Report - ja.deals/

Report Overview

Submitted URL
ja.deals/
IP
13.214.69.83
ASN
#16509 AMAZON-02
Submitted
2022-10-04 09:54:05
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
30

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	35.160.97.225
ocsp.usertrust.com	899	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	330 B	2.8 kB	172.64.155.188
stats.g.doubleclick.net	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	1.4 kB	74.125.131.157
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	3.5 kB	23.36.76.226
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.49
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	366 B	43 kB	142.250.74.168
secure.trust-provider.com	35173	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	20 kB	91.199.212.148
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.35
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.3 kB	4.9 kB	142.250.74.3
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	353 B	21 kB	142.250.74.174
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	377 B	746 B	142.250.74.10
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
www.ja.insure	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	785 B	6.6 kB	104.21.73.118
ja.deals	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	9.4 kB	555 kB	13.214.69.83
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	49 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-10-04	medium	ja.deals/	Malware
2022-10-04	medium	ja.deals/	Malware
2022-10-04	medium	ja.deals/img/logo-icon.svg	Malware
2022-10-04	medium	ja.deals/assets/vendor/rs-plugin/js/jquery.themepunch.revolution.min.js	Malware
2022-10-04	medium	ja.deals/assets/vendor/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0	Malware
2022-10-04	medium	ja.deals/assets/vendor/popper/umd/popper.min.js	Malware
2022-10-04	medium	ja.deals/assets/vendor/common/common.min.js	Malware
2022-10-04	medium	ja.deals/assets/js/demos/demo-photography.min.js	Malware
2022-10-04	medium	ja.deals/assets/vendor/bootstrap/js/bootstrap.min.js	Malware
2022-10-04	medium	ja.deals/assets/vendor/jquery/jquery.min.js	Malware
2022-10-04	medium	ja.deals/assets/vendor/jquery.validation/jquery.validation.min.js	Malware
2022-10-04	medium	ja.deals/assets/js/views/view.contact.min.js	Malware
2022-10-04	medium	ja.deals/assets/js/theme.init.min.js	Malware
2022-10-04	medium	ja.deals/assets/js/theme.min.js	Malware
2022-10-04	medium	ja.deals/assets/vendor/rs-plugin/js/jquery.themepunch.tools.min.js	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (23)

	URL	Size	First Seen	Last Seen
	ja.deals/assets/vendor/common/common.min.js	14 kB	2023-03-07	2023-08-22
Pretty URL ja.deals/assets/vendor/common/common.min.js IP 13.214.69.83 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:08:57 Last Seen2023-08-22 10:03:55 Times Seen3 Hash f4752d90083f2670099208367b60274b cf0490470675ffafec8ba1cc7bcdb0c3758128eb a5c2747e2e0f2c7288e869397a6bc3837fd9b7496ae8d7765838692f518e7449 Loading...

	ja.deals/assets/js/theme.min.js	37 kB	2023-03-07	2023-03-08
Pretty URL ja.deals/assets/js/theme.min.js IP 13.214.69.83 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:08:57 Last Seen2023-03-08 05:41:04 Times Seen1 Hash e364379d763d5cb350a85dc44e1e6ac2 f0617c514e97b626a6499001481f6ba0126a6708 a10a45a2156f78108520d7f1206106c643ada1e7881218442ebc19f60236bb27 Loading...

	ja.deals/	3.2 kB	2023-03-07	2023-03-08
Pretty URL ja.deals/ IP 13.214.69.83 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:08:57 Last Seen2023-03-08 05:41:04 Times Seen1 Hash e7c76655f5b0868944c21ffb7919876e 560b66c2880168da1d17a546d17e1a2bf0da55d1 7b4b5f182bec61f5890f5dba5966290e730a4a312e520ef5dcaaa3921ae5110c Loading...

	ja.deals/	151 B	2023-03-07	2023-03-08
Pretty URL ja.deals/ IP 13.214.69.83 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:08:57 Last Seen2023-03-08 05:41:04 Times Seen1 Hash 3981f948b4f258cc321a066311a6427c a6503f213ba6fc0b586c7657a3388ddeb738ec8c c9bc0ef792ed3c4b21801adf55f30e43fef2c508559e22e579bc864ce836d03d Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-08	2024-04-19
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:22:31 Last Seen2024-04-19 07:47:47 Times Seen1515 Hash fda30e8a22c9bcd954fd8d0fadd0e77c ae47cd34cbde081a48d7f92fc80aaf06a1381193 b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Loading...

	ja.deals/assets/vendor/popper/umd/popper.min.js	19 kB	2023-03-07	2024-04-16
Pretty URL ja.deals/assets/vendor/popper/umd/popper.min.js IP 13.214.69.83 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:14 Last Seen2024-04-16 17:29:26 Times Seen1722 Hash aad2475f1e2615224fa9716b53954be2 4f08d328c845410583e0a05c8d5a5bc61c23db47 8e95b881702116fa860c3e41ef7ebaac83c3ecf0db026aaae023b46671db74ce Loading...

	ja.deals/assets/vendor/rs-plugin/js/jquery.themepunch.revolution.min.js	228 kB	2023-03-07	2023-11-08
Pretty URL ja.deals/assets/vendor/rs-plugin/js/jquery.themepunch.revolution.min.js IP 13.214.69.83 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:08:57 Last Seen2023-11-08 23:53:23 Times Seen5442 Hash 8bcf729f398b3c30f8a93b7a89acdc48 bb211755202296d0e3b73d3d9fd134909392aed4 ba1a3cada20159b087b5942aed8e008ed6c8492aae83521cfd52b99dd0403837 Loading...

	ja.deals/assets/vendor/jquery.validation/jquery.validation.min.js	24 kB	2023-03-07	2023-12-06
Pretty URL ja.deals/assets/vendor/jquery.validation/jquery.validation.min.js IP 13.214.69.83 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:08:57 Last Seen2023-12-06 17:47:33 Times Seen24 Hash a52cf798562b1edf5df92fa4a2e5b3cf fb7c9bb04b24d4a55e90dd13676cacea24017510 7044cc4a34d20a060e9a529949ad459f67ff193bbcbbaef1993ddcc5ba901b4a Loading...

	ja.deals/	180 B	2023-03-07	2023-03-08
Pretty URL ja.deals/ IP 13.214.69.83 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:08:57 Last Seen2023-03-08 05:41:04 Times Seen1 Hash a07f801d2961a4aaa46a4418d98f23fc e62b17c5cf1970a176e8e7c002558f060d902123 ea620ed5b2168e47306028d9729829cd8671a7af5b7ab93b30aa13fbaba6985d Loading...

	www.googletagmanager.com/gtag/js?id=UA-119202186-1	109 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=UA-119202186-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:41:04 Last Seen2023-03-08 05:41:04 Times Seen1 Hash 35db961866fbc9e93ce00548a4e3febd f5573da9aabc0c6c5c7787a24358a1608143e222 f799fd34bc55da8777619d8cbcf76351f24ded5367e7a6febed83f137ece8254 Loading...

	secure.trust-provider.com/trustlogo/javascript/trustlogo.js	14 kB	2023-03-07	2024-04-17
Pretty URL secure.trust-provider.com/trustlogo/javascript/trustlogo.js IP 91.199.212.148 ASN #48447 Sectigo Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:26:31 Last Seen2024-04-17 04:34:43 Times Seen486 Hash e46d5528af29f4224a927291166d2ddc b8bb9695e47f7370db2dea4884e0efcbd86a4dca 1ba30b444f0489b7da1ca80092c7879835ba96404751aabbdb2647de4261fa05 Loading...

	ja.deals/	86 B	2023-03-07	2023-03-08
Pretty URL ja.deals/ IP 13.214.69.83 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:08:57 Last Seen2023-03-08 05:41:04 Times Seen1 Hash 09dae6b66a3db4849cc0180a893f70d0 920915f31d5a3eec66ec7360897450cadb39b894 12bf60e9fa2d9afeef0dd802d9ed981bb9b11d31e3e04306c6ee2ea6d69ccc35 Loading...

	ja.deals/assets/js/views/view.contact.min.js	1.7 kB	2023-03-07	2023-03-08
Pretty URL ja.deals/assets/js/views/view.contact.min.js IP 13.214.69.83 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:08:57 Last Seen2023-03-08 05:41:04 Times Seen1 Hash 799f14013b4394b2d2c1bccba35222e3 6cd34d9a01003bd54a26d871427f32608c912ec2 2ae796476950b6b0e4982f23b95b8240c92292e6ef368f084db0d01601cf8f1b Loading...

	ja.deals/	282 B	2023-03-07	2023-03-08
Pretty URL ja.deals/ IP 13.214.69.83 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:08:57 Last Seen2023-03-08 05:41:04 Times Seen1 Hash 43993667de2e280e6969ffd4380df9af fc1aafaaed6170aab57ba6d37659321b7e03e63e 9fdb7eb996f98658992f7bd47be6966c3a4b29b06c8e89e16c159c8d29bf7473 Loading...

	ja.deals/assets/vendor/bootstrap/js/bootstrap.min.js	51 kB	2023-03-07	2024-01-25
Pretty URL ja.deals/assets/vendor/bootstrap/js/bootstrap.min.js IP 13.214.69.83 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:08:57 Last Seen2024-01-25 10:43:47 Times Seen73 Hash fb975a54300458089e4609e8bee7e814 8b432c454aeb57fb7200229d0740e0568be6d1cf 34427800379ae3d475892ed15fecd68d9cfeff4941ae51aecd6ca68f9b5e37d6 Loading...

	ja.deals/assets/vendor/jquery/jquery.min.js	87 kB	2023-03-07	2024-04-19
Pretty URL ja.deals/assets/vendor/jquery/jquery.min.js IP 13.214.69.83 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:24 Last Seen2024-04-19 07:42:13 Times Seen2181 Hash 473957cfb255a781b42cb2af51d54a3b 67bdacbd077ee59f411109fd119ee9f58db15a5f 75b707d8761e2bfbd25fbd661f290a4f7fd11c48e1bf53a36dc6bd8a0034fa35 Loading...

	ja.deals/assets/js/demos/demo-photography.min.js	13 kB	2023-03-07	2023-03-08
Pretty URL ja.deals/assets/js/demos/demo-photography.min.js IP 13.214.69.83 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:08:57 Last Seen2023-03-08 05:41:04 Times Seen1 Hash 307d1cd173296810d97aa9f37d7b0814 0f5d7880909a800df71d50a1a3d5adbe9e34659f 8d4a74a41acfa62a6b8cb45e175c5fdb606fc7deadc9c5f9b56b40e139f1dd4e Loading...

	ja.deals/assets/vendor/rs-plugin/js/jquery.themepunch.tools.min.js	108 kB	2023-03-07	2024-04-09
Pretty URL ja.deals/assets/vendor/rs-plugin/js/jquery.themepunch.tools.min.js IP 13.214.69.83 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:58 Last Seen2024-04-09 23:55:50 Times Seen6262 Hash e6b48b6ba78ddfe39bef9b6bf147543e 8950b7ef02baf1ea3a6bde99a613a5224216ab18 9a56320bb8bfb81dc997a1120c77ec017cffab4db5ba5482afb29129e0690540 Loading...

	ja.deals/assets/js/theme.init.min.js	5.6 kB	2023-03-07	2023-03-08
Pretty URL ja.deals/assets/js/theme.init.min.js IP 13.214.69.83 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:08:57 Last Seen2023-03-08 05:41:04 Times Seen1 Hash 9df4f0b0c1c65f29cfa67b607ca9b06e 7b94f25c7d5cb52df3b1e45c73c86ebdb9df087b 281ea3591579137671820ca319f9e2853d9ff8ba167811b0069202c26e323dbb Loading...

	ja.deals/	799 B	2023-03-07	2023-03-08
Pretty URL ja.deals/ IP 13.214.69.83 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:08:57 Last Seen2023-03-08 05:41:04 Times Seen1 Hash b51b1b887d6bb8858c4463d944b0c8a7 2cb6eece1a70c937e545c66635ec299a18d3a76c fa3b9eebb50f7d2b15c1dc983069175fb806af8023beec66175783ecffb924d2 Loading...

		Size	First Seen	Last Seen
	#1 Write - 4ab382640c20b099dd9b8af0a9eff31a	114 B	2023-03-07	2024-04-17
Pretty Observations First Seen2023-03-07 01:42:13 Last Seen2024-04-17 04:34:43 Times Seen148 Hash 4ab382640c20b099dd9b8af0a9eff31a b0325b758b72d8c0b22c76079071132f9dd42839 6d7c2c58d060b8d4fdcbe012cb67517adc8b24049f9cb991871edc425dbba279 Loading...

	#2 Write - 1d88000cd6c9927d0747bc6177f29b52	905 B	2023-03-07	2023-03-08
Pretty Observations First Seen2023-03-07 15:08:57 Last Seen2023-03-08 05:41:04 Times Seen1 Hash 1d88000cd6c9927d0747bc6177f29b52 2fef6d3d77e3770c704d7fb5077451ebb55a09ec a1823a04536b5c421e922c2802e7a68fe78f17ce61c77933635a1f701a48f4ba Loading...

	#3 Write - 17e364aa0ced321a208c7f0daf285f6c	257 B	2023-03-07	2024-03-08
Pretty Observations First Seen2023-03-07 12:10:24 Last Seen2024-03-08 02:27:04 Times Seen62 Hash 17e364aa0ced321a208c7f0daf285f6c cd4b80d3a762896dde45a7b82922b8b2e86a1856 ff21b7d5bf2d68bd7ab15c07e6d26228ecf3e393ff92aaf6d35345de1df6c943 Loading...

HTTP Transactions (58)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9955bda9c9ef64bc5700a14af0bae25e
8de7b7469e905af0374bdfcc3006bbb844f13e94
1f611155394fac39439b8ec8217d8cd493d6b588d372d264e0d66c03129c50c6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F611155394FAC39439B8EC8217D8CD493D6B588D372D264E0D66C03129C50C6"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7608
Expires: Tue, 04 Oct 2022 12:00:42 GMT
Date: Tue, 04 Oct 2022 09:53:54 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.35

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 04 Oct 2022 08:56:17 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: j6x1dZfXOQ4riGlUQVbMABUoAVN5jA2nkVeJSmTQ-7-6PKGBbkt_uQ==
Age: 3457

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

143.204.55.49

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
143.204.55.49:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 04 Oct 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: C-sggCib87Cj7TAy9B_EfYLDhdkXbPr0mW-kFZKC64fVTrWVaHEjBQ==
age: 15927
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 09:53:54 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ja.deals/

13.214.69.83

301 Moved Permanently

162 B

URL HTTP/1.1
ja.deals/
IP
13.214.69.83:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET / HTTP/1.1
Host: ja.deals
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 04 Oct 2022 09:53:54 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://ja.deals/

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.35

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 04 Oct 2022 09:29:33 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Tue, 04 Oct 2022 10:27:25 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: aG0HcM2vi1A8GD4cFrvVXsk89cyEnCTIY0C0QPvC9kgsGiNPVZjSng==
Age: 1461

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
16ebfb2aa621547ecf581e26fc828a7d
f78993331f6f5b8af6409a9ad2fc50b77070f68a
0f81fd1d6be9ccc04b74f0348aafe642c7b9ab7dffb7e8a679b5d67cc2e5fac3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5465
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 09:53:54 GMT
Last-Modified: Tue, 04 Oct 2022 08:22:49 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

35.160.97.225

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.160.97.225:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: On071HPfesn7fJZg1sP7fQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: StHmF/q3LQ1WeU+uo2y2xVQaTF4=

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7c201d0f119dd940c47c968a6673a26e
61b7c9121de6287d067e366ae61d61dc028d12bd
1691675d0fe4c58faff4f2fff177845d27ea2be2109eb159f88825f40244c028

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1691675D0FE4C58FAFF4F2FFF177845D27EA2BE2109EB159F88825F40244C028"
Last-Modified: Tue, 04 Oct 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21566
Expires: Tue, 04 Oct 2022 15:53:21 GMT
Date: Tue, 04 Oct 2022 09:53:55 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
5ba23234dfb31276cc3bf9a347508595
a225d0a9ecf5d7f0032816c6f3d4a5ae1f3b27a3
33558bed4856ac3f2a7267965521b316ccd3ccc669877994c6c590e2d2a1b559

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 09:53:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=UA-119202186-1

142.250.74.168

200 OK

42 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=UA-119202186-1
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2039)
Size
42 kB (42363 bytes)
Hash
4528ca26e0044223b78ec5ce32a69737
498a2ba80613317a1a9ea3d9e7f872ad0b89b144
bf0c95855f1440c100e79e95130f73e11d32b7efd8a955b85537c11d792ff741

HTTP Headers

GET /gtag/js?id=UA-119202186-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 04 Oct 2022 09:53:56 GMT
expires: Tue, 04 Oct 2022 09:53:56 GMT
cache-control: private, max-age=900
last-modified: Tue, 04 Oct 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42363
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
5ba23234dfb31276cc3bf9a347508595
a225d0a9ecf5d7f0032816c6f3d4a5ae1f3b27a3
33558bed4856ac3f2a7267965521b316ccd3ccc669877994c6c590e2d2a1b559

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 09:53:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14682
Expires: Tue, 04 Oct 2022 13:58:38 GMT
Date: Tue, 04 Oct 2022 09:53:56 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14682
Expires: Tue, 04 Oct 2022 13:58:38 GMT
Date: Tue, 04 Oct 2022 09:53:56 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg

34.120.237.76

200 OK

5.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.5 kB (5504 bytes)
Hash
6c6882c60d7ca6f918c77104e3ad1d52
20ef861be49c652a938e0145e4ca3a60159367e2
861f5870990fbd2939d151ae18384cf311e87067ca9a50818efe0c2d51b83088

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5504
x-amzn-requestid: 37405eb0-5c75-46a9-84c0-e8ed726995d8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpHvHPvoAMF3mg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5564-77fd550b58af612525e74761;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: O1yNc4H21kixhUEE7099oNqs7a5ZnJBBjlZbsbmLvaXyzXzrK0dL3w==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:44:33 GMT
age: 43763
etag: "20ef861be49c652a938e0145e4ca3a60159367e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.9 kB (9917 bytes)
Hash
d8c08f8066cc732de8befd6ccd629a95
22aab05208a01ae5def4d63dc145085630f57bcb
f8a560a0563518d992d0bd2655d2b5c406435a18e874ca00b51374d2ff901770

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9917
x-amzn-requestid: 2dff93d9-795d-4885-9b82-610b0d235a82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTGEnIAMF1zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-117afa703663ada75627792c;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: DOS5kVEVqBrCVMKRw07fX-6HDgWVb9lJwkVM2pXs0PQHys6CBJUVfQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:44:20 GMT
age: 43776
etag: "22aab05208a01ae5def4d63dc145085630f57bcb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f5624b4-8e2a-461e-a32a-38d6b5a3a8d2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11101 bytes)
Hash
ae824db4a95391149198a4b6b8556c70
db07d58d8feff4ea01866d095e5264ee5c8e1ca3
19e96d204813247697e1858daf9e07d6c4cafd9ab1175a3bf39a7f07f6991521

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f5624b4-8e2a-461e-a32a-38d6b5a3a8d2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11101
x-amzn-requestid: f98e84d9-1e66-4436-b793-219a777f2ba0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcqcvE8JoAMFQ2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5784-25bd2b234c1093de70074c92;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:43:32 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: becOxfqUowywFrxzDSeK7F1lFdDVTSHIF1TLC5k5aSlLPpsR6F8gjw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:42:37 GMT
age: 40279
etag: "db07d58d8feff4ea01866d095e5264ee5c8e1ca3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.3 kB (6315 bytes)
Hash
206fb65e75dbadf119512f71e0b78402
58ff0bf8ce7528b303d28bab01a80ad721705569
56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6315
x-amzn-requestid: 6aa75b16-32e4-48a7-9fb0-9e3d5528c2d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWSdsHUnIAMFXtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338cabd-742d8a436403683e0cd9368f;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 23:18:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5sAzc5Ewv4g6Wqq6JJiLylG3Jyy_nlWrr5Oteeo6ebEgq7Rvss4XaQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 04:42:51 GMT
age: 18665
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.9 kB (4858 bytes)
Hash
6779181f9c06975f2a662da743893939
585e7146fd24cdc2496b05baafea04091dc541e2
8e9a9f92fd89b7cdce77884ccd76b83ab82d28f125ebfc1cb0d371d4046b7985

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4858
x-amzn-requestid: fb21c414-2994-444a-a838-e643fd05b171
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTEfPoAMFfeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-593dd8043b0490e7301cac0d;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: SGeDEPoXxsTV5UwkZnn3MJPbjhHhrKSsueHPxVapV_7Icl6daFk3oA==
via: 1.1 773ca14e6bd4bf9244988cb69fc9dca8.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:44:20 GMT
age: 43776
etag: "585e7146fd24cdc2496b05baafea04091dc541e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c459c91-b5cc-492c-9573-3101e5df6b51.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.1 kB (5083 bytes)
Hash
34f2dfb2faff276db1d4a57739db2450
f5ce815082043a4efce28fc790ae7d8b3a8531f8
e02ea92f0be524ccfe26eee61a77e39a13d852d1ba3696f729e0f61812028667

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c459c91-b5cc-492c-9573-3101e5df6b51.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5083
x-amzn-requestid: ed99df03-5d15-4e09-9aea-bbf77a705323
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpI0HT0IAMFxvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b556b-422197147d76caac6e910664;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:35 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: ZFVTt0eV3kpIaS4KAIZlgaTJxHb2hPxyP4BBRAZCE-cCAWJM44fZxw==
via: 1.1 946b9edb2009c5508a0fbbd636f95014.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:38:28 GMT
age: 40528
etag: "f5ce815082043a4efce28fc790ae7d8b3a8531f8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ja.deals/img/doctor.png

13.214.69.83

200 OK

1.7 kB

URL HTTP/2
ja.deals/img/doctor.png
IP
13.214.69.83:0
ASN
#16509 AMAZON-02

File type
PNG image data, 64 x 64, 8-bit gray+alpha, non-interlaced\012- data
Size
1.7 kB (1660 bytes)
Hash
471d092dc658c3fad7d9405645aab223
29d15a8b1b1a8e12bf9662719ad54d6637337d2a
9a52133470beb93a994c7bdb6c747093a20150f00bdcda8c28c0ef6856342f9b

HTTP Headers

GET /img/doctor.png HTTP/1.1
Host: ja.deals
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 09:53:56 GMT
content-type: image/png
content-length: 1660
last-modified: Thu, 13 Dec 2018 07:30:15 GMT
etag: "5c120a87-67c"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

ja.deals/img/watch.png

13.214.69.83

200 OK

1.3 kB

URL HTTP/2
ja.deals/img/watch.png
IP
13.214.69.83:0
ASN
#16509 AMAZON-02

File type
PNG image data, 64 x 64, 8-bit gray+alpha, non-interlaced\012- data
Size
1.3 kB (1277 bytes)
Hash
d622658df7f65ad636a4fe06de8bcec6
141592789776a323f206a62020e08c07b4b4e256
a1f3e3763a450f4d089076facf28fa8e8af1560afe464a4d2bf27d4b614802ef

HTTP Headers

GET /img/watch.png HTTP/1.1
Host: ja.deals
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 09:53:56 GMT
content-type: image/png
content-length: 1277
last-modified: Thu, 13 Dec 2018 07:30:17 GMT
etag: "5c120a89-4fd"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

ja.deals/img/pawnbrokers.png

13.214.69.83

200 OK

2.6 kB

URL HTTP/2
ja.deals/img/pawnbrokers.png
IP
13.214.69.83:0
ASN
#16509 AMAZON-02

File type
PNG image data, 64 x 64, 8-bit gray+alpha, non-interlaced\012- data
Size
2.6 kB (2554 bytes)
Hash
27fbbcb5a16077c5a8d9afe05c12340f
1ab03bd3a9a55ad876e1e5aa3aef19377ba40cf0
973435174079477019302560632f2dbaa9fcba7d062a2dc6f8380e9eb44ae84f

HTTP Headers

GET /img/pawnbrokers.png HTTP/1.1
Host: ja.deals
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 09:53:56 GMT
content-type: image/png
content-length: 2554
last-modified: Thu, 13 Dec 2018 07:30:16 GMT
etag: "5c120a88-9fa"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

ja.deals/img/necklace.png

13.214.69.83

200 OK

2.1 kB

URL HTTP/2
ja.deals/img/necklace.png
IP
13.214.69.83:0
ASN
#16509 AMAZON-02

File type
PNG image data, 64 x 64, 8-bit gray+alpha, non-interlaced\012- data
Size
2.1 kB (2129 bytes)
Hash
099bdcba94e7ef4631f7aba775aaafec
b189c9c8ce7f1f9aaf9c088b9fc89e86d52ad3c6
f139278910f8289a62f2e9507a212c48a9d2d39e8c82778b3e044795524091fd

HTTP Headers

GET /img/necklace.png HTTP/1.1
Host: ja.deals
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 09:53:56 GMT
content-type: image/png
content-length: 2129
last-modified: Thu, 13 Dec 2018 07:30:16 GMT
etag: "5c120a88-851"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

ja.deals/

13.214.69.83

200 OK

93 kB

URL HTTP/2
ja.deals/
IP
13.214.69.83:0
ASN
#16509 AMAZON-02

File type
data
Size
93 kB (92815 bytes)
Hash
5f49d3d144e53ae42940a8567b11b9a1
3e491f0bed7836b5b0ca8dd104fd00d05cd4b857
b75950e63b7b21e4bf7ef42f38f23cec7721552c68fed78378dc83daeb6e9cf1

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET / HTTP/1.1
Host: ja.deals
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 09:53:55 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000;
content-security-policy: script-src 'self' www.google.com www.gstatic.com secure.comodo.com www.trustlogo.com secure.trust-provider.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com tagmanager.google.com 'unsafe-inline' 'unsafe-eval';
vary: Accept-Encoding,User-Agent
content-encoding: gzip
x-powered-by: PHP/7.2.34, PleskLin
X-Firefox-Spdy: h2

ocsp.usertrust.com/

172.64.155.188

200 OK

2.2 kB

URL HTTP/1.1
ocsp.usertrust.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
2.2 kB (2236 bytes)
Hash
b115f7b82f00c5501b097adbd1165ec8
04552877f1da4f729518ba45d6c3b26b1304fa5e
476f4a90c0045a150eae7e9ea4ab14767f0f897458b6d0564cfa21a5ace46abb

HTTP Headers

POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 09:53:56 GMT
Content-Type: application/ocsp-response
Content-Length: 2236
Connection: keep-alive
Last-Modified: Sat, 01 Oct 2022 22:12:16 GMT
Expires: Sat, 08 Oct 2022 22:12:15 GMT
Etag: "04552877f1da4f729518ba45d6c3b26b1304fa5e"
Cache-Control: max-age=604177,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 522
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754d08888b22b517-OSL

secure.trust-provider.com/trustlogo/javascript/trustlogo.js

91.199.212.148

200 OK

14 kB

URL HTTP/1.1
secure.trust-provider.com/trustlogo/javascript/trustlogo.js
IP
91.199.212.148:0
ASN
#48447 Sectigo Limited

File type
HTML document text\012- exported SGML document, ASCII text, with very long lines (14088)
Size
14 kB (14089 bytes)
Hash
e46d5528af29f4224a927291166d2ddc
b8bb9695e47f7370db2dea4884e0efcbd86a4dca
1ba30b444f0489b7da1ca80092c7879835ba96404751aabbdb2647de4261fa05

HTTP Headers

GET /trustlogo/javascript/trustlogo.js HTTP/1.1
Host: secure.trust-provider.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 04 Oct 2022 09:53:56 GMT
Content-Type: application/javascript
Content-Length: 14089
Last-Modified: Mon, 28 Oct 2019 17:12:11 GMT
Connection: keep-alive
ETag: "5db7216b-3709"
Strict-Transport-Security: max-age=15768000
Accept-Ranges: bytes

ja.deals/img/strongbox.png

13.214.69.83

200 OK

1.8 kB

URL HTTP/2
ja.deals/img/strongbox.png
IP
13.214.69.83:0
ASN
#16509 AMAZON-02

File type
PNG image data, 64 x 64, 8-bit gray+alpha, non-interlaced\012- data
Size
1.8 kB (1763 bytes)
Hash
b16002831c336fb0ddc5436bcdb21097
52ea6678d97f2bcfb59bca7cdf5d5b0e15881afc
3fa7192ebca3f6459466fafd263bfb140109ad268e68504d3ea18df8f2341156

HTTP Headers

GET /img/strongbox.png HTTP/1.1
Host: ja.deals
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 09:53:56 GMT
content-type: image/png
content-length: 1763
last-modified: Thu, 13 Dec 2018 07:30:16 GMT
etag: "5c120a88-6e3"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

ja.deals/img/logo-icon.svg

13.214.69.83

200 OK

381 B

URL HTTP/2
ja.deals/img/logo-icon.svg
IP
13.214.69.83:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with CRLF line terminators
Size
381 B (381 bytes)
Hash
a33b8b1151e030bbddd1c48dbe15f822
9d0dcf62c37a05f721cc7f717c179bfe1656aae6
25f5d0ac6ec5425592eeba840c054b20fe86fb510ae30c665f9bb2770cadfff8

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /img/logo-icon.svg HTTP/1.1
Host: ja.deals
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 09:53:56 GMT
content-type: image/svg+xml
content-length: 381
x-accel-version: 0.01
last-modified: Wed, 14 Jul 2021 07:32:02 GMT
etag: "336-5c71059b52080-gzip"
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
x-powered-by: PleskLin
X-Firefox-Spdy: h2

ja.deals/img/accident.png

13.214.69.83

200 OK

1.1 kB

URL HTTP/2
ja.deals/img/accident.png
IP
13.214.69.83:0
ASN
#16509 AMAZON-02

File type
PNG image data, 64 x 64, 8-bit gray+alpha, non-interlaced\012- data
Size
1.1 kB (1072 bytes)
Hash
bea20f1b4781bec24cd316d421df7035
fc96111918a292eb7bbd2a8c21393470add1a720
14d62a741a722e23b8c05658498d3148d604445ab989ea3f0524004b7fa0a0b4

HTTP Headers

GET /img/accident.png HTTP/1.1
Host: ja.deals
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 09:53:56 GMT
content-type: image/png
content-length: 1072
last-modified: Thu, 13 Dec 2018 07:30:15 GMT
etag: "5c120a87-430"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

ja.deals/img/courier.png

13.214.69.83

200 OK

7.6 kB

URL HTTP/2
ja.deals/img/courier.png
IP
13.214.69.83:0
ASN
#16509 AMAZON-02

File type
PNG image data, 280 x 280, 8-bit/color RGBA, non-interlaced\012- data
Size
7.6 kB (7553 bytes)
Hash
38ac9355b05c46d8b8d12a03ad0a046f
57b3f053963222f497181c8126bc31dcd1e7dd55
bf08c85f98ef829a2732e919a4963c6a8b4ab9d637ebea412e3a2cc8429c9f8d

HTTP Headers

GET /img/courier.png HTTP/1.1
Host: ja.deals
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 09:53:56 GMT
content-type: image/png
content-length: 7553
last-modified: Thu, 24 Feb 2022 13:54:46 GMT
etag: "62178e26-1d81"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

secure.trust-provider.com/trustlogo/images/popup/seal_bg.gif

91.199.212.148

200 OK

4.9 kB

URL HTTP/1.1
secure.trust-provider.com/trustlogo/images/popup/seal_bg.gif
IP
91.199.212.148:0
ASN
#48447 Sectigo Limited

File type
GIF image data, version 89a, 204 x 80\012- data
Size
4.9 kB (4851 bytes)
Hash
3792ee5fc810dbbbc0497d925d9800d9
80b1d6d9fd6db6bd42223d8097fb67f372ab08ef
6a8d73fd166e03d8e1c024ac60d01d9110c4ac56b45f5bb402739e4095d4a95b

HTTP Headers

GET /trustlogo/images/popup/seal_bg.gif HTTP/1.1
Host: secure.trust-provider.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 04 Oct 2022 09:53:56 GMT
Content-Type: image/gif
Content-Length: 4851
Last-Modified: Tue, 30 Jul 2019 11:34:59 GMT
Connection: keep-alive
ETag: "5d402b63-12f3"
Strict-Transport-Security: max-age=15768000
Accept-Ranges: bytes

www.ja.insure/calculator/public/assets/ja_logo.png

104.21.73.118

200 OK

3.0 kB

URL HTTP/2
www.ja.insure/calculator/public/assets/ja_logo.png
IP
104.21.73.118:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 67 x 80, 8-bit/color RGBA, non-interlaced\012- data
Size
3.0 kB (2963 bytes)
Hash
9fedb3cd2bf5666a50280b635a138de1
2890068891833384893865c2496b5ef83183823e
164d8129a46fb8258bf9c109a5db167a31b7614ed23d49037bb4e33d95ddb65d

HTTP Headers

GET /calculator/public/assets/ja_logo.png HTTP/1.1
Host: www.ja.insure
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 04 Oct 2022 09:53:56 GMT
content-type: image/png
content-length: 2963
last-modified: Mon, 11 Jun 2018 14:20:45 GMT
cache-control: max-age=2592000, public
expires: 0
etag: "5b1e853d-b93"
x-powered-by: PleskLin
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oaxz5sm9UgeaNg8YrveDzHX1onMNgU7AlBnt41gQUfC2jYOJBEmPUOaxwVVZlcXaGUgyrFE0CU8hf%2FBvJvF7Pt6id2AdiP9KLpAbg0XenG7b%2BzZA4NXkzPzjQrHxcl4l"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 754d08871eb2b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

secure.trust-provider.com/trustlogo/images/popup/warranty_level.gif

91.199.212.148

200 OK

713 B

URL HTTP/1.1
secure.trust-provider.com/trustlogo/images/popup/warranty_level.gif
IP
91.199.212.148:0
ASN
#48447 Sectigo Limited

File type
GIF image data, version 89a, 77 x 24\012- data
Size
713 B (713 bytes)
Hash
642b0ef0750283724b9210755e693b78
bc9c18f7d529d166a6019e085a8d6b7fc649c5c7
e45902c0c28d8a669a37a61914c1eb760b093f7cc2d41693d52f82327329218d

HTTP Headers

GET /trustlogo/images/popup/warranty_level.gif HTTP/1.1
Host: secure.trust-provider.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 04 Oct 2022 09:53:56 GMT
Content-Type: image/gif
Content-Length: 713
Last-Modified: Tue, 30 Jul 2019 11:34:59 GMT
Connection: keep-alive
ETag: "5d402b63-2c9"
Strict-Transport-Security: max-age=15768000
Accept-Ranges: bytes

ja.deals/img/hexa.png

13.214.69.83

200 OK

308 kB

URL HTTP/2
ja.deals/img/hexa.png
IP
13.214.69.83:0
ASN
#16509 AMAZON-02

File type
PNG image data, 7371 x 5389, 8-bit/color RGBA, non-interlaced\012- data
Size
308 kB (307579 bytes)
Hash
abf47f2fa919c439ecdad74ae4eeeae9
df6b20bd56faaba253e740d125ef644c79184933
d05a33e1923b872d43a9b5e81966d01636437e515cfe4963856130a4d56d8e78

HTTP Headers

GET /img/hexa.png HTTP/1.1
Host: ja.deals
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 09:53:56 GMT
content-type: image/png
content-length: 307579
last-modified: Wed, 23 Mar 2022 14:55:17 GMT
etag: "623b34d5-4b17b"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

www.google-analytics.com/analytics.js

142.250.74.174

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20039 bytes)
Hash
47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Tue, 04 Oct 2022 08:41:09 GMT
expires: Tue, 04 Oct 2022 10:41:09 GMT
cache-control: public, max-age=7200
age: 4368
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
9e40b2c69615f45f2bc898334ab3e343
6a569648ed10564e126d3bbf3f91352e6b3f6d4f
4f1d0982c58b9bbeaa266b99292baa1a00c9e39280f73d5a525722c851e15981

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 09:53:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.ja.insure/assets/img/comodo_secure_seal.png

104.21.73.118

200 OK

2.1 kB

URL HTTP/2
www.ja.insure/assets/img/comodo_secure_seal.png
IP
104.21.73.118:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 106 x 42, 8-bit/color RGBA, non-interlaced\012- data
Size
2.1 kB (2113 bytes)
Hash
12d3d7c28115f6d9243bde537fc90066
dfb6c38102619361defe5680dfeab20cc5571486
d1cb285ddefc0ed3472610294788c827b761752bf0c954e3685a107806387bed

HTTP Headers

GET /assets/img/comodo_secure_seal.png HTTP/1.1
Host: www.ja.insure
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 04 Oct 2022 09:53:57 GMT
content-type: image/png
content-length: 2113
last-modified: Mon, 15 Apr 2019 07:08:28 GMT
cache-control: max-age=2592000
expires: Thu, 03 Nov 2022 09:53:57 GMT
etag: "5cb42dec-841"
x-powered-by: PleskLin
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H0CQsk9xKxJrzCo8OAvqf27MOf8%2F57cXNQ0LWkeD5DJXE3FDC5%2FsjcHjfweTVRwrrrxLmO1Pg9BdB7dAB%2BNl7h95BPMQg9fWNfc96k%2BrW8Jb0NcIyKB3e1ArE1AsTOdc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 754d0889e960b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
9e40b2c69615f45f2bc898334ab3e343
6a569648ed10564e126d3bbf3f91352e6b3f6d4f
4f1d0982c58b9bbeaa266b99292baa1a00c9e39280f73d5a525722c851e15981

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 09:53:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ja.deals/assets/vendor/rs-plugin/js/jquery.themepunch.revolution.min.js

13.214.69.83

200 OK

53 kB

URL HTTP/2
ja.deals/assets/vendor/rs-plugin/js/jquery.themepunch.revolution.min.js
IP
13.214.69.83:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (32108), with CRLF line terminators
Size
53 kB (52811 bytes)
Hash
45ae85d9d3515bd015e39a1d5f99ce02
8f65e4bb804e1c3b6ac7549b947aa0b5b68ab207
6d60d3a1fc349145024a0c1b5dee2a0abc8c0d57e0fd58cb3000cf5d8860c450

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/vendor/rs-plugin/js/jquery.themepunch.revolution.min.js HTTP/1.1
Host: ja.deals
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 09:53:56 GMT
content-type: application/javascript
last-modified: Mon, 13 Nov 2017 08:37:26 GMT
etag: W/"5a0959c6-37a43"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
53e0e5a2455fedae0d6308f91d41e445
237c2856f8a89ae3673ea909164557d65268c463
ddba9b3842f879168185b6607551069b312c44de4ec015ca4b43ad154d190bc8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 09:53:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
53e0e5a2455fedae0d6308f91d41e445
237c2856f8a89ae3673ea909164557d65268c463
ddba9b3842f879168185b6607551069b312c44de4ec015ca4b43ad154d190bc8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 09:53:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-119202186-1&cid=1318736940.1664877237&jid=1840776992&gjid=1587197756&_gid=704844371.1664877237&_u=YEDAAUABAAAAACAAI~&z=546537669

74.125.131.157

200 OK

1 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-119202186-1&cid=1318736940.1664877237&jid=1840776992&gjid=1587197756&_gid=704844371.1664877237&_u=YEDAAUABAAAAACAAI~&z=546537669
IP
74.125.131.157:0
ASN
#15169 GOOGLE

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-119202186-1&cid=1318736940.1664877237&jid=1840776992&gjid=1587197756&_gid=704844371.1664877237&_u=YEDAAUABAAAAACAAI~&z=546537669 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://ja.deals
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://ja.deals
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 04 Oct 2022 09:53:57 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-119202186-1&cid=1318736940.1664877237&jid=869851779&gjid=673558526&_gid=704844371.1664877237&_u=YEBAAUAAAAAAACAAI~&z=850012875

74.125.131.157

200 OK

1 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-119202186-1&cid=1318736940.1664877237&jid=869851779&gjid=673558526&_gid=704844371.1664877237&_u=YEBAAUAAAAAAACAAI~&z=850012875
IP
74.125.131.157:0
ASN
#15169 GOOGLE

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-119202186-1&cid=1318736940.1664877237&jid=869851779&gjid=673558526&_gid=704844371.1664877237&_u=YEBAAUAAAAAAACAAI~&z=850012875 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://ja.deals
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://ja.deals
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 04 Oct 2022 09:53:57 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ja.deals/assets/vendor/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0

13.214.69.83

200 OK

77 kB

URL HTTP/2
ja.deals/assets/vendor/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
IP
13.214.69.83:0
ASN
#16509 AMAZON-02

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/vendor/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: ja.deals
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://ja.deals/assets/vendor/font-awesome/css/font-awesome.min.css
Cookie: _ga=GA1.2.1318736940.1664877237; _gid=GA1.2.704844371.1664877237; _gat_gtag_UA_119202186_1=1; _gat=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 09:53:57 GMT
content-type: font/woff2
content-length: 77160
last-modified: Mon, 13 Nov 2017 08:36:54 GMT
etag: "5a0959a6-12d68"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
53e0e5a2455fedae0d6308f91d41e445
237c2856f8a89ae3673ea909164557d65268c463
ddba9b3842f879168185b6607551069b312c44de4ec015ca4b43ad154d190bc8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 09:53:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ja.deals/assets/vendor/popper/umd/popper.min.js

13.214.69.83

200 OK

0 B

URL HTTP/2
ja.deals/assets/vendor/popper/umd/popper.min.js
IP
13.214.69.83:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/vendor/popper/umd/popper.min.js HTTP/1.1
Host: ja.deals
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 09:53:56 GMT
content-type: application/javascript
last-modified: Mon, 13 Nov 2017 08:37:26 GMT
etag: W/"5a0959c6-4b24"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=PT+Sans:400,700

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=PT+Sans:400,700
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=PT+Sans:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 04 Oct 2022 09:53:57 GMT
date: Tue, 04 Oct 2022 09:53:57 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ja.deals/assets/vendor/common/common.min.js

13.214.69.83

200 OK

0 B

URL HTTP/2
ja.deals/assets/vendor/common/common.min.js
IP
13.214.69.83:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/vendor/common/common.min.js HTTP/1.1
Host: ja.deals
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 09:53:56 GMT
content-type: application/javascript
last-modified: Mon, 13 Nov 2017 08:37:28 GMT
etag: W/"5a0959c8-38c3"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

ja.deals/assets/js/demos/demo-photography.min.js

13.214.69.83

200 OK

0 B

URL HTTP/2
ja.deals/assets/js/demos/demo-photography.min.js
IP
13.214.69.83:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/js/demos/demo-photography.min.js HTTP/1.1
Host: ja.deals
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 09:53:56 GMT
content-type: application/javascript
last-modified: Wed, 18 Jul 2018 10:44:05 GMT
etag: W/"5b4f19f5-323a"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

ja.deals/assets/vendor/bootstrap/js/bootstrap.min.js

13.214.69.83

200 OK

0 B

URL HTTP/2
ja.deals/assets/vendor/bootstrap/js/bootstrap.min.js
IP
13.214.69.83:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/vendor/bootstrap/js/bootstrap.min.js HTTP/1.1
Host: ja.deals
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 09:53:56 GMT
content-type: application/javascript
last-modified: Mon, 13 Nov 2017 08:37:26 GMT
etag: W/"5a0959c6-c58a"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

ja.deals/assets/vendor/jquery/jquery.min.js

13.214.69.83

200 OK

0 B

URL HTTP/2
ja.deals/assets/vendor/jquery/jquery.min.js
IP
13.214.69.83:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/vendor/jquery/jquery.min.js HTTP/1.1
Host: ja.deals
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 09:53:56 GMT
content-type: application/javascript
last-modified: Mon, 13 Nov 2017 08:37:26 GMT
etag: W/"5a0959c6-15287"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

ja.deals/assets/vendor/jquery.validation/jquery.validation.min.js

13.214.69.83

200 OK

0 B

URL HTTP/2
ja.deals/assets/vendor/jquery.validation/jquery.validation.min.js
IP
13.214.69.83:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/vendor/jquery.validation/jquery.validation.min.js HTTP/1.1
Host: ja.deals
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 09:53:56 GMT
content-type: application/javascript
last-modified: Mon, 13 Nov 2017 08:37:28 GMT
etag: W/"5a0959c8-5bc7"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

ja.deals/assets/js/views/view.contact.min.js

13.214.69.83

200 OK

0 B

URL HTTP/2
ja.deals/assets/js/views/view.contact.min.js
IP
13.214.69.83:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/js/views/view.contact.min.js HTTP/1.1
Host: ja.deals
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 09:53:56 GMT
content-type: application/javascript
last-modified: Wed, 18 Jul 2018 10:45:56 GMT
etag: W/"5b4f1a64-6d0"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

ja.deals/assets/js/theme.init.min.js

13.214.69.83

200 OK

0 B

URL HTTP/2
ja.deals/assets/js/theme.init.min.js
IP
13.214.69.83:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/js/theme.init.min.js HTTP/1.1
Host: ja.deals
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 09:53:56 GMT
content-type: application/javascript
last-modified: Wed, 18 Jul 2018 10:43:12 GMT
etag: W/"5b4f19c0-15fb"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

ja.deals/assets/vendor/font-awesome/css/font-awesome.min.css

13.214.69.83

200 OK

0 B

URL HTTP/2
ja.deals/assets/vendor/font-awesome/css/font-awesome.min.css
IP
13.214.69.83:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/vendor/font-awesome/css/font-awesome.min.css HTTP/1.1
Host: ja.deals
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 09:53:57 GMT
content-type: text/css
last-modified: Mon, 13 Nov 2017 08:37:28 GMT
etag: W/"5a0959c8-7916"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

ja.deals/assets/js/theme.min.js

13.214.69.83

200 OK

0 B

URL HTTP/2
ja.deals/assets/js/theme.min.js
IP
13.214.69.83:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/js/theme.min.js HTTP/1.1
Host: ja.deals
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 09:53:56 GMT
content-type: application/javascript
last-modified: Wed, 18 Jul 2018 10:42:53 GMT
etag: W/"5b4f19ad-8fef"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

ja.deals/assets/vendor/rs-plugin/js/jquery.themepunch.tools.min.js

13.214.69.83

200 OK

0 B

URL HTTP/2
ja.deals/assets/vendor/rs-plugin/js/jquery.themepunch.tools.min.js
IP
13.214.69.83:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /assets/vendor/rs-plugin/js/jquery.themepunch.tools.min.js HTTP/1.1
Host: ja.deals
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ja.deals/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 09:53:56 GMT
content-type: application/javascript
last-modified: Mon, 13 Nov 2017 08:37:26 GMT
etag: W/"5a0959c6-1a406"
x-powered-by: PleskLin
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (23)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations