Report - uiaps.aslabd.top/moblie/client/

Report Overview

Submitted URL
uiaps.aslabd.top/moblie/client/
IP
155.94.128.18
ASN
#8100 ASN-QUADRANET-GLOBAL
Submitted
2023-02-02 00:37:48
Access
Website Title
Final URL
Tags
usps logistics phishing
urlquery detections
Phishing - US Postal Service

Detections

urlquery
33
Network Intrusion Detection
2
Threat Detection Systems
32

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
detectportal.firefox.com	1601	2018-08-30T11:52:03Z	2023-03-13T05:09:11Z	606 B	428 B	34.107.221.82
bat.bing.com	387	2014-04-08T11:23:16Z	2023-03-13T05:09:15Z	369 B	472 B	13.107.21.200
www.google.no	25607	2016-04-05T21:50:59Z	2023-03-13T06:26:15Z	964 B	641 B	142.250.74.163
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.0 kB	8.0 kB	23.36.77.32
getpocket.cdn.mozilla.net	1369	2018-08-28T15:15:36Z	2023-03-13T08:02:38Z	435 B	41 kB	34.120.5.221
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	54.186.188.230
firefox-settings-attachments.cdn.mozilla.net	11509	2019-11-30T10:32:57Z	2023-03-13T08:38:30Z	412 B	808 kB	34.111.73.144
uiaps.aslabd.top	unknown	2023-01-17T14:56:58Z	2023-02-01T16:35:48Z	14 kB	100 kB	155.94.128.18
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.3 kB	50 kB	34.120.237.76
t.co	569	2012-07-25T21:09:44Z	2023-03-13T05:25:19Z	871 B	593 B	104.244.42.69
www.googleadservices.com	107	2012-06-26T16:53:06Z	2023-03-13T08:26:04Z	387 B	16 kB	142.250.74.98
www.google.com	7	2015-05-10T13:11:19Z	2023-03-13T06:40:43Z	965 B	641 B	142.250.74.164
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	1.3 kB	18 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
shavar.services.mozilla.com	3602	2015-09-28T08:30:01Z	2023-03-13T05:09:14Z	453 B	204 B	34.217.182.232
googleads.g.doubleclick.net	42	2021-02-20T16:43:32Z	2023-03-13T08:39:16Z	963 B	1.9 kB	142.250.74.98
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	7.6 kB	212 kB	35.241.9.150
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	1.0 kB	2.0 kB	93.184.220.29
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	2.7 kB	5.6 kB	142.250.74.131
analytics.twitter.com	526	2013-04-10T21:53:18Z	2023-03-13T05:25:19Z	888 B	613 B	104.244.42.3

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-02 00:37:53	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile
2023-02-02 00:37:55	medium	Client IP	155.94.128.18	ET INFO HTTP Request to a *.top domain

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-02-01	medium	uiaps.aslabd.top/moblie/client/	United States Postal Service
2023-02-01	medium	uiaps.aslabd.top/moblie/client/	United States Postal Service

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-02	medium	uiaps.aslabd.top/moblie/client/	Phishing
2023-02-02	medium	uiaps.aslabd.top/moblie/client/	Phishing
2023-02-02	medium	uiaps.aslabd.top/moblie/js/index.js	Phishing
2023-02-02	medium	uiaps.aslabd.top/entreg/assets/fonts/usps/d5af76d8-a90b-4527-b3a3-182207cc3250.woff	Phishing
2023-02-02	medium	uiaps.aslabd.top/moblie/client/assets/fonts/glyphicons/glyphicons-halflings-regular.woff2	Phishing
2023-02-02	medium	uiaps.aslabd.top/entreg/assets/fonts/usps/4a9c62ab-b359-4081-8383-a0d1cdebd111.woff	Phishing
2023-02-02	medium	uiaps.aslabd.top/entreg/assets/fonts/usps/5b4a262e-3342-44e2-8ad7-719998a68134.woff	Phishing
2023-02-02	medium	uiaps.aslabd.top/entreg/assets/fonts/usps/1d238354-d156-4dde-89ea-4770ef04b9f9.ttf	Phishing
2023-02-02	medium	uiaps.aslabd.top/moblie/client/assets/fonts/glyphicons/glyphicons-halflings-regular.woff	Phishing
2023-02-02	medium	uiaps.aslabd.top/entreg/assets/fonts/usps/db5f9ba6-05a4-433a-9461-0a6f257a0c3a.ttf	Phishing
2023-02-02	medium	uiaps.aslabd.top/entreg/assets/fonts/usps/4a3ef5d8-cfd9-4b96-bd67-90215512f1e5.ttf	Phishing
2023-02-02	medium	uiaps.aslabd.top/moblie/client/assets/fonts/glyphicons/glyphicons-halflings-regular.ttf	Phishing
2023-02-02	medium	uiaps.aslabd.top/moblie/js/vue.js	Phishing
2023-02-02	medium	uiaps.aslabd.top/moblie/js/jquery-3.5.1.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	uiaps.aslabd.top/moblie/js/index.js	1.4 kB	2023-03-10	2023-03-13
Pretty URL uiaps.aslabd.top/moblie/js/index.js IP 155.94.128.18 ASN #8100 ASN-QUADRANET-GLOBAL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 10:05:46 Last Seen2023-03-13 14:33:50 Times Seen1 Hash ee6653ce3d8a2748323a6805427110c1 90ccdf91aa9cc39d904aac3260155d3724cd4c72 ef07c67981ee5d10dd3a51be00799e8e7fd6291cfb9678ee95ecd6aaedaa0602 Loading...

	www.googleadservices.com/pagead/conversion_async.js	42 kB	2023-03-13	2023-03-13
Pretty URL www.googleadservices.com/pagead/conversion_async.js IP 142.250.74.98 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 06:55:33 Last Seen2023-03-13 14:33:50 Times Seen1 Hash 9869ed40940fff5fbbae533b74c90335 e1428d611ecc1883039167058e9e8bf1c2082a54 8b6cfa8b0b7462dae0971788ab188c8da08f386b9f0e7a428855de529ba5a012 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/978081151/?random=1657381653943&cv=9&fst=1657381653943&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=5&u_nmime=2&gtm=2oa6t0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D11ax5i3a_gaNDY0MDc2OTA3LjE2NTczNzU5NjA._ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tiba=USPS.com%C2%AE%20-%20Sign%20In&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4	2.6 kB	2023-03-13	2023-03-13
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/978081151/?random=1657381653943&cv=9&fst=1657381653943&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=5&u_nmime=2&gtm=2oa6t0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D11ax5i3a_gaNDY0MDc2OTA3LjE2NTczNzU5NjA._ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tiba=USPS.com%C2%AE%20-%20Sign%20In&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4 IP 142.250.74.98 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:33:50 Last Seen2023-03-13 14:33:50 Times Seen1 Hash dabb82a2438b8fc6dec9807efb3cc057 e40c2c4159e1cd2c172b0d78e0622880fc3e19af 1407c315fc785028024b22bd5d5b8d4ecf03406d0819211dc60bfd1bcad4097f Loading...

	bat.bing.com/p/action/21006064.js	0 B	2023-03-07	2024-05-04
Pretty URL bat.bing.com/p/action/21006064.js IP 13.107.21.200 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-04 19:33:23 Times Seen37342393 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	uiaps.aslabd.top/moblie/js/vue.js	342 kB	2023-03-07	2024-04-25
Pretty URL uiaps.aslabd.top/moblie/js/vue.js IP 155.94.128.18 ASN #8100 ASN-QUADRANET-GLOBAL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:15:30 Last Seen2024-04-25 12:42:25 Times Seen495 Hash 1e99e929ad552078273d58192153ab2d 9e3cf9bcdf5806299e356f3d64e04936963e5d97 352baa818da109925437a8433057ddc6f91ec48efe88bc5741b2f9e34450fdce Loading...

	uiaps.aslabd.top/moblie/js/jquery-3.5.1.js	288 kB	2023-03-07	2024-05-04
Pretty URL uiaps.aslabd.top/moblie/js/jquery-3.5.1.js IP 155.94.128.18 ASN #8100 ASN-QUADRANET-GLOBAL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:32 Last Seen2024-05-04 11:25:09 Times Seen3674 Hash 23c7c5d2d1317508e807a6c7f777d6ed ad16c4a132ad2a03b4951185fed46d55397b5e88 416a3b2c3bf16d64f6b5b6d0f7b079df2267614dd6847fc2f3271b4409233c37 Loading...

HTTP Transactions (88)

URL IP Response Size

detectportal.firefox.com/success.txt?ipv4

34.107.221.82

200 OK

8 B

URL HTTP/1.1
detectportal.firefox.com/success.txt?ipv4
IP
34.107.221.82:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
8 B (8 bytes)
Hash
ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5

HTTP Headers

GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Wed, 01 Feb 2023 16:22:32 GMT
Age: 29698
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7e05c8461bd2dc5a149f71e2c465ea29
705983959c887e243cb55a8a1796757b579ee977
4d9ea085d5dda9dabed11af9847c2b0aa6182358673b356a4e2bd631e22a9922

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4D9EA085D5DDA9DABED11AF9847C2B0AA6182358673B356A4E2BD631E22A9922"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18087
Expires: Thu, 02 Feb 2023 05:38:57 GMT
Date: Thu, 02 Feb 2023 00:37:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f824bb31f87f078e781d131ced301dc2
b7436030d0ee961cfe45fdc9ab8a7b3a9e8c369b
8c5f5dacb00b9740acdba2124d86cc2086ece69d90bd78499e541c64d0d61fe0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8C5F5DACB00B9740ACDBA2124D86CC2086ECE69D90BD78499E541C64D0D61FE0"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2435
Expires: Thu, 02 Feb 2023 01:18:05 GMT
Date: Thu, 02 Feb 2023 00:37:30 GMT
Connection: keep-alive

getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30

34.120.5.221

200 OK

41 kB

URL HTTP/2
getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30
IP
34.120.5.221:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Size
41 kB (40688 bytes)
Hash
406c283b800488fe55e2d1cbdf6fd9d0
05372da3ebe18029db91067339a4510e87bbc9cd
00f72ed9ffe6beb3a48b9d7a18e8410694cf58e114af54ba5bda10045d462fbe

HTTP Headers

GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30 HTTP/1.1
Host: getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
vary: Accept-Encoding
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Hit from cloudfront
x-amz-cf-pop: SEA73-P2
x-amz-cf-id: 1zNtN3ytzs1pHPSSTPAmvqMGcRGH7tPQ8gZQOem18L8nL9UniHyYcw==
content-encoding: gzip
via: 1.1 c21a0d27ceec21e266c9f962d0349438.cloudfront.net (CloudFront), 1.1 google
content-length: 40688
date: Thu, 02 Feb 2023 00:23:52 GMT
age: 818
content-type: application/json
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a8d45deaa7ebfcd996c2055dae592ab8
55befe074589fe7b39757c145968058162a8fc6b
50d7d516f446458145a304b288a0a39d391cd37ea50dabea36ae48d291c65ba7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "50D7D516F446458145A304B288A0A39D391CD37EA50DABEA36AE48D291C65BA7"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12105
Expires: Thu, 02 Feb 2023 03:59:15 GMT
Date: Thu, 02 Feb 2023 00:37:30 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: +iHN3B14phQ4hlB3Yd3XScidTWh7v8EJ6NU44ZZ/ASc9Za9gc6/qiWFT5oSs5qtsRQNCIUjS88Y=
x-amz-request-id: A1QFFMVA787NN8KJ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 01 Feb 2023 23:58:45 GMT
age: 2325
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16873
Expires: Thu, 02 Feb 2023 05:18:43 GMT
Date: Thu, 02 Feb 2023 00:37:30 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 02 Feb 2023 00:36:02 GMT
content-type: application/json
age: 88
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 00:37:30 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

detectportal.firefox.com/success.txt?ipv4

34.107.221.82

200 OK

8 B

URL HTTP/1.1
detectportal.firefox.com/success.txt?ipv4
IP
34.107.221.82:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
8 B (8 bytes)
Hash
ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5

HTTP Headers

GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Wed, 01 Feb 2023 16:22:32 GMT
Age: 29698
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
4dd913fe637959787cb8780d1f605e86
a004e39181234f348c63bd45cbc6de6c310aa11f
425f78c5a5b836274ac9fe06cf34f960fb4204efde192d48734cc2b026d94dbe

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6384
Cache-Control: max-age=162175
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 00:37:31 GMT
Etag: "63dac35a-1d7"
Expires: Fri, 03 Feb 2023 21:40:26 GMT
Last-Modified: Wed, 01 Feb 2023 19:54:02 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 01 Feb 2023 23:49:05 GMT
age: 2906
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13248
Expires: Thu, 02 Feb 2023 04:18:19 GMT
Date: Thu, 02 Feb 2023 00:37:31 GMT
Connection: keep-alive

shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2

34.217.182.232

200 OK

8 B

URL HTTP/1.1
shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
IP
34.217.182.232:0
ASN
#16509 AMAZON-02

File type
ASCII text
Size
8 B (8 bytes)
Hash
29fc57841962e407cb50c1be60284bf7
ce968a77e2996da5eee8925182318f171ccdce47
ae7e7075247dcfad763f1e131aeac3d2e756bb03d48b0d315a50c69636e5dc8b

HTTP Headers

POST /downloads?client=Firefox&appver=96.0a&pver=2.2 HTTP/1.1
Host: shavar.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 773
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Thu, 02 Feb 2023 00:37:31 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 8
Connection: Close

push.services.mozilla.com/

54.186.188.230

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.186.188.230:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: qWu7uyL1h0LDUtG7QZuTYw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 84rCDtKLOYaeXifDSfROI3oU0Gw=

firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221675286829275%22

35.241.9.150

200 OK

21 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221675286829275%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (20973), with no line terminators
Size
21 kB (20973 bytes)
Hash
602f56b5723340edd2208f7b73403af3
c9f20abe9ddba784def605e658893079834be68d
0743125b19f0570ebf69804a47f08a29570db4e067ff94a3e326ac9b42a85a0a

HTTP Headers

GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221675286829275%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 20973
via: 1.1 google
date: Thu, 02 Feb 2023 00:32:06 GMT
age: 325
last-modified: Wed, 01 Feb 2023 21:27:09 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1675276638966&_since=%221666204638208%22

35.241.9.150

200 OK

27 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1675276638966&_since=%221666204638208%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (26765), with no line terminators
Size
27 kB (26765 bytes)
Hash
2c1cc58703fc40ca187f64e8cba5bfe8
ec4585bd17814a72a12edbc7a2cf8b236b02d67b
ca2253dcc795afb0a3a9cd46885f3a8591b68576f50c80e6dc871eeb4006638a

HTTP Headers

GET /v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1675276638966&_since=%221666204638208%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 26765
via: 1.1 google
date: Thu, 02 Feb 2023 00:35:11 GMT
age: 140
last-modified: Wed, 01 Feb 2023 18:37:19 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: 8Cbzar/cdBnem6wUkZ+inavYEMY/xcSCT/iLkvpcaCj79vQb8tMZq8jnVA6T/Upg+iLIxm+oM1s=
x-amz-request-id: 5M1W6M00BGJ9X8KS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 01 Feb 2023 23:43:14 GMT
age: 3257
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 02 Feb 2023 00:36:02 GMT
content-type: application/json
age: 89
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
772e98ffb218d146fb3dcc0ce821fbe8
f1f77d13cb54909cf8645417a4eaec9db01a7067
370a02f24b8582aa498635bd1ac597180dbb093e32ebddab7891d519abd5fd91

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "370A02F24B8582AA498635BD1AC597180DBB093E32EBDDAB7891D519ABD5FD91"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15836
Expires: Thu, 02 Feb 2023 05:01:27 GMT
Date: Thu, 02 Feb 2023 00:37:31 GMT
Connection: keep-alive

firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin

34.111.73.144

200 OK

807 kB

URL HTTP/2
firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin
IP
34.111.73.144:0
ASN
#15169 GOOGLE

File type
data
Size
807 kB (807180 bytes)
Hash
914be443bdfbe8a1c3ded61e1c114bd6
4fe7c5ff83f6a29e6699f4cebc17550891504661
41b036d0c889509d547296b238027a063c313261ad52d5f7bb81922011791857

HTTP Headers

GET /staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin HTTP/1.1
Host: firefox-settings-attachments.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: DYhzcZihah3+nn9uccTU0QhbDsrYIGJkUq7DnVhCQOs6Y7PkJ/a98vsBufG9wJH7B/5czaGL4HQ=
x-amz-request-id: AQB6GT81KDJK8DAX
x-amz-version-id: K1ODzappZsD35qeu0OM5zvs_BP1eybj7
accept-ranges: bytes
server: AmazonS3
content-length: 807180
via: 1.1 google
date: Sat, 28 Jan 2023 15:34:35 GMT
age: 378176
last-modified: Tue, 10 Jan 2023 12:38:46 GMT
etag: "914be443bdfbe8a1c3ded61e1c114bd6"
content-type: application/octet-stream
cache-control: public,max-age=604800
alt-svc: clear
X-Firefox-Spdy: h2

uiaps.aslabd.top/moblie/client/

155.94.128.18

301 Moved Permanently

313 B

URL HTTP/1.1
uiaps.aslabd.top/moblie/client/
IP
155.94.128.18:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
313 B (313 bytes)
Hash
e3e75379a5cb750419c71988ad441ced
98db25b41a07395e349b1ef008b354604950f8c7
e6cf42c910de2c77e48cc8b618752d4fe7e4e9f74e070a97584e7f11df0d2d84

Detections

Analyzer	Verdict	Alert
openphish	United States Postal Service
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.top domain

HTTP Headers

GET /moblie/client/ HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Thu, 02 Feb 2023 00:37:31 GMT
Server: Apache
Location: https://uiaps.aslabd.top/moblie/client/
Content-Length: 313
Connection: close
Content-Type: text/html; charset=iso-8859-1

firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1674595012490&_since=%221662044085942%22

35.241.9.150

200 OK

4.3 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1674595012490&_since=%221662044085942%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (4318), with no line terminators
Size
4.3 kB (4318 bytes)
Hash
f907735e3715dc6d1879d3a6acc28609
9ef4d7f2c5b9b4583d992295b72d5f3a635b065e
b4977e583a6818ad9317b1d87e0536bdbbee1d11ae7a911f65c415f385739ba1

HTTP Headers

GET /v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1674595012490&_since=%221662044085942%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 4318
via: 1.1 google
date: Wed, 01 Feb 2023 23:58:38 GMT
age: 2333
last-modified: Wed, 01 Feb 2023 16:36:43 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22

35.241.9.150

200 OK

1.7 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (1742), with no line terminators
Size
1.7 kB (1742 bytes)
Hash
22092e301760ed865af6ece6eb04b1be
557b52e40ec2d8f2fe080580a1858c8666791bf2
12afba8f5929ab372e9cffbbe57e8bb562c60fc0a98b751c69de1adc04fb4aea

HTTP Headers

GET /v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1742
via: 1.1 google
date: Thu, 02 Feb 2023 00:20:44 GMT
age: 1008
last-modified: Wed, 01 Feb 2023 16:36:43 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22

35.241.9.150

200 OK

1.7 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (1719), with no line terminators
Size
1.7 kB (1719 bytes)
Hash
91fc66b0cc0a6a614095f1a64df0ae3b
36d83cd4aac353d81990df94ac1e5466483ab145
fee8713249b5cc35e5a4bb521c3a645c8b2a0c927c8384b99cf4f3a046e5d316

HTTP Headers

GET /v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1719
via: 1.1 google
date: Thu, 02 Feb 2023 00:27:54 GMT
age: 578
last-modified: Tue, 31 Jan 2023 16:36:45 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22

35.241.9.150

200 OK

1.3 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (1250), with no line terminators
Size
1.3 kB (1250 bytes)
Hash
4b4dc2f2fa90e5157009acf4c7b1d589
ec64bb109dac848eafb80765cb510015c5d3ffd5
83ad9f7b27e6c7f20f257f0a3ff004ca69cfd0d4768222a51a655ac9ae139f6e

HTTP Headers

GET /v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1250
via: 1.1 google
date: Wed, 01 Feb 2023 23:47:35 GMT
age: 2997
last-modified: Tue, 31 Jan 2023 16:36:44 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1675179871619&_since=%221666279968541%22

35.241.9.150

200 OK

70 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1675179871619&_since=%221666279968541%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65536), with no line terminators
Size
70 kB (69773 bytes)
Hash
bc236c9ea0619f60e837bef961954574
ff74159ccfd717e32b24874ed960411c389e8675
ab065bdee282a74b71c0b03b21444242851827c0f40d672173bcfb11c88384a3

HTTP Headers

GET /v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1675179871619&_since=%221666279968541%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 69773
via: 1.1 google
date: Thu, 02 Feb 2023 00:35:13 GMT
age: 139
last-modified: Tue, 31 Jan 2023 15:44:31 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258

35.241.9.150

200 OK

682 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (682), with no line terminators
Size
682 B (682 bytes)
Hash
ee3b2ca8193a47eb1c2f1628b80b953f
6b53021c8663e3a0f874c5f030902a78c3ef1b9d
2cc501aa09d747a9b69b88c92f896650b9c9f5c32dae8b2315ab61c63d9a4ccc

HTTP Headers

GET /v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 682
via: 1.1 google
date: Wed, 01 Feb 2023 23:50:09 GMT
age: 2843
last-modified: Sun, 29 Jan 2023 16:36:52 GMT
etag: "1675010212483"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: MwfrBNriKYXNI7sFOEwqPLbModUmmzgKQML3OBBfofLhZbHK7c4yeF6cLTLFKIdtAVk4f7FMujE=
x-amz-request-id: DFQNHWBXJMBECEYQ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 01 Feb 2023 23:51:45 GMT
age: 2747
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22

35.241.9.150

200 OK

935 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (935), with no line terminators
Size
935 B (935 bytes)
Hash
3d63398bfcd270d3aff50d730b7fbf8e
95b217d19c323845ba9739f9e343ffd4a050dc2a
28be153e42646803b6aa62501fcb5262eea2812237655cec6be8b2a3ff4e7d0c

HTTP Headers

GET /v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 935
via: 1.1 google
date: Thu, 02 Feb 2023 00:07:01 GMT
age: 1831
last-modified: Sat, 28 Jan 2023 16:36:44 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
389967ad1c83bccf7423dce7fdf271b6
9085bffb376304da75064d415739e19ce4f29caf
f5b304a1f278dd18e7442c27705e12ddb1fa9a1f38cab15edee1ab5330843ed0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F5B304A1F278DD18E7442C27705E12DDB1FA9A1F38CAB15EDEE1AB5330843ED0"
Last-Modified: Mon, 30 Jan 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21587
Expires: Thu, 02 Feb 2023 06:37:19 GMT
Date: Thu, 02 Feb 2023 00:37:32 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1674841566207&_since=%221666483264567%22

35.241.9.150

200 OK

52 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1674841566207&_since=%221666483264567%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (52267), with no line terminators
Size
52 kB (52267 bytes)
Hash
43fa3c33ef7e1368ef38013ab44077ec
70447b3d512f20511dec32ecad04b77a76a86b6f
bae20740abda87eb747664b2ec70fb29c5ff7899292685645d7ed2c609727391

HTTP Headers

GET /v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1674841566207&_since=%221666483264567%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 52267
via: 1.1 google
date: Wed, 01 Feb 2023 23:29:15 GMT
age: 4097
last-modified: Fri, 27 Jan 2023 17:46:06 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22

35.241.9.150

200 OK

1.5 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (1505), with no line terminators
Size
1.5 kB (1505 bytes)
Hash
bf91148bc6bc52655c8e8138e8a0a4f4
919f632d0fa2021439aefb26804e6c811f077343
0b87aabbe04ee50ba0cdfdfd6710e761f3ede6ac42cc8faa1b136315529daabf

HTTP Headers

GET /v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1505
via: 1.1 google
date: Wed, 01 Feb 2023 23:49:29 GMT
age: 2883
last-modified: Fri, 27 Jan 2023 16:36:46 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1674751976728&_since=%221661199949574%22

35.241.9.150

200 OK

18 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1674751976728&_since=%221661199949574%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (17471), with no line terminators
Size
18 kB (17471 bytes)
Hash
6e2d33aecce57f200365d89f518caa2a
0226b86348839e3398809b8e542aa7daf6909ba6
1fa13b584b43bddc8fd2e1fc57676c930b50dea74726a9c2fc55e35dca77ebfd

HTTP Headers

GET /v1/buckets/main/collections/search-config/changeset?_expected=1674751976728&_since=%221661199949574%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 17471
via: 1.1 google
date: Wed, 01 Feb 2023 23:54:25 GMT
age: 2587
last-modified: Thu, 26 Jan 2023 16:52:56 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

uiaps.aslabd.top/moblie/client/

155.94.128.18

200 OK

10 kB

URL HTTP/2
uiaps.aslabd.top/moblie/client/
IP
155.94.128.18:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (761), with CRLF line terminators
Size
10 kB (9965 bytes)
Hash
9dbc9a18c40df2141a035a9758ad2949
108cf6f8739d617c44bd47a66b058407b45da5b8
1a3a2e5624cc58baed76db3b05f8b40613d870b3ee116a7ed145d64f06cf7187

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - US Postal Service
urlquery	phishing	Phishing - US Postal Service
openphish	United States Postal Service
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.top domain

HTTP Headers

GET /moblie/client/ HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Sat, 09 Jul 2022 03:30:50 GMT
etag: "e7ca-5e356f1faee80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 9965
content-type: text/html
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1674132577705&_since=%221657747510534%22

35.241.9.150

200 OK

2.1 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1674132577705&_since=%221657747510534%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (2144), with no line terminators
Size
2.1 kB (2144 bytes)
Hash
5081e6ce6effca1e5ba513b8ee475b1c
56b570761e64c997d2340e4697a1c0e1b06cc0e5
df3c6bd21705a779e7eace5f711efb8e0c91a77a0fd18288d12cf49507f944a2

HTTP Headers

GET /v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1674132577705&_since=%221657747510534%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
content-type: application/json
date: Thu, 02 Feb 2023 00:37:32 GMT
last-modified: Thu, 26 Jan 2023 16:36:43 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 2144
via: 1.1 google
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

uiaps.aslabd.top/moblie/client/assets/css/globals/usps-fonts.css

155.94.128.18

200 OK

870 B

URL HTTP/2
uiaps.aslabd.top/moblie/client/assets/css/globals/usps-fonts.css
IP
155.94.128.18:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
CSV text\012- , ASCII text, with very long lines (548)
Size
870 B (870 bytes)
Hash
506e9f64f645e61384a9452c720729bd
d67ae5849f868c25a3f8950890c38eb2012ada48
480818c6bb9e16b65495ab341fb890ef7b2120c89a14e23d31cdd6827dec700c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - US Postal Service
urlquery	phishing	Phishing - US Postal Service

HTTP Headers

GET /moblie/client/assets/css/globals/usps-fonts.css HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Sat, 09 Jul 2022 00:51:36 GMT
etag: "cc7-5e354b8847600-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 870
content-type: text/css
X-Firefox-Spdy: h2

uiaps.aslabd.top/moblie/client/assets/css/vendor/bootstrap/3.5.5/bootstrap.min.css

155.94.128.18

200 OK

20 kB

URL HTTP/2
uiaps.aslabd.top/moblie/client/assets/css/vendor/bootstrap/3.5.5/bootstrap.min.css
IP
155.94.128.18:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
ASCII text, with very long lines (64985)
Size
20 kB (20168 bytes)
Hash
ea00d7ede20ddc87ba5299be051688b0
9d73caa184430546064b4a31d6ccd007415bf369
cb3d723d424d039d7fb8ec387db1b701b7dfbd1c8bb4c73faa11ff4c3403c5fb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - US Postal Service
urlquery	phishing	Phishing - US Postal Service

HTTP Headers

GET /moblie/client/assets/css/vendor/bootstrap/3.5.5/bootstrap.min.css HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Sat, 09 Jul 2022 00:52:04 GMT
etag: "1de72-5e354ba2fb500-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 20168
content-type: text/css
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9898
Expires: Thu, 02 Feb 2023 03:22:30 GMT
Date: Thu, 02 Feb 2023 00:37:32 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9898
Expires: Thu, 02 Feb 2023 03:22:30 GMT
Date: Thu, 02 Feb 2023 00:37:32 GMT
Connection: keep-alive

uiaps.aslabd.top/moblie/client/assets/css/vendor/bootstrap/3.5.5/bootstrap-sticky-footer.css

155.94.128.18

200 OK

122 B

URL HTTP/2
uiaps.aslabd.top/moblie/client/assets/css/vendor/bootstrap/3.5.5/bootstrap-sticky-footer.css
IP
155.94.128.18:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
ASCII text, with no line terminators
Size
122 B (122 bytes)
Hash
202bf872c1139a76e1c7c09b9911abaf
83d628b973e072a6eb8badc6fb7ec92b97ee702b
29e3eb3901a296d0df7bea405811e9fb3642e9565032f22aace6828d018f257f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - US Postal Service
urlquery	phishing	Phishing - US Postal Service

HTTP Headers

GET /moblie/client/assets/css/vendor/bootstrap/3.5.5/bootstrap-sticky-footer.css HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Sat, 09 Jul 2022 00:52:00 GMT
etag: "89-5e354b9f2ac00-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 122
content-type: text/css
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb20c182-a39b-4222-8a27-155f67b554ab.webp

34.120.237.76

200 OK

3.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb20c182-a39b-4222-8a27-155f67b554ab.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.5 kB (3541 bytes)
Hash
4c0980cc80018f2218e1a5a7336a4bcc
461e33619154423dbbf49407a80b70ade9078593
4375676d6ce36b3ec3923eefe2007bb96d96135dae10103a886c24fc9063fce9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb20c182-a39b-4222-8a27-155f67b554ab.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3541
x-amzn-requestid: f65e4be6-20ff-4f14-a722-d6c2c4631a5f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5YHQqoAMFeBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6f-5f9183ed1c2cb640249c2b09;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dhCNUaZl9ATxaIgoLz8bF1ZxjW31vJ6rx-BLhIKVjmoG4tPFH7WZZQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:25:11 GMT
age: 7941
etag: "461e33619154423dbbf49407a80b70ade9078593"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

313 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
313 B (313 bytes)
Hash
f34e13cd7bd2390540358d01cbc690ff
15a098b4cd8fbd001a15d36207579fe9b18d4c07
1a74d35e15a7479290f811969f72f0de78f65bcb5b42bdfe673719d746839682

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6283
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 00:37:32 GMT
Last-Modified: Wed, 01 Feb 2023 22:52:49 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 313

34.120.237.76

200 OK

9.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.6 kB (9600 bytes)
Hash
3366ef4f8733cb9c89a5c88f63a0a441
7da46843b6d885f38a4759a08e6c899906ab7b97
7114397ee5c251cc5cb46f3433c2cc17ff68a08e0872e227671198e9b61eba0a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 9600
x-amzn-requestid: 48094e1a-d550-4a91-b87c-4a08505f7cce
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVsWcFN7IAMF2pg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d2275c-5ced593a7e2126c9494563df;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 07:10:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aZOeDFqBJQoGwLpIs-GpPvY0FKGCAOXY6MgzG32qzX-kVzUCKKv-kw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 02:29:58 GMT
age: 79654
etag: "7da46843b6d885f38a4759a08e6c899906ab7b97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d335250-c4ff-42af-b9c2-48711573ab39.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4814 bytes)
Hash
86664b4d1fc27ba7b5bff8a245604326
b8c7ef73101a497b6c78ad59aafe66a391fdc3fa
e4596faadf14051299036a79632951d90183dd0635293687edef11985799a752

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d335250-c4ff-42af-b9c2-48711573ab39.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4814
x-amzn-requestid: 90da23ab-2c54-40ec-8e26-bdf4eeb1e27b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frdKWFpvoAMFyPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadbdb-70c4cb89413ed6bd44731d76;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:38:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: htcecPD3kYwCPwPPCqgVuXnCuKo6TTKntzaB2xFID5fvBXpZQe463A==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:59:38 GMT
age: 9474
etag: "b8c7ef73101a497b6c78ad59aafe66a391fdc3fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.4 kB (5356 bytes)
Hash
7c823f1d6bf1c50d58eb263b85e6e37c
a7b74d11494fb3254df907e5cc1eead070d84617
b2706961eb756383e0988dfdb501dc424aea59697aedd1e4a6c294c314a31935

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5356
x-amzn-requestid: fef22c83-35a4-4990-9008-af5853f838d1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5BEB6oAMFczg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6c-68d3017555c069bc3107d150;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XyDZc0F-b0rxwoS5wvSXBuBfYE7JljMmuXseBjLOBk4HvxU5gE7Oqg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:18:55 GMT
age: 8317
etag: "a7b74d11494fb3254df907e5cc1eead070d84617"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F868f7eb5-a922-48b3-b59c-21db2389409e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.4 kB (9416 bytes)
Hash
6790e3bf4d10b1ffba32a22dc588c640
cdae35517dfea800134393a1095f44462bc428a5
4f4132588ee7337fff24da64b89e43b277c4ef0a2646acfba37aea08fc0f4256

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F868f7eb5-a922-48b3-b59c-21db2389409e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9416
x-amzn-requestid: acc48967-4cc1-4bfd-bc33-7bcefd8e6547
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frdKVGjqIAMFa2w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadbdb-1d1cd4de0a30760e792d32e5;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:38:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: tO6GOuwj9So6Itm9ug-EQgF5iJ3NPidhS8OY4LpBvq0XftWTqGcOHA==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:57:16 GMT
age: 9616
etag: "cdae35517dfea800134393a1095f44462bc428a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdd8c5ba-bd1b-4dda-ae36-680f02b388f8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10807 bytes)
Hash
b91a1323efe4b01a2d1a2e8485117934
43d04a554f6ef512e7b21ac09287efc0e4e5efee
393e3ab81aee9fda022d06c25789be66e56aaf56f81b0514ab5dfec445087bdf

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdd8c5ba-bd1b-4dda-ae36-680f02b388f8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10807
x-amzn-requestid: 3c6771b8-3ae0-4300-9d84-9311c15389ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmJ2JGh3oAMFp0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bcf3-27479faf4518900c03b84144;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:02:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: oZ6etg6l7SjzCMTg-7DhIeEXMmempp9_kMb3ITzUqbrXKz2wz0qJ0w==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 07:02:22 GMT
age: 63310
etag: "43d04a554f6ef512e7b21ac09287efc0e4e5efee"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

uiaps.aslabd.top/moblie/client/assets/css/vendor/bootstrap/3.5.5/theme.css

155.94.128.18

200 OK

9.3 kB

URL HTTP/2
uiaps.aslabd.top/moblie/client/assets/css/vendor/bootstrap/3.5.5/theme.css
IP
155.94.128.18:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
ASCII text, with very long lines (1137)
Size
9.3 kB (9301 bytes)
Hash
7dff2db828b763d39ef8c85a84e6be27
0cba53d423689306a8bff4268830adc8cebacc7d
c3bda5b3e63e02b5155eb0f3ac4bd1c2ea8a0b5333647c48431adf003583d843

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - US Postal Service
urlquery	phishing	Phishing - US Postal Service

HTTP Headers

GET /moblie/client/assets/css/vendor/bootstrap/3.5.5/theme.css HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Sat, 09 Jul 2022 00:52:08 GMT
etag: "a7df-5e354ba6cbe00-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 9301
content-type: text/css
X-Firefox-Spdy: h2

uiaps.aslabd.top/moblie/client/assets/images/des_brd_2color_logo_274x79.png

155.94.128.18

200 OK

7.2 kB

URL HTTP/2
uiaps.aslabd.top/moblie/client/assets/images/des_brd_2color_logo_274x79.png
IP
155.94.128.18:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
PNG image data, 274 x 79, 8-bit/color RGBA, non-interlaced\012- data
Size
7.2 kB (7177 bytes)
Hash
7540a3abf4dc11dcbd1d381523956ad4
c634a237fb86e9eb6efe396bc5dd1548956c338f
194aeec3c0a28672905ad28fc88a464c2db67ab4277b1d29c3e5275013f2c638

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - US Postal Service
urlquery	phishing	Phishing - US Postal Service

HTTP Headers

GET /moblie/client/assets/images/des_brd_2color_logo_274x79.png HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Sat, 09 Jul 2022 00:53:06 GMT
etag: "1c09-5e354bde1c080"
accept-ranges: bytes
content-length: 7177
content-type: image/png
X-Firefox-Spdy: h2

uiaps.aslabd.top/moblie/client/assets/images/icons/info-help15x15.png

155.94.128.18

200 OK

1.3 kB

URL HTTP/2
uiaps.aslabd.top/moblie/client/assets/images/icons/info-help15x15.png
IP
155.94.128.18:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1283 bytes)
Hash
d8ed32428438c6b59f5bda90de72d32a
f21457fd013ca3c92d642d9b12cec0916ba25d93
8ad6e9b6cf4e440ea128653a10923efb54c618983c131c20d1a6753e8895248e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - US Postal Service
urlquery	phishing	Phishing - US Postal Service

HTTP Headers

GET /moblie/client/assets/images/icons/info-help15x15.png HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Sat, 09 Jul 2022 00:54:02 GMT
etag: "503-5e354c1383e80"
accept-ranges: bytes
content-length: 1283
content-type: image/png
X-Firefox-Spdy: h2

uiaps.aslabd.top/moblie/client/assets/images/ajax-loader-t.gif

155.94.128.18

200 OK

3.2 kB

URL HTTP/2
uiaps.aslabd.top/moblie/client/assets/images/ajax-loader-t.gif
IP
155.94.128.18:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
GIF image data, version 89a, 32 x 32\012- data
Size
3.2 kB (3208 bytes)
Hash
b9f5558507d20d1501a945f9bc0f4ce4
672975a0c049de369b02bd1b5ce0820fd5d9832d
d2a3b54eecee14be7278f861de0d7d95509321f0a28fd18052334cbbd369201a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - US Postal Service
urlquery	phishing	Phishing - US Postal Service

HTTP Headers

GET /moblie/client/assets/images/ajax-loader-t.gif HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Sat, 09 Jul 2022 00:53:02 GMT
etag: "c88-5e354bda4b780"
accept-ranges: bytes
content-length: 3208
content-type: image/gif
X-Firefox-Spdy: h2

uiaps.aslabd.top/moblie/client/assets/images/icons/2fa-icon.png

155.94.128.18

200 OK

2.5 kB

URL HTTP/2
uiaps.aslabd.top/moblie/client/assets/images/icons/2fa-icon.png
IP
155.94.128.18:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size
2.5 kB (2517 bytes)
Hash
ed58ae8c4bb20a8b801a22eb6a83919e
1382abb7e29df3b2c0acb877792dd4792ea86ebb
47b1abfa4a9ed23a1464dd547de8ae545d34e3aa8f1abe03497d8339acef4d89

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - US Postal Service
urlquery	phishing	Phishing - US Postal Service

HTTP Headers

GET /moblie/client/assets/images/icons/2fa-icon.png HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Sat, 09 Jul 2022 00:54:00 GMT
etag: "9d5-5e354c119ba00"
accept-ranges: bytes
content-length: 2517
content-type: image/png
X-Firefox-Spdy: h2

uiaps.aslabd.top/moblie/client/assets/images/logo-mini-sb.png

155.94.128.18

200 OK

24 kB

URL HTTP/2
uiaps.aslabd.top/moblie/client/assets/images/logo-mini-sb.png
IP
155.94.128.18:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
PNG image data, 135 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
24 kB (23625 bytes)
Hash
43707dd65a8c8ec7754b7b45fd483488
f258a5de57dfa37baf13296da6055e8f8881d742
585262db6911000f59795831f9db7bb41477bcafb135c82b51b0473363134fcf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - US Postal Service
urlquery	phishing	Phishing - US Postal Service

HTTP Headers

GET /moblie/client/assets/images/logo-mini-sb.png HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Sat, 09 Jul 2022 00:53:08 GMT
etag: "5c49-5e354be004500"
accept-ranges: bytes
content-length: 23625
content-type: image/png
X-Firefox-Spdy: h2

uiaps.aslabd.top/moblie/client/assets/images/footer/pinterest48x48.png

155.94.128.18

200 OK

2.0 kB

URL HTTP/2
uiaps.aslabd.top/moblie/client/assets/images/footer/pinterest48x48.png
IP
155.94.128.18:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
2.0 kB (1996 bytes)
Hash
54dc20cc381ff8ecf17ea8b9df75ce80
87b5f3be2555879dae3e3dbd24ccc025b3d803a5
6fd2af5507a1df9cd3c999db9194edc98039847c67180805ab0029fb4598a047

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - US Postal Service
urlquery	phishing	Phishing - US Postal Service

HTTP Headers

GET /moblie/client/assets/images/footer/pinterest48x48.png HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Sat, 09 Jul 2022 00:53:26 GMT
etag: "7cc-5e354bf12ed80"
accept-ranges: bytes
content-length: 1996
content-type: image/png
X-Firefox-Spdy: h2

uiaps.aslabd.top/moblie/js/index.js

155.94.128.18

200 OK

482 B

URL HTTP/2
uiaps.aslabd.top/moblie/js/index.js
IP
155.94.128.18:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
ASCII text, with CRLF line terminators
Size
482 B (482 bytes)
Hash
5162b2972eec2617755f7284ab8abe82
3140c674ae56b6dd06b16028b3b27615900118be
3dc6445a493e25ccdbbf7478a3785d455818dbad0d021470776e0bc38abd2712

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - US Postal Service
urlquery	phishing	Phishing - US Postal Service
fortinet	Phishing

HTTP Headers

GET /moblie/js/index.js HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Sat, 09 Jul 2022 03:27:38 GMT
etag: "587-5e356e6893e80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 482
content-type: application/javascript
X-Firefox-Spdy: h2

uiaps.aslabd.top/moblie/client/assets/images/footer/twitter48x48.png

155.94.128.18

200 OK

1.4 kB

URL HTTP/2
uiaps.aslabd.top/moblie/client/assets/images/footer/twitter48x48.png
IP
155.94.128.18:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
1.4 kB (1395 bytes)
Hash
015947f8ccadf27595ad94b782d88e1d
c3c99750c0e8a5566b85eaa809b0a073cd37f5b3
425a82462746dcfb9a7d37c280e886854f4e4978e75c2c33a16faea430c29a92

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - US Postal Service
urlquery	phishing	Phishing - US Postal Service

HTTP Headers

GET /moblie/client/assets/images/footer/twitter48x48.png HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Sat, 09 Jul 2022 00:53:30 GMT
etag: "573-5e354bf4ff680"
accept-ranges: bytes
content-length: 1395
content-type: image/png
X-Firefox-Spdy: h2

uiaps.aslabd.top/moblie/client/assets/images/footer/facebook48x49.png

155.94.128.18

200 OK

1.4 kB

URL HTTP/2
uiaps.aslabd.top/moblie/client/assets/images/footer/facebook48x49.png
IP
155.94.128.18:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
PNG image data, 48 x 49, 8-bit/color RGBA, non-interlaced\012- data
Size
1.4 kB (1375 bytes)
Hash
d46df5d19bd775a76ca6613008d35fcd
d2794edaea979827392169d66e7224fb3443b654
a701a4fd9e20d0562398d2b44f95c084aa07ab31ef0ca321260a8dbe53c8e949

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - US Postal Service
urlquery	phishing	Phishing - US Postal Service

HTTP Headers

GET /moblie/client/assets/images/footer/facebook48x49.png HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Sat, 09 Jul 2022 00:53:24 GMT
etag: "55f-5e354bef46900"
accept-ranges: bytes
content-length: 1375
content-type: image/png
X-Firefox-Spdy: h2

t.co/i/adsct?bci=3&eci=2&event_id=496f59d0-cb78-4ac6-be35-79c9aa607f21&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=e6038cf0-d830-4461-b06d-22240387d858&tw_document_href=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D1*1ax5i3a*_ga*NDY0MDc2OTA3LjE2NTczNzU5NjA.*_ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nugcr&type=javascript&version=2.3.23

104.244.42.69

200 OK

43 B

URL HTTP/2
t.co/i/adsct?bci=3&eci=2&event_id=496f59d0-cb78-4ac6-be35-79c9aa607f21&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=e6038cf0-d830-4461-b06d-22240387d858&tw_document_href=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D1*1ax5i3a*_ga*NDY0MDc2OTA3LjE2NTczNzU5NjA.*_ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nugcr&type=javascript&version=2.3.23
IP
104.244.42.69:0
ASN
#13414 TWITTER

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
377d257f2d2e294916143c069141c1c5
b7cae69682cf31dd670b65088db8395acda6ed3e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

HTTP Headers

GET /i/adsct?bci=3&eci=2&event_id=496f59d0-cb78-4ac6-be35-79c9aa607f21&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=e6038cf0-d830-4461-b06d-22240387d858&tw_document_href=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D1*1ax5i3a*_ga*NDY0MDc2OTA3LjE2NTczNzU5NjA.*_ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nugcr&type=javascript&version=2.3.23 HTTP/1.1
Host: t.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
perf: 7626143928
server: tsa_o
set-cookie: muc_ads=a3ab9767-e9f3-4485-b147-eadae42ba4b6; Max-Age=63072000; Expires=Sat, 01 Feb 2025 00:37:32 GMT; Path=/; Domain=t.co; Secure; SameSite=None
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
content-length: 43
x-transaction-id: 27ab21d46946dc08
strict-transport-security: max-age=0
x-response-time: 106
x-connection-hash: b47dca0fb05a993c0a7a5d14cce38c96aded0493431db6a757e2e850c38e6838
X-Firefox-Spdy: h2

uiaps.aslabd.top/moblie/client/assets/images/footer/youtube48x49.png

155.94.128.18

200 OK

1.6 kB

URL HTTP/2
uiaps.aslabd.top/moblie/client/assets/images/footer/youtube48x49.png
IP
155.94.128.18:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
PNG image data, 48 x 49, 8-bit/color RGBA, non-interlaced\012- data
Size
1.6 kB (1633 bytes)
Hash
fb929fa380aaeed073dbdb38de2b3df9
9a0b8f95563908ade94d2a5851cc850ad03db8b5
4786e97fe2669de027de568671d81dcbf85af8dee7aadf8da607d07d2f9f3d36

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - US Postal Service
urlquery	phishing	Phishing - US Postal Service

HTTP Headers

GET /moblie/client/assets/images/footer/youtube48x49.png HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Sat, 09 Jul 2022 00:53:32 GMT
etag: "661-5e354bf6e7b00"
accept-ranges: bytes
content-length: 1633
content-type: image/png
X-Firefox-Spdy: h2

uiaps.aslabd.top/entreg/assets/images/header/sm-pipe-boot.gif

155.94.128.18

404 Not Found

263 B

URL HTTP/2
uiaps.aslabd.top/entreg/assets/images/header/sm-pipe-boot.gif
IP
155.94.128.18:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
263 B (263 bytes)
Hash
7692b4866685ca289c86d69ad1715f64
f02ad4da9a2fe5a710e3ffca71006228d0bb3f6d
00107779f620278608a01d743fa2f585b3457526281a77128bb4ff2479560420

HTTP Headers

GET /entreg/assets/images/header/sm-pipe-boot.gif HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/assets/css/vendor/bootstrap/3.5.5/theme.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
date: Thu, 02 Feb 2023 00:37:33 GMT
server: Apache
content-length: 263
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2

uiaps.aslabd.top/entreg/assets/fonts/usps/d5af76d8-a90b-4527-b3a3-182207cc3250.woff

155.94.128.18

404 Not Found

263 B

URL HTTP/2
uiaps.aslabd.top/entreg/assets/fonts/usps/d5af76d8-a90b-4527-b3a3-182207cc3250.woff
IP
155.94.128.18:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
263 B (263 bytes)
Hash
7692b4866685ca289c86d69ad1715f64
f02ad4da9a2fe5a710e3ffca71006228d0bb3f6d
00107779f620278608a01d743fa2f585b3457526281a77128bb4ff2479560420

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /entreg/assets/fonts/usps/d5af76d8-a90b-4527-b3a3-182207cc3250.woff HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/assets/css/globals/usps-fonts.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
date: Thu, 02 Feb 2023 00:37:33 GMT
server: Apache
content-length: 263
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2

uiaps.aslabd.top/moblie/client/assets/fonts/glyphicons/glyphicons-halflings-regular.woff2

155.94.128.18

404 Not Found

263 B

URL HTTP/2
uiaps.aslabd.top/moblie/client/assets/fonts/glyphicons/glyphicons-halflings-regular.woff2
IP
155.94.128.18:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
263 B (263 bytes)
Hash
7692b4866685ca289c86d69ad1715f64
f02ad4da9a2fe5a710e3ffca71006228d0bb3f6d
00107779f620278608a01d743fa2f585b3457526281a77128bb4ff2479560420

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /moblie/client/assets/fonts/glyphicons/glyphicons-halflings-regular.woff2 HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/assets/css/vendor/bootstrap/3.5.5/bootstrap.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
date: Thu, 02 Feb 2023 00:37:33 GMT
server: Apache
content-length: 263
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2

uiaps.aslabd.top/entreg/assets/fonts/usps/4a9c62ab-b359-4081-8383-a0d1cdebd111.woff

155.94.128.18

404 Not Found

263 B

URL HTTP/2
uiaps.aslabd.top/entreg/assets/fonts/usps/4a9c62ab-b359-4081-8383-a0d1cdebd111.woff
IP
155.94.128.18:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
263 B (263 bytes)
Hash
7692b4866685ca289c86d69ad1715f64
f02ad4da9a2fe5a710e3ffca71006228d0bb3f6d
00107779f620278608a01d743fa2f585b3457526281a77128bb4ff2479560420

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /entreg/assets/fonts/usps/4a9c62ab-b359-4081-8383-a0d1cdebd111.woff HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/assets/css/globals/usps-fonts.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
date: Thu, 02 Feb 2023 00:37:33 GMT
server: Apache
content-length: 263
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2

uiaps.aslabd.top/entreg/assets/fonts/usps/5b4a262e-3342-44e2-8ad7-719998a68134.woff

155.94.128.18

404 Not Found

263 B

URL HTTP/2
uiaps.aslabd.top/entreg/assets/fonts/usps/5b4a262e-3342-44e2-8ad7-719998a68134.woff
IP
155.94.128.18:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
263 B (263 bytes)
Hash
7692b4866685ca289c86d69ad1715f64
f02ad4da9a2fe5a710e3ffca71006228d0bb3f6d
00107779f620278608a01d743fa2f585b3457526281a77128bb4ff2479560420

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /entreg/assets/fonts/usps/5b4a262e-3342-44e2-8ad7-719998a68134.woff HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/assets/css/globals/usps-fonts.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
date: Thu, 02 Feb 2023 00:37:33 GMT
server: Apache
content-length: 263
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2

uiaps.aslabd.top/entreg/assets/fonts/usps/1d238354-d156-4dde-89ea-4770ef04b9f9.ttf

155.94.128.18

404 Not Found

263 B

URL HTTP/2
uiaps.aslabd.top/entreg/assets/fonts/usps/1d238354-d156-4dde-89ea-4770ef04b9f9.ttf
IP
155.94.128.18:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
263 B (263 bytes)
Hash
7692b4866685ca289c86d69ad1715f64
f02ad4da9a2fe5a710e3ffca71006228d0bb3f6d
00107779f620278608a01d743fa2f585b3457526281a77128bb4ff2479560420

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /entreg/assets/fonts/usps/1d238354-d156-4dde-89ea-4770ef04b9f9.ttf HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/assets/css/globals/usps-fonts.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
date: Thu, 02 Feb 2023 00:37:33 GMT
server: Apache
content-length: 263
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2

uiaps.aslabd.top/moblie/client/assets/fonts/glyphicons/glyphicons-halflings-regular.woff

155.94.128.18

404 Not Found

263 B

URL HTTP/2
uiaps.aslabd.top/moblie/client/assets/fonts/glyphicons/glyphicons-halflings-regular.woff
IP
155.94.128.18:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
263 B (263 bytes)
Hash
7692b4866685ca289c86d69ad1715f64
f02ad4da9a2fe5a710e3ffca71006228d0bb3f6d
00107779f620278608a01d743fa2f585b3457526281a77128bb4ff2479560420

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /moblie/client/assets/fonts/glyphicons/glyphicons-halflings-regular.woff HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/assets/css/vendor/bootstrap/3.5.5/bootstrap.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
date: Thu, 02 Feb 2023 00:37:33 GMT
server: Apache
content-length: 263
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2

uiaps.aslabd.top/entreg/assets/fonts/usps/db5f9ba6-05a4-433a-9461-0a6f257a0c3a.ttf

155.94.128.18

404 Not Found

263 B

URL HTTP/2
uiaps.aslabd.top/entreg/assets/fonts/usps/db5f9ba6-05a4-433a-9461-0a6f257a0c3a.ttf
IP
155.94.128.18:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
263 B (263 bytes)
Hash
7692b4866685ca289c86d69ad1715f64
f02ad4da9a2fe5a710e3ffca71006228d0bb3f6d
00107779f620278608a01d743fa2f585b3457526281a77128bb4ff2479560420

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /entreg/assets/fonts/usps/db5f9ba6-05a4-433a-9461-0a6f257a0c3a.ttf HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/assets/css/globals/usps-fonts.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
date: Thu, 02 Feb 2023 00:37:33 GMT
server: Apache
content-length: 263
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2

uiaps.aslabd.top/entreg/assets/fonts/usps/4a3ef5d8-cfd9-4b96-bd67-90215512f1e5.ttf

155.94.128.18

404 Not Found

263 B

URL HTTP/2
uiaps.aslabd.top/entreg/assets/fonts/usps/4a3ef5d8-cfd9-4b96-bd67-90215512f1e5.ttf
IP
155.94.128.18:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
263 B (263 bytes)
Hash
7692b4866685ca289c86d69ad1715f64
f02ad4da9a2fe5a710e3ffca71006228d0bb3f6d
00107779f620278608a01d743fa2f585b3457526281a77128bb4ff2479560420

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /entreg/assets/fonts/usps/4a3ef5d8-cfd9-4b96-bd67-90215512f1e5.ttf HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/assets/css/globals/usps-fonts.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
date: Thu, 02 Feb 2023 00:37:33 GMT
server: Apache
content-length: 263
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
5e01d6c641ea60dd765ab60412bdca59
58739badba2f4d3dd08520cef55eee687cd7dd16
9c6067fe0021e67a46df754c73bb5b41f693e70ff00fa9f0e4dca55ad3e50d9e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 00:37:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2dc2e297877f6332a114de88eeeaca61
cc91e58f3dd132b078223d21cd3177f0819e40e7
94f1191402d63bc2757d7ec854bc418dd6929b5aa9efb815d9bd35f8dab98fef

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 00:37:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

312 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
312 B (312 bytes)
Hash
48d422da608ad93de7b386b50965fc44
62da3f812d7e54aa5b2f6ea5155165594ac2a582
e8495eb429877fd01187938fa37616622e2b9caf23304d9a9f565dbc9e670472

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5188
Cache-Control: max-age=86859
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 00:37:33 GMT
Etag: "63d9a1d4-138"
Expires: Fri, 03 Feb 2023 00:45:12 GMT
Last-Modified: Tue, 31 Jan 2023 23:18:44 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 312

www.googleadservices.com/pagead/conversion_async.js

142.250.74.98

200 OK

15 kB

URL HTTP/2
www.googleadservices.com/pagead/conversion_async.js
IP
142.250.74.98:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1654)
Size
15 kB (15164 bytes)
Hash
22eaa6491556c40c984bed61ff9892b5
253ec7921f896fab2d49656208b10d2a227c82de
f690af44bc7bb9724442c2f52648ce1c8365cc6010cc0af574f5e0dcddf7ee7f

HTTP Headers

GET /pagead/conversion_async.js HTTP/1.1
Host: www.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 02 Feb 2023 00:37:33 GMT
expires: Thu, 02 Feb 2023 00:37:33 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 8608601048380966470
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 15164
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/978081151/?random=1657381653943&cv=9&fst=1657381653943&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=5&u_nmime=2&gtm=2oa6t0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D1*1ax5i3a*_ga*NDY0MDc2OTA3LjE2NTczNzU5NjA.*_ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tiba=USPS.com%C2%AE%20-%20Sign%20In&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

142.250.74.98

200 OK

1.1 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/978081151/?random=1657381653943&cv=9&fst=1657381653943&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=5&u_nmime=2&gtm=2oa6t0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D1*1ax5i3a*_ga*NDY0MDc2OTA3LjE2NTczNzU5NjA.*_ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tiba=USPS.com%C2%AE%20-%20Sign%20In&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
IP
142.250.74.98:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2623), with no line terminators
Size
1.1 kB (1098 bytes)
Hash
de0a1466b4972b7d3226b815dbe8f701
bfd6e54d93d70c420f3d8503da457af7d03ae4bc
b62c5684dd26096860599748467497061acc35cb65a9203f916a5a1592189520

HTTP Headers

GET /pagead/viewthroughconversion/978081151/?random=1657381653943&cv=9&fst=1657381653943&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=5&u_nmime=2&gtm=2oa6t0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D1*1ax5i3a*_ga*NDY0MDc2OTA3LjE2NTczNzU5NjA.*_ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tiba=USPS.com%C2%AE%20-%20Sign%20In&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 00:37:33 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 1098
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 02-Feb-2023 00:52:33 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bat.bing.com/p/action/21006064.js

13.107.21.200

204 No Content

0 B

URL HTTP/2
bat.bing.com/p/action/21006064.js
IP
13.107.21.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /p/action/21006064.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
cache-control: private,max-age=1800
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D5491C912790490CB5A852CC1E6256E2 Ref B: OSL30EDGE0421 Ref C: 2023-02-02T00:37:33Z
date: Thu, 02 Feb 2023 00:37:32 GMT
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f44095f8ebc7d211f4ee24d88a703128
97263cb2c5d0237c08bee075fb75c8bddefddf2c
1183ec38cb48e7986d42d545c968616fe9f996f73849f1da6c111eb4ccfbb529

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 00:37:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2dc2e297877f6332a114de88eeeaca61
cc91e58f3dd132b078223d21cd3177f0819e40e7
94f1191402d63bc2757d7ec854bc418dd6929b5aa9efb815d9bd35f8dab98fef

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 00:37:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

uiaps.aslabd.top/moblie/client/assets/fonts/glyphicons/glyphicons-halflings-regular.ttf

155.94.128.18

404 Not Found

263 B

URL HTTP/2
uiaps.aslabd.top/moblie/client/assets/fonts/glyphicons/glyphicons-halflings-regular.ttf
IP
155.94.128.18:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
263 B (263 bytes)
Hash
7692b4866685ca289c86d69ad1715f64
f02ad4da9a2fe5a710e3ffca71006228d0bb3f6d
00107779f620278608a01d743fa2f585b3457526281a77128bb4ff2479560420

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /moblie/client/assets/fonts/glyphicons/glyphicons-halflings-regular.ttf HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/assets/css/vendor/bootstrap/3.5.5/bootstrap.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
date: Thu, 02 Feb 2023 00:37:33 GMT
server: Apache
content-length: 263
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
a4253e662d539c01b8656dbb6d73aab1
08f71eead367b6fa76b99f7f590680a5f5650b62
f05b99f6b0c8fb5c38221d02c0c9ed96389fbd5105d6329cdc733d1fae411df2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 00:37:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
df4a6d84addba49571d9f6ae44c61a3f
28c8093de27e27645cf6dfd5ae93a62fc77b9be5
cb6623b08b6245ea11bb871729613e453046d427d738a8c6431c5da8347e6e05

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 00:37:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=496f59d0-cb78-4ac6-be35-79c9aa607f21&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=e6038cf0-d830-4461-b06d-22240387d858&tw_document_href=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D1*1ax5i3a*_ga*NDY0MDc2OTA3LjE2NTczNzU5NjA.*_ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nugcr&type=javascript&version=2.3.23

104.244.42.3

200 OK

43 B

URL HTTP/2
analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=496f59d0-cb78-4ac6-be35-79c9aa607f21&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=e6038cf0-d830-4461-b06d-22240387d858&tw_document_href=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D1*1ax5i3a*_ga*NDY0MDc2OTA3LjE2NTczNzU5NjA.*_ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nugcr&type=javascript&version=2.3.23
IP
104.244.42.3:0
ASN
#13414 TWITTER

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
377d257f2d2e294916143c069141c1c5
b7cae69682cf31dd670b65088db8395acda6ed3e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

HTTP Headers

GET /i/adsct?bci=3&eci=2&event_id=496f59d0-cb78-4ac6-be35-79c9aa607f21&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=e6038cf0-d830-4461-b06d-22240387d858&tw_document_href=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D1*1ax5i3a*_ga*NDY0MDc2OTA3LjE2NTczNzU5NjA.*_ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nugcr&type=javascript&version=2.3.23 HTTP/1.1
Host: analytics.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:33 GMT
perf: 7626143928
server: tsa_o
set-cookie: personalization_id="v1_fiLNZkNJLZsXP6+7HnZwnQ=="; Max-Age=63072000; Expires=Sat, 01 Feb 2025 00:37:33 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
content-length: 43
x-transaction-id: 05b07234db9e238e
strict-transport-security: max-age=631138519
x-response-time: 103
x-connection-hash: e11516e8ca466a5c64bf045f4b42591838dd0bd24ed816cb870e73e41af5c143
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/978081151/?random=1657381653943&cv=9&fst=1657378800000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=5&u_nmime=2&gtm=2oa6t0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D1*1ax5i3a*_ga*NDY0MDc2OTA3LjE2NTczNzU5NjA.*_ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tiba=USPS.com%C2%AE%20-%20Sign%20In&async=1&fmt=3&is_vtc=1&random=1194023422&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

142.250.74.163

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/978081151/?random=1657381653943&cv=9&fst=1657378800000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=5&u_nmime=2&gtm=2oa6t0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D1*1ax5i3a*_ga*NDY0MDc2OTA3LjE2NTczNzU5NjA.*_ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tiba=USPS.com%C2%AE%20-%20Sign%20In&async=1&fmt=3&is_vtc=1&random=1194023422&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/978081151/?random=1657381653943&cv=9&fst=1657378800000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=5&u_nmime=2&gtm=2oa6t0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D1*1ax5i3a*_ga*NDY0MDc2OTA3LjE2NTczNzU5NjA.*_ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tiba=USPS.com%C2%AE%20-%20Sign%20In&async=1&fmt=3&is_vtc=1&random=1194023422&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 00:37:33 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/pagead/1p-user-list/978081151/?random=1657381653943&cv=9&fst=1657378800000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=5&u_nmime=2&gtm=2oa6t0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D1*1ax5i3a*_ga*NDY0MDc2OTA3LjE2NTczNzU5NjA.*_ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tiba=USPS.com%C2%AE%20-%20Sign%20In&async=1&fmt=3&is_vtc=1&random=1194023422&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

142.250.74.164

200 OK

42 B

URL HTTP/2
www.google.com/pagead/1p-user-list/978081151/?random=1657381653943&cv=9&fst=1657378800000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=5&u_nmime=2&gtm=2oa6t0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D1*1ax5i3a*_ga*NDY0MDc2OTA3LjE2NTczNzU5NjA.*_ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tiba=USPS.com%C2%AE%20-%20Sign%20In&async=1&fmt=3&is_vtc=1&random=1194023422&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/978081151/?random=1657381653943&cv=9&fst=1657378800000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=5&u_nmime=2&gtm=2oa6t0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D1*1ax5i3a*_ga*NDY0MDc2OTA3LjE2NTczNzU5NjA.*_ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tiba=USPS.com%C2%AE%20-%20Sign%20In&async=1&fmt=3&is_vtc=1&random=1194023422&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 00:37:33 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

uiaps.aslabd.top/moblie/client/favicon.ico

155.94.128.18

200 OK

5.5 kB

URL HTTP/2
uiaps.aslabd.top/moblie/client/favicon.ico
IP
155.94.128.18:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type
MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
5.5 kB (5515 bytes)
Hash
22c4870923e0f7ddc1ea7da681309e53
901d2af5294c75c623809804138fa3fe88d9cdad
83f51fdc82874452f15022eece208e629759e495c8cd9e98eb30bfb4e4883d0b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - US Postal Service
urlquery	phishing	Phishing - US Postal Service

HTTP Headers

GET /moblie/client/favicon.ico HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:33 GMT
server: Apache
last-modified: Fri, 08 Jul 2022 23:38:14 GMT
etag: "7d26-5e353b2234580-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 5515
content-type: image/x-icon
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
a4253e662d539c01b8656dbb6d73aab1
08f71eead367b6fa76b99f7f590680a5f5650b62
f05b99f6b0c8fb5c38221d02c0c9ed96389fbd5105d6329cdc733d1fae411df2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 00:37:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d06fd066caf4dfa1e21a722a5c468158
acb765577662906ae8e11242bed487ce1051db28
4b45760de269e60345d43ff2da6c5803722f7c052edd0a9f5258ce69b2ffa32f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 00:37:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

uiaps.aslabd.top/moblie/js/vue.js

155.94.128.18

200 OK

0 B

URL HTTP/2
uiaps.aslabd.top/moblie/js/vue.js
IP
155.94.128.18:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /moblie/js/vue.js HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Tue, 27 Apr 2021 20:12:48 GMT
etag: "53882-5c0f9e2cc9000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
X-Firefox-Spdy: h2

uiaps.aslabd.top/moblie/js/jquery-3.5.1.js

155.94.128.18

200 OK

0 B

URL HTTP/2
uiaps.aslabd.top/moblie/js/jquery-3.5.1.js
IP
155.94.128.18:0
ASN
#8100 ASN-QUADRANET-GLOBAL

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /moblie/js/jquery-3.5.1.js HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Mon, 22 Jun 2020 15:11:14 GMT
etag: "4638e-5a8ada7592880-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (88)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type