341b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 314739a512b2afae40702e1a95e8f8de.cloudfront.net (CloudFront)
x-amz-cf-pop: HEL51-P2
x-amz-cf-id: cFx9jWZSojENvCf_Pnpt6ruA-0gACd7GTJ-44ZUOYdec1zMsBV6S6g==
age: 247
X-Firefox-Spdy: h2

www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/js

162.241.194.161

200 OK

0 B

URL HTTP/2
www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/js
IP
162.241.194.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/js HTTP/1.1
Host: www.clickforcontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/
Cookie: PHPSESSID=53cdf2d233ab56176c5b1dbfa9f97a4a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 24 Sep 2022 20:23:08 GMT
server: Apache
content-length: 222304
last-modified: Sat, 24 Sep 2022 09:11:05 GMT
accept-ranges: bytes
x-server-cache: false
X-Firefox-Spdy: h2

www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/empt_data/build.js

162.241.194.161

200 OK

0 B

URL HTTP/2
www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/empt_data/build.js
IP
162.241.194.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/empt_data/build.js HTTP/1.1
Host: www.clickforcontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/empt.htm
Cookie: PHPSESSID=53cdf2d233ab56176c5b1dbfa9f97a4a; _gcl_au=1.1.1263966831.1664050988; _ga_HLL26LQ1WH=GS1.1.1664050987.1.0.1664050987.0.0.0; _ga=GA1.1.230549994.1664050988
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Sep 2022 09:11:05 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Sat, 24 Sep 2022 20:23:09 GMT
server: Apache
X-Firefox-Spdy: h2

www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/gtm.js

162.241.194.161

200 OK

0 B

URL HTTP/2
www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/gtm.js
IP
162.241.194.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-includes/Text/tab/dab/conect/6ca42/%E3%82%8A%E3%81%9D%E3%81%AA%E9%8A%80%E8%A1%8C%E3%80%80%E3%83%9E%E3%82%A4%E3%82%B2%E3%83%BC%E3%83%88_files/gtm.js HTTP/1.1
Host: www.clickforcontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.clickforcontent.com/wp-includes/Text/tab/dab/conect/6ca42/
Cookie: PHPSESSID=53cdf2d233ab56176c5b1dbfa9f97a4a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 24 Sep 2022 09:11:05 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Sat, 24 Sep 2022 20:23:08 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (16)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP