detectportal.firefox.com/success.txt?ipv4
34.107.221.82200 OK 8 B URL HTTP/1.1 detectportal.firefox.com/success.txt?ipv4
IP 34.107.221.82:0
Hash ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5
GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Wed, 01 Feb 2023 16:22:32 GMT
Age: 29698
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7e05c8461bd2dc5a149f71e2c465ea29
705983959c887e243cb55a8a1796757b579ee977
4d9ea085d5dda9dabed11af9847c2b0aa6182358673b356a4e2bd631e22a9922
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4D9EA085D5DDA9DABED11AF9847C2B0AA6182358673B356A4E2BD631E22A9922"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18087
Expires: Thu, 02 Feb 2023 05:38:57 GMT
Date: Thu, 02 Feb 2023 00:37:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f824bb31f87f078e781d131ced301dc2
b7436030d0ee961cfe45fdc9ab8a7b3a9e8c369b
8c5f5dacb00b9740acdba2124d86cc2086ece69d90bd78499e541c64d0d61fe0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8C5F5DACB00B9740ACDBA2124D86CC2086ECE69D90BD78499E541C64D0D61FE0"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2435
Expires: Thu, 02 Feb 2023 01:18:05 GMT
Date: Thu, 02 Feb 2023 00:37:30 GMT
Connection: keep-alive
getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30
34.120.5.221200 OK 41 kB URL HTTP/2 getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30
IP 34.120.5.221:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 406c283b800488fe55e2d1cbdf6fd9d0
05372da3ebe18029db91067339a4510e87bbc9cd
00f72ed9ffe6beb3a48b9d7a18e8410694cf58e114af54ba5bda10045d462fbe
GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30 HTTP/1.1
Host: getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
vary: Accept-Encoding
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Hit from cloudfront
x-amz-cf-pop: SEA73-P2
x-amz-cf-id: 1zNtN3ytzs1pHPSSTPAmvqMGcRGH7tPQ8gZQOem18L8nL9UniHyYcw==
content-encoding: gzip
via: 1.1 c21a0d27ceec21e266c9f962d0349438.cloudfront.net (CloudFront), 1.1 google
content-length: 40688
date: Thu, 02 Feb 2023 00:23:52 GMT
age: 818
content-type: application/json
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a8d45deaa7ebfcd996c2055dae592ab8
55befe074589fe7b39757c145968058162a8fc6b
50d7d516f446458145a304b288a0a39d391cd37ea50dabea36ae48d291c65ba7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "50D7D516F446458145A304B288A0A39D391CD37EA50DABEA36AE48D291C65BA7"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12105
Expires: Thu, 02 Feb 2023 03:59:15 GMT
Date: Thu, 02 Feb 2023 00:37:30 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: +iHN3B14phQ4hlB3Yd3XScidTWh7v8EJ6NU44ZZ/ASc9Za9gc6/qiWFT5oSs5qtsRQNCIUjS88Y=
x-amz-request-id: A1QFFMVA787NN8KJ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 01 Feb 2023 23:58:45 GMT
age: 2325
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16873
Expires: Thu, 02 Feb 2023 05:18:43 GMT
Date: Thu, 02 Feb 2023 00:37:30 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 02 Feb 2023 00:36:02 GMT
content-type: application/json
age: 88
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 00:37:30 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
detectportal.firefox.com/success.txt?ipv4
34.107.221.82200 OK 8 B URL HTTP/1.1 detectportal.firefox.com/success.txt?ipv4
IP 34.107.221.82:0
Hash ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5
GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Wed, 01 Feb 2023 16:22:32 GMT
Age: 29698
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4dd913fe637959787cb8780d1f605e86
a004e39181234f348c63bd45cbc6de6c310aa11f
425f78c5a5b836274ac9fe06cf34f960fb4204efde192d48734cc2b026d94dbe
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6384
Cache-Control: max-age=162175
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 00:37:31 GMT
Etag: "63dac35a-1d7"
Expires: Fri, 03 Feb 2023 21:40:26 GMT
Last-Modified: Wed, 01 Feb 2023 19:54:02 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 01 Feb 2023 23:49:05 GMT
age: 2906
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13248
Expires: Thu, 02 Feb 2023 04:18:19 GMT
Date: Thu, 02 Feb 2023 00:37:31 GMT
Connection: keep-alive
shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
34.217.182.232200 OK 8 B URL HTTP/1.1 shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
IP 34.217.182.232:0
Hash 29fc57841962e407cb50c1be60284bf7
ce968a77e2996da5eee8925182318f171ccdce47
ae7e7075247dcfad763f1e131aeac3d2e756bb03d48b0d315a50c69636e5dc8b
POST /downloads?client=Firefox&appver=96.0a&pver=2.2 HTTP/1.1
Host: shavar.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 773
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Thu, 02 Feb 2023 00:37:31 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 8
Connection: Close
push.services.mozilla.com/
54.186.188.230101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.186.188.230:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: qWu7uyL1h0LDUtG7QZuTYw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 84rCDtKLOYaeXifDSfROI3oU0Gw=
firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221675286829275%22
35.241.9.150200 OK 21 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221675286829275%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (20973), with no line terminators
Hash 602f56b5723340edd2208f7b73403af3
c9f20abe9ddba784def605e658893079834be68d
0743125b19f0570ebf69804a47f08a29570db4e067ff94a3e326ac9b42a85a0a
GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221675286829275%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 20973
via: 1.1 google
date: Thu, 02 Feb 2023 00:32:06 GMT
age: 325
last-modified: Wed, 01 Feb 2023 21:27:09 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1675276638966&_since=%221666204638208%22
35.241.9.150200 OK 27 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1675276638966&_since=%221666204638208%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (26765), with no line terminators
Hash 2c1cc58703fc40ca187f64e8cba5bfe8
ec4585bd17814a72a12edbc7a2cf8b236b02d67b
ca2253dcc795afb0a3a9cd46885f3a8591b68576f50c80e6dc871eeb4006638a
GET /v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1675276638966&_since=%221666204638208%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 26765
via: 1.1 google
date: Thu, 02 Feb 2023 00:35:11 GMT
age: 140
last-modified: Wed, 01 Feb 2023 18:37:19 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 8Cbzar/cdBnem6wUkZ+inavYEMY/xcSCT/iLkvpcaCj79vQb8tMZq8jnVA6T/Upg+iLIxm+oM1s=
x-amz-request-id: 5M1W6M00BGJ9X8KS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 01 Feb 2023 23:43:14 GMT
age: 3257
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 02 Feb 2023 00:36:02 GMT
content-type: application/json
age: 89
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 772e98ffb218d146fb3dcc0ce821fbe8
f1f77d13cb54909cf8645417a4eaec9db01a7067
370a02f24b8582aa498635bd1ac597180dbb093e32ebddab7891d519abd5fd91
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "370A02F24B8582AA498635BD1AC597180DBB093E32EBDDAB7891D519ABD5FD91"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15836
Expires: Thu, 02 Feb 2023 05:01:27 GMT
Date: Thu, 02 Feb 2023 00:37:31 GMT
Connection: keep-alive
firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin
34.111.73.144200 OK 807 kB URL HTTP/2 firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin
IP 34.111.73.144:0
Size 807 kB (807180 bytes)
Hash 914be443bdfbe8a1c3ded61e1c114bd6
4fe7c5ff83f6a29e6699f4cebc17550891504661
41b036d0c889509d547296b238027a063c313261ad52d5f7bb81922011791857
GET /staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin HTTP/1.1
Host: firefox-settings-attachments.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: DYhzcZihah3+nn9uccTU0QhbDsrYIGJkUq7DnVhCQOs6Y7PkJ/a98vsBufG9wJH7B/5czaGL4HQ=
x-amz-request-id: AQB6GT81KDJK8DAX
x-amz-version-id: K1ODzappZsD35qeu0OM5zvs_BP1eybj7
accept-ranges: bytes
server: AmazonS3
content-length: 807180
via: 1.1 google
date: Sat, 28 Jan 2023 15:34:35 GMT
age: 378176
last-modified: Tue, 10 Jan 2023 12:38:46 GMT
etag: "914be443bdfbe8a1c3ded61e1c114bd6"
content-type: application/octet-stream
cache-control: public,max-age=604800
alt-svc: clear
X-Firefox-Spdy: h2
uiaps.aslabd.top/moblie/client/
155.94.128.18301 Moved Permanently 313 B URL HTTP/1.1 uiaps.aslabd.top/moblie/client/
IP 155.94.128.18:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash e3e75379a5cb750419c71988ad441ced
98db25b41a07395e349b1ef008b354604950f8c7
e6cf42c910de2c77e48cc8b618752d4fe7e4e9f74e070a97584e7f11df0d2d84
Analyzer Verdict Alert openphish United States Postal Service
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.top domain
GET /moblie/client/ HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 02 Feb 2023 00:37:31 GMT
Server: Apache
Location: https://uiaps.aslabd.top/moblie/client/
Content-Length: 313
Connection: close
Content-Type: text/html; charset=iso-8859-1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1674595012490&_since=%221662044085942%22
35.241.9.150200 OK 4.3 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1674595012490&_since=%221662044085942%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (4318), with no line terminators
Hash f907735e3715dc6d1879d3a6acc28609
9ef4d7f2c5b9b4583d992295b72d5f3a635b065e
b4977e583a6818ad9317b1d87e0536bdbbee1d11ae7a911f65c415f385739ba1
GET /v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1674595012490&_since=%221662044085942%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 4318
via: 1.1 google
date: Wed, 01 Feb 2023 23:58:38 GMT
age: 2333
last-modified: Wed, 01 Feb 2023 16:36:43 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22
35.241.9.150200 OK 1.7 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (1742), with no line terminators
Hash 22092e301760ed865af6ece6eb04b1be
557b52e40ec2d8f2fe080580a1858c8666791bf2
12afba8f5929ab372e9cffbbe57e8bb562c60fc0a98b751c69de1adc04fb4aea
GET /v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1742
via: 1.1 google
date: Thu, 02 Feb 2023 00:20:44 GMT
age: 1008
last-modified: Wed, 01 Feb 2023 16:36:43 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22
35.241.9.150200 OK 1.7 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (1719), with no line terminators
Hash 91fc66b0cc0a6a614095f1a64df0ae3b
36d83cd4aac353d81990df94ac1e5466483ab145
fee8713249b5cc35e5a4bb521c3a645c8b2a0c927c8384b99cf4f3a046e5d316
GET /v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1719
via: 1.1 google
date: Thu, 02 Feb 2023 00:27:54 GMT
age: 578
last-modified: Tue, 31 Jan 2023 16:36:45 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22
35.241.9.150200 OK 1.3 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (1250), with no line terminators
Hash 4b4dc2f2fa90e5157009acf4c7b1d589
ec64bb109dac848eafb80765cb510015c5d3ffd5
83ad9f7b27e6c7f20f257f0a3ff004ca69cfd0d4768222a51a655ac9ae139f6e
GET /v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1250
via: 1.1 google
date: Wed, 01 Feb 2023 23:47:35 GMT
age: 2997
last-modified: Tue, 31 Jan 2023 16:36:44 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1675179871619&_since=%221666279968541%22
35.241.9.150200 OK 70 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1675179871619&_since=%221666279968541%22
IP 35.241.9.150:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash bc236c9ea0619f60e837bef961954574
ff74159ccfd717e32b24874ed960411c389e8675
ab065bdee282a74b71c0b03b21444242851827c0f40d672173bcfb11c88384a3
GET /v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1675179871619&_since=%221666279968541%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 69773
via: 1.1 google
date: Thu, 02 Feb 2023 00:35:13 GMT
age: 139
last-modified: Tue, 31 Jan 2023 15:44:31 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
35.241.9.150200 OK 682 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (682), with no line terminators
Hash ee3b2ca8193a47eb1c2f1628b80b953f
6b53021c8663e3a0f874c5f030902a78c3ef1b9d
2cc501aa09d747a9b69b88c92f896650b9c9f5c32dae8b2315ab61c63d9a4ccc
GET /v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 682
via: 1.1 google
date: Wed, 01 Feb 2023 23:50:09 GMT
age: 2843
last-modified: Sun, 29 Jan 2023 16:36:52 GMT
etag: "1675010212483"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: MwfrBNriKYXNI7sFOEwqPLbModUmmzgKQML3OBBfofLhZbHK7c4yeF6cLTLFKIdtAVk4f7FMujE=
x-amz-request-id: DFQNHWBXJMBECEYQ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 01 Feb 2023 23:51:45 GMT
age: 2747
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22
35.241.9.150200 OK 935 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (935), with no line terminators
Hash 3d63398bfcd270d3aff50d730b7fbf8e
95b217d19c323845ba9739f9e343ffd4a050dc2a
28be153e42646803b6aa62501fcb5262eea2812237655cec6be8b2a3ff4e7d0c
GET /v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 935
via: 1.1 google
date: Thu, 02 Feb 2023 00:07:01 GMT
age: 1831
last-modified: Sat, 28 Jan 2023 16:36:44 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 389967ad1c83bccf7423dce7fdf271b6
9085bffb376304da75064d415739e19ce4f29caf
f5b304a1f278dd18e7442c27705e12ddb1fa9a1f38cab15edee1ab5330843ed0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F5B304A1F278DD18E7442C27705E12DDB1FA9A1F38CAB15EDEE1AB5330843ED0"
Last-Modified: Mon, 30 Jan 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21587
Expires: Thu, 02 Feb 2023 06:37:19 GMT
Date: Thu, 02 Feb 2023 00:37:32 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1674841566207&_since=%221666483264567%22
35.241.9.150200 OK 52 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1674841566207&_since=%221666483264567%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (52267), with no line terminators
Hash 43fa3c33ef7e1368ef38013ab44077ec
70447b3d512f20511dec32ecad04b77a76a86b6f
bae20740abda87eb747664b2ec70fb29c5ff7899292685645d7ed2c609727391
GET /v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1674841566207&_since=%221666483264567%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 52267
via: 1.1 google
date: Wed, 01 Feb 2023 23:29:15 GMT
age: 4097
last-modified: Fri, 27 Jan 2023 17:46:06 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22
35.241.9.150200 OK 1.5 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (1505), with no line terminators
Hash bf91148bc6bc52655c8e8138e8a0a4f4
919f632d0fa2021439aefb26804e6c811f077343
0b87aabbe04ee50ba0cdfdfd6710e761f3ede6ac42cc8faa1b136315529daabf
GET /v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1505
via: 1.1 google
date: Wed, 01 Feb 2023 23:49:29 GMT
age: 2883
last-modified: Fri, 27 Jan 2023 16:36:46 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1674751976728&_since=%221661199949574%22
35.241.9.150200 OK 18 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1674751976728&_since=%221661199949574%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (17471), with no line terminators
Hash 6e2d33aecce57f200365d89f518caa2a
0226b86348839e3398809b8e542aa7daf6909ba6
1fa13b584b43bddc8fd2e1fc57676c930b50dea74726a9c2fc55e35dca77ebfd
GET /v1/buckets/main/collections/search-config/changeset?_expected=1674751976728&_since=%221661199949574%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 17471
via: 1.1 google
date: Wed, 01 Feb 2023 23:54:25 GMT
age: 2587
last-modified: Thu, 26 Jan 2023 16:52:56 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
uiaps.aslabd.top/moblie/client/
155.94.128.18200 OK 10 kB URL HTTP/2 uiaps.aslabd.top/moblie/client/
IP 155.94.128.18:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (761), with CRLF line terminators
Hash 9dbc9a18c40df2141a035a9758ad2949
108cf6f8739d617c44bd47a66b058407b45da5b8
1a3a2e5624cc58baed76db3b05f8b40613d870b3ee116a7ed145d64f06cf7187
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
urlquery phishing Phishing - US Postal Service
openphish United States Postal Service
fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.top domain
GET /moblie/client/ HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Sat, 09 Jul 2022 03:30:50 GMT
etag: "e7ca-5e356f1faee80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 9965
content-type: text/html
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1674132577705&_since=%221657747510534%22
35.241.9.150200 OK 2.1 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1674132577705&_since=%221657747510534%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (2144), with no line terminators
Hash 5081e6ce6effca1e5ba513b8ee475b1c
56b570761e64c997d2340e4697a1c0e1b06cc0e5
df3c6bd21705a779e7eace5f711efb8e0c91a77a0fd18288d12cf49507f944a2
GET /v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1674132577705&_since=%221657747510534%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
content-type: application/json
date: Thu, 02 Feb 2023 00:37:32 GMT
last-modified: Thu, 26 Jan 2023 16:36:43 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 2144
via: 1.1 google
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
uiaps.aslabd.top/moblie/client/assets/css/globals/usps-fonts.css
155.94.128.18200 OK 870 B URL HTTP/2 uiaps.aslabd.top/moblie/client/assets/css/globals/usps-fonts.css
IP 155.94.128.18:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type CSV text\012- , ASCII text, with very long lines (548)
Hash 506e9f64f645e61384a9452c720729bd
d67ae5849f868c25a3f8950890c38eb2012ada48
480818c6bb9e16b65495ab341fb890ef7b2120c89a14e23d31cdd6827dec700c
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
urlquery phishing Phishing - US Postal Service
GET /moblie/client/assets/css/globals/usps-fonts.css HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Sat, 09 Jul 2022 00:51:36 GMT
etag: "cc7-5e354b8847600-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 870
content-type: text/css
X-Firefox-Spdy: h2
uiaps.aslabd.top/moblie/client/assets/css/vendor/bootstrap/3.5.5/bootstrap.min.css
155.94.128.18200 OK 20 kB URL HTTP/2 uiaps.aslabd.top/moblie/client/assets/css/vendor/bootstrap/3.5.5/bootstrap.min.css
IP 155.94.128.18:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type ASCII text, with very long lines (64985)
Hash ea00d7ede20ddc87ba5299be051688b0
9d73caa184430546064b4a31d6ccd007415bf369
cb3d723d424d039d7fb8ec387db1b701b7dfbd1c8bb4c73faa11ff4c3403c5fb
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
urlquery phishing Phishing - US Postal Service
GET /moblie/client/assets/css/vendor/bootstrap/3.5.5/bootstrap.min.css HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Sat, 09 Jul 2022 00:52:04 GMT
etag: "1de72-5e354ba2fb500-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 20168
content-type: text/css
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9898
Expires: Thu, 02 Feb 2023 03:22:30 GMT
Date: Thu, 02 Feb 2023 00:37:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9898
Expires: Thu, 02 Feb 2023 03:22:30 GMT
Date: Thu, 02 Feb 2023 00:37:32 GMT
Connection: keep-alive
uiaps.aslabd.top/moblie/client/assets/css/vendor/bootstrap/3.5.5/bootstrap-sticky-footer.css
155.94.128.18200 OK 122 B URL HTTP/2 uiaps.aslabd.top/moblie/client/assets/css/vendor/bootstrap/3.5.5/bootstrap-sticky-footer.css
IP 155.94.128.18:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type ASCII text, with no line terminators
Hash 202bf872c1139a76e1c7c09b9911abaf
83d628b973e072a6eb8badc6fb7ec92b97ee702b
29e3eb3901a296d0df7bea405811e9fb3642e9565032f22aace6828d018f257f
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
urlquery phishing Phishing - US Postal Service
GET /moblie/client/assets/css/vendor/bootstrap/3.5.5/bootstrap-sticky-footer.css HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Sat, 09 Jul 2022 00:52:00 GMT
etag: "89-5e354b9f2ac00-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 122
content-type: text/css
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb20c182-a39b-4222-8a27-155f67b554ab.webp
34.120.237.76200 OK 3.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb20c182-a39b-4222-8a27-155f67b554ab.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4c0980cc80018f2218e1a5a7336a4bcc
461e33619154423dbbf49407a80b70ade9078593
4375676d6ce36b3ec3923eefe2007bb96d96135dae10103a886c24fc9063fce9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb20c182-a39b-4222-8a27-155f67b554ab.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3541
x-amzn-requestid: f65e4be6-20ff-4f14-a722-d6c2c4631a5f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5YHQqoAMFeBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6f-5f9183ed1c2cb640249c2b09;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dhCNUaZl9ATxaIgoLz8bF1ZxjW31vJ6rx-BLhIKVjmoG4tPFH7WZZQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:25:11 GMT
age: 7941
etag: "461e33619154423dbbf49407a80b70ade9078593"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash f34e13cd7bd2390540358d01cbc690ff
15a098b4cd8fbd001a15d36207579fe9b18d4c07
1a74d35e15a7479290f811969f72f0de78f65bcb5b42bdfe673719d746839682
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6283
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 00:37:32 GMT
Last-Modified: Wed, 01 Feb 2023 22:52:49 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 313
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3366ef4f8733cb9c89a5c88f63a0a441
7da46843b6d885f38a4759a08e6c899906ab7b97
7114397ee5c251cc5cb46f3433c2cc17ff68a08e0872e227671198e9b61eba0a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9600
x-amzn-requestid: 48094e1a-d550-4a91-b87c-4a08505f7cce
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVsWcFN7IAMF2pg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d2275c-5ced593a7e2126c9494563df;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 07:10:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aZOeDFqBJQoGwLpIs-GpPvY0FKGCAOXY6MgzG32qzX-kVzUCKKv-kw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 02:29:58 GMT
age: 79654
etag: "7da46843b6d885f38a4759a08e6c899906ab7b97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d335250-c4ff-42af-b9c2-48711573ab39.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d335250-c4ff-42af-b9c2-48711573ab39.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 86664b4d1fc27ba7b5bff8a245604326
b8c7ef73101a497b6c78ad59aafe66a391fdc3fa
e4596faadf14051299036a79632951d90183dd0635293687edef11985799a752
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d335250-c4ff-42af-b9c2-48711573ab39.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4814
x-amzn-requestid: 90da23ab-2c54-40ec-8e26-bdf4eeb1e27b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frdKWFpvoAMFyPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadbdb-70c4cb89413ed6bd44731d76;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:38:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: htcecPD3kYwCPwPPCqgVuXnCuKo6TTKntzaB2xFID5fvBXpZQe463A==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:59:38 GMT
age: 9474
etag: "b8c7ef73101a497b6c78ad59aafe66a391fdc3fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7c823f1d6bf1c50d58eb263b85e6e37c
a7b74d11494fb3254df907e5cc1eead070d84617
b2706961eb756383e0988dfdb501dc424aea59697aedd1e4a6c294c314a31935
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5356
x-amzn-requestid: fef22c83-35a4-4990-9008-af5853f838d1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5BEB6oAMFczg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6c-68d3017555c069bc3107d150;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XyDZc0F-b0rxwoS5wvSXBuBfYE7JljMmuXseBjLOBk4HvxU5gE7Oqg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:18:55 GMT
age: 8317
etag: "a7b74d11494fb3254df907e5cc1eead070d84617"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F868f7eb5-a922-48b3-b59c-21db2389409e.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F868f7eb5-a922-48b3-b59c-21db2389409e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6790e3bf4d10b1ffba32a22dc588c640
cdae35517dfea800134393a1095f44462bc428a5
4f4132588ee7337fff24da64b89e43b277c4ef0a2646acfba37aea08fc0f4256
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F868f7eb5-a922-48b3-b59c-21db2389409e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9416
x-amzn-requestid: acc48967-4cc1-4bfd-bc33-7bcefd8e6547
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frdKVGjqIAMFa2w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadbdb-1d1cd4de0a30760e792d32e5;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:38:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: tO6GOuwj9So6Itm9ug-EQgF5iJ3NPidhS8OY4LpBvq0XftWTqGcOHA==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:57:16 GMT
age: 9616
etag: "cdae35517dfea800134393a1095f44462bc428a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdd8c5ba-bd1b-4dda-ae36-680f02b388f8.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdd8c5ba-bd1b-4dda-ae36-680f02b388f8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b91a1323efe4b01a2d1a2e8485117934
43d04a554f6ef512e7b21ac09287efc0e4e5efee
393e3ab81aee9fda022d06c25789be66e56aaf56f81b0514ab5dfec445087bdf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdd8c5ba-bd1b-4dda-ae36-680f02b388f8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10807
x-amzn-requestid: 3c6771b8-3ae0-4300-9d84-9311c15389ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmJ2JGh3oAMFp0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bcf3-27479faf4518900c03b84144;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:02:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: oZ6etg6l7SjzCMTg-7DhIeEXMmempp9_kMb3ITzUqbrXKz2wz0qJ0w==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 07:02:22 GMT
age: 63310
etag: "43d04a554f6ef512e7b21ac09287efc0e4e5efee"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
uiaps.aslabd.top/moblie/client/assets/css/vendor/bootstrap/3.5.5/theme.css
155.94.128.18200 OK 9.3 kB URL HTTP/2 uiaps.aslabd.top/moblie/client/assets/css/vendor/bootstrap/3.5.5/theme.css
IP 155.94.128.18:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type ASCII text, with very long lines (1137)
Hash 7dff2db828b763d39ef8c85a84e6be27
0cba53d423689306a8bff4268830adc8cebacc7d
c3bda5b3e63e02b5155eb0f3ac4bd1c2ea8a0b5333647c48431adf003583d843
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
urlquery phishing Phishing - US Postal Service
GET /moblie/client/assets/css/vendor/bootstrap/3.5.5/theme.css HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Sat, 09 Jul 2022 00:52:08 GMT
etag: "a7df-5e354ba6cbe00-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 9301
content-type: text/css
X-Firefox-Spdy: h2
uiaps.aslabd.top/moblie/client/assets/images/des_brd_2color_logo_274x79.png
155.94.128.18200 OK 7.2 kB URL HTTP/2 uiaps.aslabd.top/moblie/client/assets/images/des_brd_2color_logo_274x79.png
IP 155.94.128.18:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type PNG image data, 274 x 79, 8-bit/color RGBA, non-interlaced\012- data
Hash 7540a3abf4dc11dcbd1d381523956ad4
c634a237fb86e9eb6efe396bc5dd1548956c338f
194aeec3c0a28672905ad28fc88a464c2db67ab4277b1d29c3e5275013f2c638
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
urlquery phishing Phishing - US Postal Service
GET /moblie/client/assets/images/des_brd_2color_logo_274x79.png HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Sat, 09 Jul 2022 00:53:06 GMT
etag: "1c09-5e354bde1c080"
accept-ranges: bytes
content-length: 7177
content-type: image/png
X-Firefox-Spdy: h2
uiaps.aslabd.top/moblie/client/assets/images/icons/info-help15x15.png
155.94.128.18200 OK 1.3 kB URL HTTP/2 uiaps.aslabd.top/moblie/client/assets/images/icons/info-help15x15.png
IP 155.94.128.18:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced\012- data
Hash d8ed32428438c6b59f5bda90de72d32a
f21457fd013ca3c92d642d9b12cec0916ba25d93
8ad6e9b6cf4e440ea128653a10923efb54c618983c131c20d1a6753e8895248e
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
urlquery phishing Phishing - US Postal Service
GET /moblie/client/assets/images/icons/info-help15x15.png HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Sat, 09 Jul 2022 00:54:02 GMT
etag: "503-5e354c1383e80"
accept-ranges: bytes
content-length: 1283
content-type: image/png
X-Firefox-Spdy: h2
uiaps.aslabd.top/moblie/client/assets/images/ajax-loader-t.gif
155.94.128.18200 OK 3.2 kB URL HTTP/2 uiaps.aslabd.top/moblie/client/assets/images/ajax-loader-t.gif
IP 155.94.128.18:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type GIF image data, version 89a, 32 x 32\012- data
Hash b9f5558507d20d1501a945f9bc0f4ce4
672975a0c049de369b02bd1b5ce0820fd5d9832d
d2a3b54eecee14be7278f861de0d7d95509321f0a28fd18052334cbbd369201a
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
urlquery phishing Phishing - US Postal Service
GET /moblie/client/assets/images/ajax-loader-t.gif HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Sat, 09 Jul 2022 00:53:02 GMT
etag: "c88-5e354bda4b780"
accept-ranges: bytes
content-length: 3208
content-type: image/gif
X-Firefox-Spdy: h2
uiaps.aslabd.top/moblie/client/assets/images/icons/2fa-icon.png
155.94.128.18200 OK 2.5 kB URL HTTP/2 uiaps.aslabd.top/moblie/client/assets/images/icons/2fa-icon.png
IP 155.94.128.18:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced\012- data
Hash ed58ae8c4bb20a8b801a22eb6a83919e
1382abb7e29df3b2c0acb877792dd4792ea86ebb
47b1abfa4a9ed23a1464dd547de8ae545d34e3aa8f1abe03497d8339acef4d89
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
urlquery phishing Phishing - US Postal Service
GET /moblie/client/assets/images/icons/2fa-icon.png HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Sat, 09 Jul 2022 00:54:00 GMT
etag: "9d5-5e354c119ba00"
accept-ranges: bytes
content-length: 2517
content-type: image/png
X-Firefox-Spdy: h2
uiaps.aslabd.top/moblie/client/assets/images/logo-mini-sb.png
155.94.128.18200 OK 24 kB URL HTTP/2 uiaps.aslabd.top/moblie/client/assets/images/logo-mini-sb.png
IP 155.94.128.18:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type PNG image data, 135 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 43707dd65a8c8ec7754b7b45fd483488
f258a5de57dfa37baf13296da6055e8f8881d742
585262db6911000f59795831f9db7bb41477bcafb135c82b51b0473363134fcf
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
urlquery phishing Phishing - US Postal Service
GET /moblie/client/assets/images/logo-mini-sb.png HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Sat, 09 Jul 2022 00:53:08 GMT
etag: "5c49-5e354be004500"
accept-ranges: bytes
content-length: 23625
content-type: image/png
X-Firefox-Spdy: h2
uiaps.aslabd.top/moblie/client/assets/images/footer/pinterest48x48.png
155.94.128.18200 OK 2.0 kB URL HTTP/2 uiaps.aslabd.top/moblie/client/assets/images/footer/pinterest48x48.png
IP 155.94.128.18:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 54dc20cc381ff8ecf17ea8b9df75ce80
87b5f3be2555879dae3e3dbd24ccc025b3d803a5
6fd2af5507a1df9cd3c999db9194edc98039847c67180805ab0029fb4598a047
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
urlquery phishing Phishing - US Postal Service
GET /moblie/client/assets/images/footer/pinterest48x48.png HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Sat, 09 Jul 2022 00:53:26 GMT
etag: "7cc-5e354bf12ed80"
accept-ranges: bytes
content-length: 1996
content-type: image/png
X-Firefox-Spdy: h2
uiaps.aslabd.top/moblie/js/index.js
155.94.128.18200 OK 482 B URL HTTP/2 uiaps.aslabd.top/moblie/js/index.js
IP 155.94.128.18:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type ASCII text, with CRLF line terminators
Hash 5162b2972eec2617755f7284ab8abe82
3140c674ae56b6dd06b16028b3b27615900118be
3dc6445a493e25ccdbbf7478a3785d455818dbad0d021470776e0bc38abd2712
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
urlquery phishing Phishing - US Postal Service
fortinet Phishing
GET /moblie/js/index.js HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Sat, 09 Jul 2022 03:27:38 GMT
etag: "587-5e356e6893e80-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 482
content-type: application/javascript
X-Firefox-Spdy: h2
uiaps.aslabd.top/moblie/client/assets/images/footer/twitter48x48.png
155.94.128.18200 OK 1.4 kB URL HTTP/2 uiaps.aslabd.top/moblie/client/assets/images/footer/twitter48x48.png
IP 155.94.128.18:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 015947f8ccadf27595ad94b782d88e1d
c3c99750c0e8a5566b85eaa809b0a073cd37f5b3
425a82462746dcfb9a7d37c280e886854f4e4978e75c2c33a16faea430c29a92
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
urlquery phishing Phishing - US Postal Service
GET /moblie/client/assets/images/footer/twitter48x48.png HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Sat, 09 Jul 2022 00:53:30 GMT
etag: "573-5e354bf4ff680"
accept-ranges: bytes
content-length: 1395
content-type: image/png
X-Firefox-Spdy: h2
uiaps.aslabd.top/moblie/client/assets/images/footer/facebook48x49.png
155.94.128.18200 OK 1.4 kB URL HTTP/2 uiaps.aslabd.top/moblie/client/assets/images/footer/facebook48x49.png
IP 155.94.128.18:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type PNG image data, 48 x 49, 8-bit/color RGBA, non-interlaced\012- data
Hash d46df5d19bd775a76ca6613008d35fcd
d2794edaea979827392169d66e7224fb3443b654
a701a4fd9e20d0562398d2b44f95c084aa07ab31ef0ca321260a8dbe53c8e949
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
urlquery phishing Phishing - US Postal Service
GET /moblie/client/assets/images/footer/facebook48x49.png HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Sat, 09 Jul 2022 00:53:24 GMT
etag: "55f-5e354bef46900"
accept-ranges: bytes
content-length: 1375
content-type: image/png
X-Firefox-Spdy: h2
t.co/i/adsct?bci=3&eci=2&event_id=496f59d0-cb78-4ac6-be35-79c9aa607f21&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=e6038cf0-d830-4461-b06d-22240387d858&tw_document_href=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D1*1ax5i3a*_ga*NDY0MDc2OTA3LjE2NTczNzU5NjA.*_ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nugcr&type=javascript&version=2.3.23
104.244.42.69200 OK 43 B URL HTTP/2 t.co/i/adsct?bci=3&eci=2&event_id=496f59d0-cb78-4ac6-be35-79c9aa607f21&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=e6038cf0-d830-4461-b06d-22240387d858&tw_document_href=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D1*1ax5i3a*_ga*NDY0MDc2OTA3LjE2NTczNzU5NjA.*_ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nugcr&type=javascript&version=2.3.23
IP 104.244.42.69:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 377d257f2d2e294916143c069141c1c5
b7cae69682cf31dd670b65088db8395acda6ed3e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
GET /i/adsct?bci=3&eci=2&event_id=496f59d0-cb78-4ac6-be35-79c9aa607f21&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=e6038cf0-d830-4461-b06d-22240387d858&tw_document_href=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D1*1ax5i3a*_ga*NDY0MDc2OTA3LjE2NTczNzU5NjA.*_ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nugcr&type=javascript&version=2.3.23 HTTP/1.1
Host: t.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
perf: 7626143928
server: tsa_o
set-cookie: muc_ads=a3ab9767-e9f3-4485-b147-eadae42ba4b6; Max-Age=63072000; Expires=Sat, 01 Feb 2025 00:37:32 GMT; Path=/; Domain=t.co; Secure; SameSite=None
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
content-length: 43
x-transaction-id: 27ab21d46946dc08
strict-transport-security: max-age=0
x-response-time: 106
x-connection-hash: b47dca0fb05a993c0a7a5d14cce38c96aded0493431db6a757e2e850c38e6838
X-Firefox-Spdy: h2
uiaps.aslabd.top/moblie/client/assets/images/footer/youtube48x49.png
155.94.128.18200 OK 1.6 kB URL HTTP/2 uiaps.aslabd.top/moblie/client/assets/images/footer/youtube48x49.png
IP 155.94.128.18:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type PNG image data, 48 x 49, 8-bit/color RGBA, non-interlaced\012- data
Hash fb929fa380aaeed073dbdb38de2b3df9
9a0b8f95563908ade94d2a5851cc850ad03db8b5
4786e97fe2669de027de568671d81dcbf85af8dee7aadf8da607d07d2f9f3d36
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
urlquery phishing Phishing - US Postal Service
GET /moblie/client/assets/images/footer/youtube48x49.png HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Sat, 09 Jul 2022 00:53:32 GMT
etag: "661-5e354bf6e7b00"
accept-ranges: bytes
content-length: 1633
content-type: image/png
X-Firefox-Spdy: h2
uiaps.aslabd.top/entreg/assets/images/header/sm-pipe-boot.gif
155.94.128.18404 Not Found 263 B URL HTTP/2 uiaps.aslabd.top/entreg/assets/images/header/sm-pipe-boot.gif
IP 155.94.128.18:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7692b4866685ca289c86d69ad1715f64
f02ad4da9a2fe5a710e3ffca71006228d0bb3f6d
00107779f620278608a01d743fa2f585b3457526281a77128bb4ff2479560420
GET /entreg/assets/images/header/sm-pipe-boot.gif HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/assets/css/vendor/bootstrap/3.5.5/theme.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Thu, 02 Feb 2023 00:37:33 GMT
server: Apache
content-length: 263
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
uiaps.aslabd.top/entreg/assets/fonts/usps/d5af76d8-a90b-4527-b3a3-182207cc3250.woff
155.94.128.18404 Not Found 263 B URL HTTP/2 uiaps.aslabd.top/entreg/assets/fonts/usps/d5af76d8-a90b-4527-b3a3-182207cc3250.woff
IP 155.94.128.18:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7692b4866685ca289c86d69ad1715f64
f02ad4da9a2fe5a710e3ffca71006228d0bb3f6d
00107779f620278608a01d743fa2f585b3457526281a77128bb4ff2479560420
Analyzer Verdict Alert fortinet Phishing
GET /entreg/assets/fonts/usps/d5af76d8-a90b-4527-b3a3-182207cc3250.woff HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/assets/css/globals/usps-fonts.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Thu, 02 Feb 2023 00:37:33 GMT
server: Apache
content-length: 263
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
uiaps.aslabd.top/moblie/client/assets/fonts/glyphicons/glyphicons-halflings-regular.woff2
155.94.128.18404 Not Found 263 B URL HTTP/2 uiaps.aslabd.top/moblie/client/assets/fonts/glyphicons/glyphicons-halflings-regular.woff2
IP 155.94.128.18:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7692b4866685ca289c86d69ad1715f64
f02ad4da9a2fe5a710e3ffca71006228d0bb3f6d
00107779f620278608a01d743fa2f585b3457526281a77128bb4ff2479560420
Analyzer Verdict Alert fortinet Phishing
GET /moblie/client/assets/fonts/glyphicons/glyphicons-halflings-regular.woff2 HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/assets/css/vendor/bootstrap/3.5.5/bootstrap.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Thu, 02 Feb 2023 00:37:33 GMT
server: Apache
content-length: 263
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
uiaps.aslabd.top/entreg/assets/fonts/usps/4a9c62ab-b359-4081-8383-a0d1cdebd111.woff
155.94.128.18404 Not Found 263 B URL HTTP/2 uiaps.aslabd.top/entreg/assets/fonts/usps/4a9c62ab-b359-4081-8383-a0d1cdebd111.woff
IP 155.94.128.18:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7692b4866685ca289c86d69ad1715f64
f02ad4da9a2fe5a710e3ffca71006228d0bb3f6d
00107779f620278608a01d743fa2f585b3457526281a77128bb4ff2479560420
Analyzer Verdict Alert fortinet Phishing
GET /entreg/assets/fonts/usps/4a9c62ab-b359-4081-8383-a0d1cdebd111.woff HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/assets/css/globals/usps-fonts.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Thu, 02 Feb 2023 00:37:33 GMT
server: Apache
content-length: 263
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
uiaps.aslabd.top/entreg/assets/fonts/usps/5b4a262e-3342-44e2-8ad7-719998a68134.woff
155.94.128.18404 Not Found 263 B URL HTTP/2 uiaps.aslabd.top/entreg/assets/fonts/usps/5b4a262e-3342-44e2-8ad7-719998a68134.woff
IP 155.94.128.18:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7692b4866685ca289c86d69ad1715f64
f02ad4da9a2fe5a710e3ffca71006228d0bb3f6d
00107779f620278608a01d743fa2f585b3457526281a77128bb4ff2479560420
Analyzer Verdict Alert fortinet Phishing
GET /entreg/assets/fonts/usps/5b4a262e-3342-44e2-8ad7-719998a68134.woff HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/assets/css/globals/usps-fonts.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Thu, 02 Feb 2023 00:37:33 GMT
server: Apache
content-length: 263
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
uiaps.aslabd.top/entreg/assets/fonts/usps/1d238354-d156-4dde-89ea-4770ef04b9f9.ttf
155.94.128.18404 Not Found 263 B URL HTTP/2 uiaps.aslabd.top/entreg/assets/fonts/usps/1d238354-d156-4dde-89ea-4770ef04b9f9.ttf
IP 155.94.128.18:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7692b4866685ca289c86d69ad1715f64
f02ad4da9a2fe5a710e3ffca71006228d0bb3f6d
00107779f620278608a01d743fa2f585b3457526281a77128bb4ff2479560420
Analyzer Verdict Alert fortinet Phishing
GET /entreg/assets/fonts/usps/1d238354-d156-4dde-89ea-4770ef04b9f9.ttf HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/assets/css/globals/usps-fonts.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Thu, 02 Feb 2023 00:37:33 GMT
server: Apache
content-length: 263
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
uiaps.aslabd.top/moblie/client/assets/fonts/glyphicons/glyphicons-halflings-regular.woff
155.94.128.18404 Not Found 263 B URL HTTP/2 uiaps.aslabd.top/moblie/client/assets/fonts/glyphicons/glyphicons-halflings-regular.woff
IP 155.94.128.18:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7692b4866685ca289c86d69ad1715f64
f02ad4da9a2fe5a710e3ffca71006228d0bb3f6d
00107779f620278608a01d743fa2f585b3457526281a77128bb4ff2479560420
Analyzer Verdict Alert fortinet Phishing
GET /moblie/client/assets/fonts/glyphicons/glyphicons-halflings-regular.woff HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/assets/css/vendor/bootstrap/3.5.5/bootstrap.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Thu, 02 Feb 2023 00:37:33 GMT
server: Apache
content-length: 263
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
uiaps.aslabd.top/entreg/assets/fonts/usps/db5f9ba6-05a4-433a-9461-0a6f257a0c3a.ttf
155.94.128.18404 Not Found 263 B URL HTTP/2 uiaps.aslabd.top/entreg/assets/fonts/usps/db5f9ba6-05a4-433a-9461-0a6f257a0c3a.ttf
IP 155.94.128.18:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7692b4866685ca289c86d69ad1715f64
f02ad4da9a2fe5a710e3ffca71006228d0bb3f6d
00107779f620278608a01d743fa2f585b3457526281a77128bb4ff2479560420
Analyzer Verdict Alert fortinet Phishing
GET /entreg/assets/fonts/usps/db5f9ba6-05a4-433a-9461-0a6f257a0c3a.ttf HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/assets/css/globals/usps-fonts.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Thu, 02 Feb 2023 00:37:33 GMT
server: Apache
content-length: 263
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
uiaps.aslabd.top/entreg/assets/fonts/usps/4a3ef5d8-cfd9-4b96-bd67-90215512f1e5.ttf
155.94.128.18404 Not Found 263 B URL HTTP/2 uiaps.aslabd.top/entreg/assets/fonts/usps/4a3ef5d8-cfd9-4b96-bd67-90215512f1e5.ttf
IP 155.94.128.18:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7692b4866685ca289c86d69ad1715f64
f02ad4da9a2fe5a710e3ffca71006228d0bb3f6d
00107779f620278608a01d743fa2f585b3457526281a77128bb4ff2479560420
Analyzer Verdict Alert fortinet Phishing
GET /entreg/assets/fonts/usps/4a3ef5d8-cfd9-4b96-bd67-90215512f1e5.ttf HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/assets/css/globals/usps-fonts.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Thu, 02 Feb 2023 00:37:33 GMT
server: Apache
content-length: 263
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5e01d6c641ea60dd765ab60412bdca59
58739badba2f4d3dd08520cef55eee687cd7dd16
9c6067fe0021e67a46df754c73bb5b41f693e70ff00fa9f0e4dca55ad3e50d9e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 00:37:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2dc2e297877f6332a114de88eeeaca61
cc91e58f3dd132b078223d21cd3177f0819e40e7
94f1191402d63bc2757d7ec854bc418dd6929b5aa9efb815d9bd35f8dab98fef
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 00:37:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash 48d422da608ad93de7b386b50965fc44
62da3f812d7e54aa5b2f6ea5155165594ac2a582
e8495eb429877fd01187938fa37616622e2b9caf23304d9a9f565dbc9e670472
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5188
Cache-Control: max-age=86859
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 00:37:33 GMT
Etag: "63d9a1d4-138"
Expires: Fri, 03 Feb 2023 00:45:12 GMT
Last-Modified: Tue, 31 Jan 2023 23:18:44 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 312
www.googleadservices.com/pagead/conversion_async.js
142.250.74.98200 OK 15 kB URL HTTP/2 www.googleadservices.com/pagead/conversion_async.js
IP 142.250.74.98:0
File type ASCII text, with very long lines (1654)
Hash 22eaa6491556c40c984bed61ff9892b5
253ec7921f896fab2d49656208b10d2a227c82de
f690af44bc7bb9724442c2f52648ce1c8365cc6010cc0af574f5e0dcddf7ee7f
GET /pagead/conversion_async.js HTTP/1.1
Host: www.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 02 Feb 2023 00:37:33 GMT
expires: Thu, 02 Feb 2023 00:37:33 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 8608601048380966470
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 15164
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/978081151/?random=1657381653943&cv=9&fst=1657381653943&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=5&u_nmime=2>m=2oa6t0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D1*1ax5i3a*_ga*NDY0MDc2OTA3LjE2NTczNzU5NjA.*_ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tiba=USPS.com%C2%AE%20-%20Sign%20In&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
142.250.74.98200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/978081151/?random=1657381653943&cv=9&fst=1657381653943&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=5&u_nmime=2>m=2oa6t0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D1*1ax5i3a*_ga*NDY0MDc2OTA3LjE2NTczNzU5NjA.*_ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tiba=USPS.com%C2%AE%20-%20Sign%20In&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
IP 142.250.74.98:0
File type ASCII text, with very long lines (2623), with no line terminators
Hash de0a1466b4972b7d3226b815dbe8f701
bfd6e54d93d70c420f3d8503da457af7d03ae4bc
b62c5684dd26096860599748467497061acc35cb65a9203f916a5a1592189520
GET /pagead/viewthroughconversion/978081151/?random=1657381653943&cv=9&fst=1657381653943&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=5&u_nmime=2>m=2oa6t0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D1*1ax5i3a*_ga*NDY0MDc2OTA3LjE2NTczNzU5NjA.*_ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tiba=USPS.com%C2%AE%20-%20Sign%20In&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 00:37:33 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 1098
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 02-Feb-2023 00:52:33 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
bat.bing.com/p/action/21006064.js
13.107.21.200204 No Content 0 B URL HTTP/2 bat.bing.com/p/action/21006064.js
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/21006064.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
cache-control: private,max-age=1800
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D5491C912790490CB5A852CC1E6256E2 Ref B: OSL30EDGE0421 Ref C: 2023-02-02T00:37:33Z
date: Thu, 02 Feb 2023 00:37:32 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f44095f8ebc7d211f4ee24d88a703128
97263cb2c5d0237c08bee075fb75c8bddefddf2c
1183ec38cb48e7986d42d545c968616fe9f996f73849f1da6c111eb4ccfbb529
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 00:37:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2dc2e297877f6332a114de88eeeaca61
cc91e58f3dd132b078223d21cd3177f0819e40e7
94f1191402d63bc2757d7ec854bc418dd6929b5aa9efb815d9bd35f8dab98fef
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 00:37:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
uiaps.aslabd.top/moblie/client/assets/fonts/glyphicons/glyphicons-halflings-regular.ttf
155.94.128.18404 Not Found 263 B URL HTTP/2 uiaps.aslabd.top/moblie/client/assets/fonts/glyphicons/glyphicons-halflings-regular.ttf
IP 155.94.128.18:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7692b4866685ca289c86d69ad1715f64
f02ad4da9a2fe5a710e3ffca71006228d0bb3f6d
00107779f620278608a01d743fa2f585b3457526281a77128bb4ff2479560420
Analyzer Verdict Alert fortinet Phishing
GET /moblie/client/assets/fonts/glyphicons/glyphicons-halflings-regular.ttf HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/assets/css/vendor/bootstrap/3.5.5/bootstrap.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Thu, 02 Feb 2023 00:37:33 GMT
server: Apache
content-length: 263
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a4253e662d539c01b8656dbb6d73aab1
08f71eead367b6fa76b99f7f590680a5f5650b62
f05b99f6b0c8fb5c38221d02c0c9ed96389fbd5105d6329cdc733d1fae411df2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 00:37:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash df4a6d84addba49571d9f6ae44c61a3f
28c8093de27e27645cf6dfd5ae93a62fc77b9be5
cb6623b08b6245ea11bb871729613e453046d427d738a8c6431c5da8347e6e05
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 00:37:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=496f59d0-cb78-4ac6-be35-79c9aa607f21&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=e6038cf0-d830-4461-b06d-22240387d858&tw_document_href=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D1*1ax5i3a*_ga*NDY0MDc2OTA3LjE2NTczNzU5NjA.*_ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nugcr&type=javascript&version=2.3.23
104.244.42.3200 OK 43 B URL HTTP/2 analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=496f59d0-cb78-4ac6-be35-79c9aa607f21&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=e6038cf0-d830-4461-b06d-22240387d858&tw_document_href=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D1*1ax5i3a*_ga*NDY0MDc2OTA3LjE2NTczNzU5NjA.*_ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nugcr&type=javascript&version=2.3.23
IP 104.244.42.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 377d257f2d2e294916143c069141c1c5
b7cae69682cf31dd670b65088db8395acda6ed3e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
GET /i/adsct?bci=3&eci=2&event_id=496f59d0-cb78-4ac6-be35-79c9aa607f21&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=e6038cf0-d830-4461-b06d-22240387d858&tw_document_href=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D1*1ax5i3a*_ga*NDY0MDc2OTA3LjE2NTczNzU5NjA.*_ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nugcr&type=javascript&version=2.3.23 HTTP/1.1
Host: analytics.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:33 GMT
perf: 7626143928
server: tsa_o
set-cookie: personalization_id="v1_fiLNZkNJLZsXP6+7HnZwnQ=="; Max-Age=63072000; Expires=Sat, 01 Feb 2025 00:37:33 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
content-length: 43
x-transaction-id: 05b07234db9e238e
strict-transport-security: max-age=631138519
x-response-time: 103
x-connection-hash: e11516e8ca466a5c64bf045f4b42591838dd0bd24ed816cb870e73e41af5c143
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/978081151/?random=1657381653943&cv=9&fst=1657378800000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=5&u_nmime=2>m=2oa6t0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D1*1ax5i3a*_ga*NDY0MDc2OTA3LjE2NTczNzU5NjA.*_ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tiba=USPS.com%C2%AE%20-%20Sign%20In&async=1&fmt=3&is_vtc=1&random=1194023422&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/978081151/?random=1657381653943&cv=9&fst=1657378800000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=5&u_nmime=2>m=2oa6t0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D1*1ax5i3a*_ga*NDY0MDc2OTA3LjE2NTczNzU5NjA.*_ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tiba=USPS.com%C2%AE%20-%20Sign%20In&async=1&fmt=3&is_vtc=1&random=1194023422&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/978081151/?random=1657381653943&cv=9&fst=1657378800000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=5&u_nmime=2>m=2oa6t0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D1*1ax5i3a*_ga*NDY0MDc2OTA3LjE2NTczNzU5NjA.*_ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tiba=USPS.com%C2%AE%20-%20Sign%20In&async=1&fmt=3&is_vtc=1&random=1194023422&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 00:37:33 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/978081151/?random=1657381653943&cv=9&fst=1657378800000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=5&u_nmime=2>m=2oa6t0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D1*1ax5i3a*_ga*NDY0MDc2OTA3LjE2NTczNzU5NjA.*_ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tiba=USPS.com%C2%AE%20-%20Sign%20In&async=1&fmt=3&is_vtc=1&random=1194023422&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/978081151/?random=1657381653943&cv=9&fst=1657378800000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=5&u_nmime=2>m=2oa6t0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D1*1ax5i3a*_ga*NDY0MDc2OTA3LjE2NTczNzU5NjA.*_ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tiba=USPS.com%C2%AE%20-%20Sign%20In&async=1&fmt=3&is_vtc=1&random=1194023422&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/978081151/?random=1657381653943&cv=9&fst=1657378800000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=5&u_nmime=2>m=2oa6t0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Freg.usps.com%2Fentreg%2FLoginAction_input%3Fapp%3DPhoenix%26appURL%3Dhttps%3A%2F%2Fwww.usps.com%2F%26_gl%3D1*1ax5i3a*_ga*NDY0MDc2OTA3LjE2NTczNzU5NjA.*_ga_3NXP3C8S9V*MTY1NzM3NTk2MC4xLjAuMTY1NzM3NTk2MC4w&tiba=USPS.com%C2%AE%20-%20Sign%20In&async=1&fmt=3&is_vtc=1&random=1194023422&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 02 Feb 2023 00:37:33 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
uiaps.aslabd.top/moblie/client/favicon.ico
155.94.128.18200 OK 5.5 kB URL HTTP/2 uiaps.aslabd.top/moblie/client/favicon.ico
IP 155.94.128.18:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash 22c4870923e0f7ddc1ea7da681309e53
901d2af5294c75c623809804138fa3fe88d9cdad
83f51fdc82874452f15022eece208e629759e495c8cd9e98eb30bfb4e4883d0b
Analyzer Verdict Alert urlquery phishing Phishing - US Postal Service
urlquery phishing Phishing - US Postal Service
GET /moblie/client/favicon.ico HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:33 GMT
server: Apache
last-modified: Fri, 08 Jul 2022 23:38:14 GMT
etag: "7d26-5e353b2234580-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 5515
content-type: image/x-icon
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a4253e662d539c01b8656dbb6d73aab1
08f71eead367b6fa76b99f7f590680a5f5650b62
f05b99f6b0c8fb5c38221d02c0c9ed96389fbd5105d6329cdc733d1fae411df2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 00:37:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash d06fd066caf4dfa1e21a722a5c468158
acb765577662906ae8e11242bed487ce1051db28
4b45760de269e60345d43ff2da6c5803722f7c052edd0a9f5258ce69b2ffa32f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 02 Feb 2023 00:37:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
uiaps.aslabd.top/moblie/js/vue.js
155.94.128.18200 OK 0 B URL HTTP/2 uiaps.aslabd.top/moblie/js/vue.js
IP 155.94.128.18:0
ASN #8100 ASN-QUADRANET-GLOBAL
Analyzer Verdict Alert fortinet Phishing
GET /moblie/js/vue.js HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Tue, 27 Apr 2021 20:12:48 GMT
etag: "53882-5c0f9e2cc9000-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
X-Firefox-Spdy: h2
uiaps.aslabd.top/moblie/js/jquery-3.5.1.js
155.94.128.18200 OK 0 B URL HTTP/2 uiaps.aslabd.top/moblie/js/jquery-3.5.1.js
IP 155.94.128.18:0
ASN #8100 ASN-QUADRANET-GLOBAL
Analyzer Verdict Alert fortinet Phishing
GET /moblie/js/jquery-3.5.1.js HTTP/1.1
Host: uiaps.aslabd.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://uiaps.aslabd.top/moblie/client/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 02 Feb 2023 00:37:32 GMT
server: Apache
last-modified: Mon, 22 Jun 2020 15:11:14 GMT
etag: "4638e-5a8ada7592880-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
X-Firefox-Spdy: h2