Report - afmaracaibo.org/bofa/BOAnew/login.php

Report Overview

Submitted URL
afmaracaibo.org/bofa/BOAnew/login.php
IP
199.115.116.43
ASN
#30633 LEASEWEB-USA-WDC
Submitted
2023-01-02 02:03:53
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
36

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ciar-kep.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	3.9 kB	44.197.81.247
xml-v4.gipostart-1.co	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	418 B	240 B	173.239.53.32
go.proffering.xyz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	552 B	1.1 kB	20.113.187.208
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	7.1 kB	95.101.11.115
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
ww38.afmaracaibo.org	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	4.1 kB	13.248.148.254
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	66 kB	34.120.237.76
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	530 B	2.6 kB	142.250.74.106
afmaracaibo.org	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	368 B	324 B	199.115.116.43
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	100.20.114.179
girlstaste.life	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.4 kB	470 kB	116.202.3.228
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341 B	797 B	93.184.220.29
d38psrni17bvxu.cloudfront.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	302 B	1.6 kB	54.230.245.8
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	2.8 kB	142.250.74.131
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	954 B	48 kB	216.58.207.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-01-02 02:03:38	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .life TLD
2023-01-02 02:03:38	medium	Client IP	Internal IP	ET INFO Observed DNS Query to .life TLD

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-02	medium	afmaracaibo.org/bofa/BOAnew/login.php	Malware
2023-01-02	medium	ww38.afmaracaibo.org/bofa/BOAnew/login.php	Malware
2023-01-02	medium	girlstaste.life/media/exit-new/exit1.js	Phishing
2023-01-02	medium	girlstaste.life/media/bb.js	Phishing
2023-01-02	medium	girlstaste.life/cookie/js.cookie.js	Phishing
2023-01-02	medium	girlstaste.life/util/utils.js	Phishing
2023-01-02	medium	girlstaste.life/media/dating/toon2/js/jquery-2.2.4.min.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-01-02	medium	girlstaste.life	Sinkholed
2023-01-02	medium	girlstaste.life	Sinkholed
2023-01-02	medium	girlstaste.life	Sinkholed
2023-01-02	medium	girlstaste.life	Sinkholed
2023-01-02	medium	girlstaste.life	Sinkholed
2023-01-02	medium	girlstaste.life	Sinkholed
2023-01-02	medium	girlstaste.life	Sinkholed
2023-01-02	medium	girlstaste.life	Sinkholed
2023-01-02	medium	girlstaste.life	Sinkholed
2023-01-02	medium	girlstaste.life	Sinkholed
2023-01-02	medium	girlstaste.life	Sinkholed

JavaScript (14)

	URL	Size	First Seen	Last Seen
	ww38.afmaracaibo.org/bofa/BOAnew/login.php	327 B	2023-03-12	2023-03-12
Pretty URL ww38.afmaracaibo.org/bofa/BOAnew/login.php IP 13.248.148.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 12:49:09 Last Seen2023-03-12 12:49:09 Times Seen1 Hash 610a9e4dac7245d78f8a02c48f74c5d4 c64aad53d153a6d9568cb13843a4b15fee90b4d4 6f487fc6194fb001feb325cc3e951b0160282ca9d9f9c16d3e99126750978bad Loading...

	ciar-kep.com/zcvisitor/af255485-8a41-11ed-aac9-1297a56f1363/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=af32e911-8a41-11ed-aac9-1297a56f1363	848 B	2023-03-12	2023-03-12
Pretty URL ciar-kep.com/zcvisitor/af255485-8a41-11ed-aac9-1297a56f1363/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=af32e911-8a41-11ed-aac9-1297a56f1363 IP 44.197.81.247 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 12:49:09 Last Seen2023-03-12 12:49:09 Times Seen1 Hash 3d96396b86ff693978298125fd6b7774 33a8b855adebe37aff41e7b4823aa6ffc8bddaf6 6b7dcc6d8bfadb6c972bb780da914d295030699a8bbcf76ce78288249485a52e Loading...

	girlstaste.life/media/exit-new/exit1.js	3.5 kB	2023-03-07	2024-04-18
Pretty URL girlstaste.life/media/exit-new/exit1.js IP 116.202.3.228 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:18 Last Seen2024-04-18 09:29:10 Times Seen13060 Hash 625e5e2950612f771e246beb33c9ea61 e4fc251c6c000496c285f8dc3fa097040b031681 618f345a156a0eda55177a1bf0e8a414104f9b6c6ff5cdbe71966f081ccb8a46 Loading...

	ww38.afmaracaibo.org/bofa/BOAnew/login.php	2.5 kB	2023-03-12	2023-03-12
Pretty URL ww38.afmaracaibo.org/bofa/BOAnew/login.php IP 13.248.148.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 12:49:09 Last Seen2023-03-12 12:49:09 Times Seen1 Hash 54bb4b7c72a58e8c38fbfb1426ec63fc 51090c4522bde0f1abbdfd2b7126547b19572f1a 1931c53ca4b2d85d958bae79cbe754c60bce833205155d5dcecef8cf431086f4 Loading...

	girlstaste.life/media/dating/toon2/js/jquery-2.2.4.min.js	86 kB	2023-03-07	2024-04-18
Pretty URL girlstaste.life/media/dating/toon2/js/jquery-2.2.4.min.js IP 116.202.3.228 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-18 09:41:48 Times Seen379502 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	girlstaste.life/media/bb.js	639 B	2023-03-07	2024-04-18
Pretty URL girlstaste.life/media/bb.js IP 116.202.3.228 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:18 Last Seen2024-04-18 09:29:10 Times Seen13387 Hash 0d553e4bac91c74bfee2dbabba61e99e 5af71e2377c9c012a7826a695f2724901941b19b 1be1304c675449b1bad38ea8c3da6c1da0763ed2fad339ee1aa461c7bf4e2a68 Loading...

	girlstaste.life/util/utils.js	7.5 kB	2023-03-07	2024-04-18
Pretty URL girlstaste.life/util/utils.js IP 116.202.3.228 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:18 Last Seen2024-04-18 09:29:10 Times Seen20490 Hash 01816d15ca03032751161a746e2fb7c3 dcc72ea5fa1356490ba473288159df9786b4a3c3 8b3c83a330bf1120a13eff6ef60c1e268b827b7bc49b42a7a1f5d8ad6941f2ea Loading...

	ww38.afmaracaibo.org/bofa/BOAnew/login.php	339 B	2023-03-12	2023-03-12
Pretty URL ww38.afmaracaibo.org/bofa/BOAnew/login.php IP 13.248.148.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 12:49:09 Last Seen2023-03-12 12:49:09 Times Seen1 Hash 86aa8201a3b5d2993f7a656b6fa5f7d7 87fc802aed36cf591cb3ebeb513ce2b24b2a7ea9 753ae428c1990b35f6d8364f05fd76bf827d3f2175eb762c303b12085e933faf Loading...

	ciar-kep.com/zcredirect?visitid=af255485-8a41-11ed-aac9-1297a56f1363&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false	89 B	2023-03-12	2023-03-12
Pretty URL ciar-kep.com/zcredirect?visitid=af255485-8a41-11ed-aac9-1297a56f1363&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false IP 44.197.81.247 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 12:49:09 Last Seen2023-03-12 12:49:09 Times Seen1 Hash cef59e620ed808d8834e59fe572b78c8 48cf0107726c7a1dd69be61a87cebe4eb09782bd d433209b76cd464515c925845d45e4a18d82ecc9482e30b711dd6f13570be18f Loading...

	girlstaste.life/?u=7pfk605&o=e9ym176&cid=2c12236f22909f4731d4ce92c13603b8-11246-0102	467 B	2023-03-12	2023-03-12
Pretty URL girlstaste.life/?u=7pfk605&o=e9ym176&cid=2c12236f22909f4731d4ce92c13603b8-11246-0102 IP 116.202.3.228 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 12:49:09 Last Seen2023-03-12 12:49:09 Times Seen1 Hash 968d0e392bc92adbfa06497f43ea5563 89d0d6faf9306c433dec9e9a20bb36b7ea578450 1f33dd92b0720f01ba60ef29e0c7ea4a2ceed5109f009ce5d289642481cdd0b4 Loading...

	girlstaste.life/?u=7pfk605&o=e9ym176&cid=2c12236f22909f4731d4ce92c13603b8-11246-0102	311 B	2023-03-07	2023-12-04
Pretty URL girlstaste.life/?u=7pfk605&o=e9ym176&cid=2c12236f22909f4731d4ce92c13603b8-11246-0102 IP 116.202.3.228 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:35:36 Last Seen2023-12-04 22:58:34 Times Seen256 Hash 35bd4aa2b5c5961688fa9add64b0d579 181145d4e43eb12d4e23adb29c5649c602a7902c cb2b611dccd8aefaa4e0645fb6e75d5585c34ddffbdaceb66828389357b9e571 Loading...

	ww38.afmaracaibo.org/bofa/BOAnew/login.php	413 B	2023-03-12	2023-03-12
Pretty URL ww38.afmaracaibo.org/bofa/BOAnew/login.php IP 13.248.148.254 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 12:49:09 Last Seen2023-03-12 12:49:09 Times Seen1 Hash 5af1d3b2546e5ebdbba4a05e5357f572 61e6786d66c4cdb6c60b8c43dfeed7a8cec4cd12 1a400f5ad5f07cf91bd6d0107e3b92293ecc88dfaa09709213c702cc2fcc2a1e Loading...

	d38psrni17bvxu.cloudfront.net/scripts/js3.js	1.1 kB	2023-03-07	2023-03-17
Pretty URL d38psrni17bvxu.cloudfront.net/scripts/js3.js IP 54.230.245.8 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16:45 Last Seen2023-03-17 12:40:12 Times Seen1 Hash 64b79b43df8fbf2c5d082964b9116a68 dc3c763519baf0f4c32bb60bfc429651a491ea01 c57e9feec209e3ea5eb1d75a1ba6fa277242a3df250055be8446052b51e58637 Loading...

	girlstaste.life/cookie/js.cookie.js	4.3 kB	2023-03-07	2024-04-18
Pretty URL girlstaste.life/cookie/js.cookie.js IP 116.202.3.228 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:18 Last Seen2024-04-18 09:29:10 Times Seen7519 Hash a7e9883924072f15259de6888d5ef515 7f4f6e5938e68f55aef81e0cd0145f008cd28382 985659942ab60a92b3c0a7f876d9ef60e8f048ff655a622a172fa4b44f901b6c Loading...

HTTP Transactions (49)

URL IP Response Size

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
97a9e292b1e09ac6fb7c784fe38d0065
6c2093595d87dd4429345da43d264b7321d50f38
f4de30ea042e3ed7f7d2f738e00120d13f301649744abeebb7dd0aef6c19188d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F4DE30EA042E3ED7F7D2F738E00120D13F301649744ABEEBB7DD0AEF6C19188D"
Last-Modified: Sun, 01 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5989
Expires: Mon, 02 Jan 2023 03:43:31 GMT
Date: Mon, 02 Jan 2023 02:03:42 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ce513efd221761d14db2a9d9b9de21fe
27e24aaae79ad728c25901a061b5849ca9c26f81
d988a7a4b3a06412e1a44ea63dd04e5e2a41aa4465959c76cfe686dbc8891cb9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D988A7A4B3A06412E1A44EA63DD04E5E2A41AA4465959C76CFE686DBC8891CB9"
Last-Modified: Sun, 01 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18977
Expires: Mon, 02 Jan 2023 07:19:59 GMT
Date: Mon, 02 Jan 2023 02:03:42 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 02 Jan 2023 01:36:02 GMT
content-type: application/json
age: 1660
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e71f8c03e957e6b1526fc3f1537b3d95
6f1e5a549978b3cc67fa6142fd4bf45d2730bf71
29e3d9e5d2fec1b8e13beafa7970157db0c8b07392c4dd53fc033b609f2fc7ad

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "29E3D9E5D2FEC1B8E13BEAFA7970157DB0C8B07392C4DD53FC033B609F2FC7AD"
Last-Modified: Sun, 01 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4421
Expires: Mon, 02 Jan 2023 03:17:23 GMT
Date: Mon, 02 Jan 2023 02:03:42 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: WlGa5GTxKWF5zLwPY1Bkb/xFF+I8DkvgJncAm+0Vuwn7202/BSfGGGQ1G32xaNtrCKruWFvncbs=
x-amz-request-id: K5C3D0AJ2BECYDGW
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 02 Jan 2023 02:00:18 GMT
age: 204
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

afmaracaibo.org/bofa/BOAnew/login.php

199.115.116.43

302 Found

0 B

URL HTTP/1.1
afmaracaibo.org/bofa/BOAnew/login.php
IP
199.115.116.43:0
ASN
#30633 LEASEWEB-USA-WDC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /bofa/BOAnew/login.php HTTP/1.1
Host: afmaracaibo.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
date: Mon, 02 Jan 2023 02:03:42 GMT
server: Apache/2.4.38 (Debian)
set-cookie: __tad=1672625022.1398957; expires=Thu, 30-Dec-2032 02:03:42 GMT; Max-Age=315360000
location: http://ww38.afmaracaibo.org/bofa/BOAnew/login.php
content-length: 0
content-type: text/html; charset=UTF-8
connection: close

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 02 Jan 2023 02:03:42 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Pragma, Last-Modified, Expires, Alert, Content-Type, Retry-After, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 02 Jan 2023 01:08:11 GMT
age: 3332
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e2a99db6956684dc306ada584f1907d8
21c3fc85b00308907c1cffcb36b1ba1a4617f613
cf568c4a26fb352228e849b18fbca0f6fd3b3a89055cd5f4fc0cdd11f9b9733e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4800
Cache-Control: max-age=116586
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 02:03:43 GMT
Etag: "63b14d29-1d7"
Expires: Tue, 03 Jan 2023 10:26:49 GMT
Last-Modified: Sun, 01 Jan 2023 09:06:49 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471

ww38.afmaracaibo.org/bofa/BOAnew/login.php

13.248.148.254

200 OK

2.5 kB

URL HTTP/1.1
ww38.afmaracaibo.org/bofa/BOAnew/login.php
IP
13.248.148.254:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2242)
Size
2.5 kB (2484 bytes)
Hash
e2b91fa04ec32c19013263717af922b8
c8f515a48c59847613e07902e9e4dfadefc25b23
3f358b8e58f9317a5f0988984fb150b1c626cbd968b12f5ba50cfe8f6f1c724c

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /bofa/BOAnew/login.php HTTP/1.1
Host: ww38.afmaracaibo.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Mon, 02 Jan 2023 02:03:43 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Redirect: zeropark_zeroclick
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip

d38psrni17bvxu.cloudfront.net/scripts/js3.js

54.230.245.8

200 OK

1.1 kB

URL HTTP/1.1
d38psrni17bvxu.cloudfront.net/scripts/js3.js
IP
54.230.245.8:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (506)
Size
1.1 kB (1134 bytes)
Hash
64b79b43df8fbf2c5d082964b9116a68
dc3c763519baf0f4c32bb60bfc429651a491ea01
c57e9feec209e3ea5eb1d75a1ba6fa277242a3df250055be8446052b51e58637

HTTP Headers

GET /scripts/js3.js HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww38.afmaracaibo.org/

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 1134
Connection: keep-alive
Server: nginx
Date: Sun, 01 Jan 2023 04:54:42 GMT
Last-Modified: Tue, 17 Aug 2021 09:17:22 GMT
Accept-Ranges: bytes
ETag: "611b7ea2-46e"
X-Cache: Hit from cloudfront
Via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: TaxIlnLXI_s4XUkKjOpOnkO3hW2K4oUwnVA1xGpTWShjUuU-xenhvA==
Age: 76141

push.services.mozilla.com/

100.20.114.179

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
100.20.114.179:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Q95t6ioa96mC83g5wEJphw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: d8p3Q84Tj02yw7iE8LEja89XBuQ=

ww38.afmaracaibo.org/track.php?domain=afmaracaibo.org&toggle=browserjs&uid=MTY3MjYyNTAyMy4yNzAxOjZkYThhMzc1MWFiZTVkZjE1NjQxMjhlZGIzMGQ1MGZmZjcwNWZlNzEwYjM2MjhhMDRmY2QyNmUyYzIwODBmYTM6NjNiMjNiN2Y0MWYwZA%3D%3D

13.248.148.254

200 OK

20 B

URL HTTP/1.1
ww38.afmaracaibo.org/track.php?domain=afmaracaibo.org&toggle=browserjs&uid=MTY3MjYyNTAyMy4yNzAxOjZkYThhMzc1MWFiZTVkZjE1NjQxMjhlZGIzMGQ1MGZmZjcwNWZlNzEwYjM2MjhhMDRmY2QyNmUyYzIwODBmYTM6NjNiMjNiN2Y0MWYwZA%3D%3D
IP
13.248.148.254:0
ASN
#16509 AMAZON-02

File type
data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /track.php?domain=afmaracaibo.org&toggle=browserjs&uid=MTY3MjYyNTAyMy4yNzAxOjZkYThhMzc1MWFiZTVkZjE1NjQxMjhlZGIzMGQ1MGZmZjcwNWZlNzEwYjM2MjhhMDRmY2QyNmUyYzIwODBmYTM6NjNiMjNiN2Y0MWYwZA%3D%3D HTTP/1.1
Host: ww38.afmaracaibo.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww38.afmaracaibo.org/bofa/BOAnew/login.php

HTTP/1.1 200 OK
Date: Mon, 02 Jan 2023 02:03:44 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip

ww38.afmaracaibo.org/favicon.ico

13.248.148.254

200 OK

0 B

URL HTTP/1.1
ww38.afmaracaibo.org/favicon.ico
IP
13.248.148.254:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ww38.afmaracaibo.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww38.afmaracaibo.org/bofa/BOAnew/login.php

HTTP/1.1 200 OK
Date: Mon, 02 Jan 2023 02:03:44 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-0"
Accept-Ranges: bytes

ww38.afmaracaibo.org/track.php?click=8bc5311fea51f5d88ad90580a49f43a22d8f5165&domain=afmaracaibo.org&uid=MTY3MjYyNTAyMy4yNzAxOjZkYThhMzc1MWFiZTVkZjE1NjQxMjhlZGIzMGQ1MGZmZjcwNWZlNzEwYjM2MjhhMDRmY2QyNmUyYzIwODBmYTM6NjNiMjNiN2Y0MWYwZA%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2M2IyM2I3ZjQxZWVlfHx8MTY3MjYyNTAyMy41NzF8YjFkZmIyMzRiY2MyMWRhZGI3YjYwMGRiNDk4MWYzZTAyNGFjMjQyZXx8fHx8MXx8MHwwfHx8fDF8fHx8fDB8MHx8fHx8fHx8fHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fGEzZGY1ZDFkNDcyZjZlMmU0NmI3NWYyZjliY2FiNDRjYTY1ZGUyZjZ8MHxkcC10ZWFtaW50ZXJuZXQwOV8zcGh8MHww&kw=&search=&pcat=&rxid=&bucket=&clientID=&adtest=off

13.248.148.254

200 OK

20 B

URL HTTP/1.1
ww38.afmaracaibo.org/track.php?click=8bc5311fea51f5d88ad90580a49f43a22d8f5165&domain=afmaracaibo.org&uid=MTY3MjYyNTAyMy4yNzAxOjZkYThhMzc1MWFiZTVkZjE1NjQxMjhlZGIzMGQ1MGZmZjcwNWZlNzEwYjM2MjhhMDRmY2QyNmUyYzIwODBmYTM6NjNiMjNiN2Y0MWYwZA%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2M2IyM2I3ZjQxZWVlfHx8MTY3MjYyNTAyMy41NzF8YjFkZmIyMzRiY2MyMWRhZGI3YjYwMGRiNDk4MWYzZTAyNGFjMjQyZXx8fHx8MXx8MHwwfHx8fDF8fHx8fDB8MHx8fHx8fHx8fHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fGEzZGY1ZDFkNDcyZjZlMmU0NmI3NWYyZjliY2FiNDRjYTY1ZGUyZjZ8MHxkcC10ZWFtaW50ZXJuZXQwOV8zcGh8MHww&kw=&search=&pcat=&rxid=&bucket=&clientID=&adtest=off
IP
13.248.148.254:0
ASN
#16509 AMAZON-02

File type
data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /track.php?click=8bc5311fea51f5d88ad90580a49f43a22d8f5165&domain=afmaracaibo.org&uid=MTY3MjYyNTAyMy4yNzAxOjZkYThhMzc1MWFiZTVkZjE1NjQxMjhlZGIzMGQ1MGZmZjcwNWZlNzEwYjM2MjhhMDRmY2QyNmUyYzIwODBmYTM6NjNiMjNiN2Y0MWYwZA%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2M2IyM2I3ZjQxZWVlfHx8MTY3MjYyNTAyMy41NzF8YjFkZmIyMzRiY2MyMWRhZGI3YjYwMGRiNDk4MWYzZTAyNGFjMjQyZXx8fHx8MXx8MHwwfHx8fDF8fHx8fDB8MHx8fHx8fHx8fHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fGEzZGY1ZDFkNDcyZjZlMmU0NmI3NWYyZjliY2FiNDRjYTY1ZGUyZjZ8MHxkcC10ZWFtaW50ZXJuZXQwOV8zcGh8MHww&kw=&search=&pcat=&rxid=&bucket=&clientID=&adtest=off HTTP/1.1
Host: ww38.afmaracaibo.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww38.afmaracaibo.org/bofa/BOAnew/login.php

HTTP/1.1 200 OK
Date: Mon, 02 Jan 2023 02:03:44 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
06df5289bf33faf0b87af8ed2b337be4
0006bf96bfe53c68f3c414e3507f8a8ce9698d0a
f42cf618d71efffa435090795cd04205693063a17f8e44854845a2515aab0fdd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F42CF618D71EFFFA435090795CD04205693063A17F8E44854845A2515AAB0FDD"
Last-Modified: Sun, 01 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3211
Expires: Mon, 02 Jan 2023 02:57:15 GMT
Date: Mon, 02 Jan 2023 02:03:44 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
06df5289bf33faf0b87af8ed2b337be4
0006bf96bfe53c68f3c414e3507f8a8ce9698d0a
f42cf618d71efffa435090795cd04205693063a17f8e44854845a2515aab0fdd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F42CF618D71EFFFA435090795CD04205693063A17F8E44854845A2515AAB0FDD"
Last-Modified: Sun, 01 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3211
Expires: Mon, 02 Jan 2023 02:57:15 GMT
Date: Mon, 02 Jan 2023 02:03:44 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
06df5289bf33faf0b87af8ed2b337be4
0006bf96bfe53c68f3c414e3507f8a8ce9698d0a
f42cf618d71efffa435090795cd04205693063a17f8e44854845a2515aab0fdd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F42CF618D71EFFFA435090795CD04205693063A17F8E44854845A2515AAB0FDD"
Last-Modified: Sun, 01 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3211
Expires: Mon, 02 Jan 2023 02:57:15 GMT
Date: Mon, 02 Jan 2023 02:03:44 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F76e3dbb4-bf4a-4b47-ac90-80e69a417bac.jpeg

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F76e3dbb4-bf4a-4b47-ac90-80e69a417bac.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11442 bytes)
Hash
a8222c53a96929ae9f6c41c47764f167
d9d4bd8193a5d394d7ccd020e93e939ed7e361df
6e970bbe6a0ade466b50d9a9d3ab622920d3f4daf8cca1df7bb8eb949d7dfacb

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F76e3dbb4-bf4a-4b47-ac90-80e69a417bac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11442
x-amzn-requestid: aabec050-807a-4083-8004-7967d31646e6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d8I1PHdWIAMFrNA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae54ee-6209a0880baa2000448039d6;Sampled=0
x-amzn-remapped-date: Fri, 30 Dec 2022 03:03:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wDMd6F3q4DNCb2rVc4ovT1VL2INzaep6XvD71zela2CrFX0nzYxC9A==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 01 Jan 2023 07:50:27 GMT
age: 65597
etag: "d9d4bd8193a5d394d7ccd020e93e939ed7e361df"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfe669f6-58e5-4359-a35d-7977c28f7901.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11985 bytes)
Hash
17203f6e8929db783d25f413ee55e370
263e02bbbbde3073926d90d02045f9a7d5e53413
37c9d11fd1a880e0bb07fe87b2a4aa1ced7cf3820a7c25b3fa533ea51219fdaa

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfe669f6-58e5-4359-a35d-7977c28f7901.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11985
x-amzn-requestid: 32d8ea90-634f-4353-8844-3da86c1a0bee
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eFRyAEQOoAMFYwg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b1fcd9-200319be084586a273a8fb51;Sampled=0
x-amzn-remapped-date: Sun, 01 Jan 2023 21:36:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: PtrRRX5ILNR8qKBHKu39gplaQNK3fcXzTonJIcUSELSl4wwKF-Arkw==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 01 Jan 2023 21:58:11 GMT
etag: "263e02bbbbde3073926d90d02045f9a7d5e53413"
content-type: image/jpeg
age: 14733
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3f5efb8-d662-4b58-9319-e024ddd04331.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.8 kB (7755 bytes)
Hash
f863eb68713f937898561731454ef32e
b0ca943b8ca57da9cf2c69384e5c598bdfb48d33
4af7b5228d39d0e47a159422483fa6ccf683920241a50e4c6348d176a2783a6c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3f5efb8-d662-4b58-9319-e024ddd04331.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7755
x-amzn-requestid: 8a52ee34-c50c-4a05-9fa3-17770c3d61ab
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eFSNAFbJoAMFu8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b1fd86-09de8074042bc69045896070;Sampled=0
x-amzn-remapped-date: Sun, 01 Jan 2023 21:39:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: AwE7pLbWK6Q22wWyQjk_c2sRMBrSsV-SiZoyNdGKqYc5QTafBfuJsA==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Sun, 01 Jan 2023 21:58:11 GMT
age: 14733
etag: "b0ca943b8ca57da9cf2c69384e5c598bdfb48d33"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbff09b5-fd04-45ca-959e-83e4f40897df.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10696 bytes)
Hash
02a9375cec16bfe696766c8d373d9b54
2167c2f197dd44558ac2dea500d8b6b3cfa50e83
6f94fe0c817b031d913d53fee6b317148bdabea044102b8f0c9df8a3737d59f1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbff09b5-fd04-45ca-959e-83e4f40897df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10696
x-amzn-requestid: 2117681b-ee8b-4881-b860-087a8662a3c2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7xM1FK7oAMFd4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae2f1e-5a3648ba2ac7ba01177f361d;Sampled=0
x-amzn-remapped-date: Fri, 30 Dec 2022 00:21:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: q6iynVloHNnImjEwinGPE2aK--d_0Qz8LhHe3a6NqOJhTDhuYjCgrA==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Sun, 01 Jan 2023 04:20:26 GMT
age: 78198
etag: "2167c2f197dd44558ac2dea500d8b6b3cfa50e83"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4bfe4faa-0902-4048-9fa3-ee90f050c3e6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.6 kB (9553 bytes)
Hash
637fa2e4a9d13d27b853f79963fcaf66
864eb6eedab1c17c5d36458b6ed318ece61d62d9
34cee03b8390cfdff3a51509c494464c3db241508e152df54d922485392c029f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4bfe4faa-0902-4048-9fa3-ee90f050c3e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9553
x-amzn-requestid: 872aef94-65be-4b4e-b904-fb6be8d7ba80
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eFRxiHnXoAMFzyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b1fcd6-681bbf9b4c10237842ac5e6e;Sampled=0
x-amzn-remapped-date: Sun, 01 Jan 2023 21:36:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Fs0gFGup81X3pc17a7iwWcVc_uQTSNKn_tjCTGaubAVsw4KQue9vfQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 01 Jan 2023 21:53:02 GMT
age: 15042
etag: "864eb6eedab1c17c5d36458b6ed318ece61d62d9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7153fc4b-7c90-467e-ba1a-51f499f28968.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7711 bytes)
Hash
b56e64879a03f94bf2c9cb2e0f0e74d2
19d1b0ffa5052e9d3845f52dfebaf4dc76294423
2d96bf03a8f188d0d93d42eae868c06dd12bf58dabecb2c5bb25c4edab42e67a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7153fc4b-7c90-467e-ba1a-51f499f28968.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7711
x-amzn-requestid: 51d07dbb-2cba-4113-aaab-ac7b0bc7d9a3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: eFSLyHZ-IAMFaTA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63b1fd7e-114b94170303ccdb6a4253ad;Sampled=0
x-amzn-remapped-date: Sun, 01 Jan 2023 21:39:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GKHFGOVs0JpKmcH_ek199i-qfldy3Ap6cPHpaBPaBUTK1yrUzDsBuA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sun, 01 Jan 2023 21:58:22 GMT
age: 14722
etag: "19d1b0ffa5052e9d3845f52dfebaf4dc76294423"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ciar-kep.com/zcvisitor/af255485-8a41-11ed-aac9-1297a56f1363/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=af32e911-8a41-11ed-aac9-1297a56f1363

44.197.81.247

200

1.1 kB

URL HTTP/1.1
ciar-kep.com/zcvisitor/af255485-8a41-11ed-aac9-1297a56f1363/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=af32e911-8a41-11ed-aac9-1297a56f1363
IP
44.197.81.247:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.1 kB (1096 bytes)
Hash
d946b0b6c1a2029dbd709c4cfcb384c4
46f2344c3e6a177b66e92a16d47030d13fd89b70
421283fff31b89e3c7aebca1ddd537049d69d6a0979cc03d2f81963dee53dc78

HTTP Headers

GET /zcvisitor/af255485-8a41-11ed-aac9-1297a56f1363/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=af32e911-8a41-11ed-aac9-1297a56f1363 HTTP/1.1
Host: ciar-kep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww38.afmaracaibo.org/
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 
Date: Mon, 02 Jan 2023 02:03:44 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: sSRdrVHS

ciar-kep.com/zcredirect?visitid=af255485-8a41-11ed-aac9-1297a56f1363&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false

44.197.81.247

200

308 B

URL HTTP/1.1
ciar-kep.com/zcredirect?visitid=af255485-8a41-11ed-aac9-1297a56f1363&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
IP
44.197.81.247:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
308 B (308 bytes)
Hash
98d8d3e6f6dd692ae8a1b6aa872ac6d0
ac27c9a15b71d8141bd6936004c83afd66b99ff8
48cdc2f5f11e41314340914be22036c5f347242c33c87516ae411d5d31aa7095

HTTP Headers

GET /zcredirect?visitid=af255485-8a41-11ed-aac9-1297a56f1363&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1
Host: ciar-kep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ciar-kep.com/zcvisitor/af255485-8a41-11ed-aac9-1297a56f1363/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=af32e911-8a41-11ed-aac9-1297a56f1363
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 
Date: Mon, 02 Jan 2023 02:03:45 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: gYzqLSGS

ciar-kep.com/favicon.ico

44.197.81.247

404

653 B

URL HTTP/1.1
ciar-kep.com/favicon.ico
IP
44.197.81.247:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Size
653 B (653 bytes)
Hash
ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ciar-kep.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ciar-kep.com/zcredirect?visitid=af255485-8a41-11ed-aac9-1297a56f1363&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false

HTTP/1.1 404 
Date: Mon, 02 Jan 2023 02:03:45 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: gYzqLSGS

xml-v4.gipostart-1.co/click?seat=2114927&i=Zh*GA4uhwhw_0

173.239.53.32

302 Found

0 B

URL HTTP/1.1
xml-v4.gipostart-1.co/click?seat=2114927&i=Zh*GA4uhwhw_0
IP
173.239.53.32:0
ASN
#27257 WEBAIR-INTERNET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?seat=2114927&i=Zh*GA4uhwhw_0 HTTP/1.1
Host: xml-v4.gipostart-1.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ciar-kep.com/
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://go.proffering.xyz/15Gu5p?zoneid=13117553585&pubfeed=397303/397303.13117553585&campaign=671642&cost=0.00055
Pragma: no-cache

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
30992be0cf780535864c9fb75d08e028
5c3b279f957e6db9966a9176326f5eb3d3778e9c
df60526e33833a0217ef431c4a78077db4a90297f4350a56256a6ce952f8d344

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF60526E33833A0217EF431C4A78077DB4A90297F4350A56256A6CE952F8D344"
Last-Modified: Sun, 01 Jan 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8355
Expires: Mon, 02 Jan 2023 04:23:00 GMT
Date: Mon, 02 Jan 2023 02:03:45 GMT
Connection: keep-alive

go.proffering.xyz/15Gu5p?zoneid=13117553585&pubfeed=397303/397303.13117553585&campaign=671642&cost=0.00055

20.113.187.208

302 Found

244 B

URL HTTP/1.1
go.proffering.xyz/15Gu5p?zoneid=13117553585&pubfeed=397303/397303.13117553585&campaign=671642&cost=0.00055
IP
20.113.187.208:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document, ASCII text, with no line terminators
Size
244 B (244 bytes)
Hash
04c3e81c3e5890637a9ac8647c80d9ad
d234dfa824dbcc5273af780d5f99ccbdced0f596
e3d8774bf6f6cf0e85c3574aba24e3a7abaf21b5634ee1149c2aab0c1be0ecab

HTTP Headers

GET /15Gu5p?zoneid=13117553585&pubfeed=397303/397303.13117553585&campaign=671642&cost=0.00055 HTTP/1.1
Host: go.proffering.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ciar-kep.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Server: nginx/1.23.0
Date: Mon, 02 Jan 2023 02:03:45 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 244
Connection: keep-alive
X-Powered-By: Express
Set-Cookie: 15Gu5po=20230102051672625491359; domain=.go.proffering.xyz; path=/;expires=Tue, 03 Jan 2023 02:03:45 GMT;  httpOnly=true;SameSite=None; Secure;
_pc_lc_id=15Gu5p; domain=.go.proffering.xyz; path=/;expires=Tue, 03 Jan 2023 02:03:45 GMT;  httpOnly=true;SameSite=None; Secure;
peerclickcid=2c12236f22909f4731d4ce92c13603b8-11246-0102; domain=.go.proffering.xyz; path=/;expires=Tue, 03 Jan 2023 02:03:45 GMT;  httpOnly=true;SameSite=None; Secure;
_norg=1; domain=.go.proffering.xyz; path=/;expires=Tue, 03 Jan 2023 02:03:45 GMT;  httpOnly=true;SameSite=None; Secure;
Location: https://girlstaste.life/?u=7pfk605&o=e9ym176&cid=2c12236f22909f4731d4ce92c13603b8-11246-0102
Vary: Accept

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d5ef9ba8631db71130c2f5f441f43652
b159ebf644cea72c56be0f88aaf518a0ef7757d0
18ed9e2cee6d5392104a338b47bd36d4ce356daa5c099cf070d31ef1add9ffc0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "18ED9E2CEE6D5392104A338B47BD36D4CE356DAA5C099CF070D31EF1ADD9FFC0"
Last-Modified: Sun, 01 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8210
Expires: Mon, 02 Jan 2023 04:20:36 GMT
Date: Mon, 02 Jan 2023 02:03:46 GMT
Connection: keep-alive

girlstaste.life/?u=7pfk605&o=e9ym176&cid=2c12236f22909f4731d4ce92c13603b8-11246-0102

116.202.3.228

200 OK

2.3 kB

URL HTTP/1.1
girlstaste.life/?u=7pfk605&o=e9ym176&cid=2c12236f22909f4731d4ce92c13603b8-11246-0102
IP
116.202.3.228:0
ASN
#24940 Hetzner Online GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (480), with CRLF line terminators
Size
2.3 kB (2298 bytes)
Hash
b9dc5b4ff1b6649639aabca39d186cf9
cc350b78acfba5a07b4bfc4693292b5a0909c576
218482932ab627ed0c4247d530ac179c10cadfd74b7a0e9b56d944ea7e5c431f

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /?u=7pfk605&o=e9ym176&cid=2c12236f22909f4731d4ce92c13603b8-11246-0102 HTTP/1.1
Host: girlstaste.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ciar-kep.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jan 2023 02:03:46 GMT
Content-Type: text/html
Content-Length: 2298
Connection: keep-alive
content-encoding: gzip
vary: Accept-Encoding
set-cookie: sid=t1~3rd3uwgjuojsk5bamydcgzso; path=/
cache-control: private, no-transform

girlstaste.life/media/dating/toon2/css/animate.min.css

116.202.3.228

200 OK

53 kB

URL HTTP/1.1
girlstaste.life/media/dating/toon2/css/animate.min.css
IP
116.202.3.228:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (52592)
Size
53 kB (52789 bytes)
Hash
178b651958ceff556cbc5f355e08bbf1
97afa151569f046b2e01f27c1871646e9cd87caf
8fe3fa119255adb5e0c12479331f9e092e85bcff56ab6ecc0510bfa2056b898d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /media/dating/toon2/css/animate.min.css HTTP/1.1
Host: girlstaste.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlstaste.life/?u=7pfk605&o=e9ym176&cid=2c12236f22909f4731d4ce92c13603b8-11246-0102
Cookie: sid=t1~3rd3uwgjuojsk5bamydcgzso
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jan 2023 02:03:46 GMT
Content-Type: text/css
Content-Length: 52789
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "178b651958ceff556cbc5f355e08bbf1"
Last-Modified: Wed, 31 Aug 2022 09:34:40 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17365B35E4BD0D1E
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 02 Jan 2024 02:03:46 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

girlstaste.life/media/exit-new/exit1.js

116.202.3.228

200 OK

3.5 kB

URL HTTP/1.1
girlstaste.life/media/exit-new/exit1.js
IP
116.202.3.228:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (641), with CRLF line terminators
Size
3.5 kB (3473 bytes)
Hash
625e5e2950612f771e246beb33c9ea61
e4fc251c6c000496c285f8dc3fa097040b031681
618f345a156a0eda55177a1bf0e8a414104f9b6c6ff5cdbe71966f081ccb8a46

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /media/exit-new/exit1.js HTTP/1.1
Host: girlstaste.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlstaste.life/?u=7pfk605&o=e9ym176&cid=2c12236f22909f4731d4ce92c13603b8-11246-0102
Cookie: sid=t1~3rd3uwgjuojsk5bamydcgzso
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jan 2023 02:03:46 GMT
Content-Type: application/javascript
Content-Length: 3473
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "625e5e2950612f771e246beb33c9ea61"
Last-Modified: Wed, 31 Aug 2022 09:34:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17365A7DD4A404BA
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 02 Jan 2024 02:03:46 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

girlstaste.life/media/dating/toon2/css/style.css

116.202.3.228

200 OK

8.6 kB

URL HTTP/1.1
girlstaste.life/media/dating/toon2/css/style.css
IP
116.202.3.228:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with CRLF line terminators
Size
8.6 kB (8608 bytes)
Hash
549edaff59c582a6a3ca91f95c60ea71
a9edcba7d667efcfd812bcd413ccbdcb2b67cc88
b28722475035fc8fdc751034c2df8f49d66eb25cf28cf031c4e7357414a131da

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /media/dating/toon2/css/style.css HTTP/1.1
Host: girlstaste.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlstaste.life/?u=7pfk605&o=e9ym176&cid=2c12236f22909f4731d4ce92c13603b8-11246-0102
Cookie: sid=t1~3rd3uwgjuojsk5bamydcgzso
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jan 2023 02:03:46 GMT
Content-Type: text/css
Content-Length: 8608
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "549edaff59c582a6a3ca91f95c60ea71"
Last-Modified: Wed, 31 Aug 2022 09:34:40 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17365B3D02426EAC
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 02 Jan 2024 02:03:46 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

girlstaste.life/media/bb.js

116.202.3.228

200 OK

639 B

URL HTTP/1.1
girlstaste.life/media/bb.js
IP
116.202.3.228:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (639), with no line terminators
Size
639 B (639 bytes)
Hash
0d553e4bac91c74bfee2dbabba61e99e
5af71e2377c9c012a7826a695f2724901941b19b
1be1304c675449b1bad38ea8c3da6c1da0763ed2fad339ee1aa461c7bf4e2a68

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /media/bb.js HTTP/1.1
Host: girlstaste.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlstaste.life/?u=7pfk605&o=e9ym176&cid=2c12236f22909f4731d4ce92c13603b8-11246-0102
Cookie: sid=t1~3rd3uwgjuojsk5bamydcgzso
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jan 2023 02:03:46 GMT
Content-Type: application/javascript
Content-Length: 639
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "0d553e4bac91c74bfee2dbabba61e99e"
Last-Modified: Wed, 31 Aug 2022 09:32:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17365A7FD1393935
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 02 Jan 2024 02:03:46 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

girlstaste.life/cookie/js.cookie.js

116.202.3.228

200 OK

4.3 kB

URL HTTP/1.1
girlstaste.life/cookie/js.cookie.js
IP
116.202.3.228:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (1709), with CRLF line terminators
Size
4.3 kB (4264 bytes)
Hash
a7e9883924072f15259de6888d5ef515
7f4f6e5938e68f55aef81e0cd0145f008cd28382
985659942ab60a92b3c0a7f876d9ef60e8f048ff655a622a172fa4b44f901b6c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /cookie/js.cookie.js HTTP/1.1
Host: girlstaste.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlstaste.life/?u=7pfk605&o=e9ym176&cid=2c12236f22909f4731d4ce92c13603b8-11246-0102
Cookie: sid=t1~3rd3uwgjuojsk5bamydcgzso
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jan 2023 02:03:46 GMT
Content-Type: application/javascript
Content-Length: 4264
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "a7e9883924072f15259de6888d5ef515"
Last-Modified: Wed, 31 Aug 2022 09:31:17 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17365A806E7C0305
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 02 Jan 2024 02:03:46 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

girlstaste.life/util/utils.js

116.202.3.228

200 OK

7.5 kB

URL HTTP/1.1
girlstaste.life/util/utils.js
IP
116.202.3.228:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (641), with CRLF line terminators
Size
7.5 kB (7512 bytes)
Hash
01816d15ca03032751161a746e2fb7c3
dcc72ea5fa1356490ba473288159df9786b4a3c3
8b3c83a330bf1120a13eff6ef60c1e268b827b7bc49b42a7a1f5d8ad6941f2ea

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /util/utils.js HTTP/1.1
Host: girlstaste.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlstaste.life/?u=7pfk605&o=e9ym176&cid=2c12236f22909f4731d4ce92c13603b8-11246-0102
Cookie: sid=t1~3rd3uwgjuojsk5bamydcgzso
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jan 2023 02:03:46 GMT
Content-Type: application/javascript
Content-Length: 7512
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "01816d15ca03032751161a746e2fb7c3"
Last-Modified: Wed, 31 Aug 2022 09:38:20 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17365A7C5ACDA960
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 02 Jan 2024 02:03:46 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bb809cfb572b68b1ae1e01bc048dbcfa
a739e1a0fe77e7914d7ae95ad60100f547537f93
7320fb9fc844b9a3dae88d01238fbe49c8f75911a11129d9d856229c90f9f324

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 02:03:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

girlstaste.life/media/dating/toon2/js/jquery-2.2.4.min.js

116.202.3.228

200 OK

86 kB

URL HTTP/1.1
girlstaste.life/media/dating/toon2/js/jquery-2.2.4.min.js
IP
116.202.3.228:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (32065)
Size
86 kB (85578 bytes)
Hash
2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /media/dating/toon2/js/jquery-2.2.4.min.js HTTP/1.1
Host: girlstaste.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlstaste.life/?u=7pfk605&o=e9ym176&cid=2c12236f22909f4731d4ce92c13603b8-11246-0102
Cookie: sid=t1~3rd3uwgjuojsk5bamydcgzso
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jan 2023 02:03:46 GMT
Content-Type: application/javascript
Content-Length: 85578
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "2f6b11a7e914718e0290410e85366fe9"
Last-Modified: Wed, 31 Aug 2022 09:34:40 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17365B54F8DD2966
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 02 Jan 2024 02:03:46 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

fonts.googleapis.com/css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i|Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&subset=cyrillic,cyrillic-ext,latin-ext

142.250.74.106

200 OK

1.9 kB

URL HTTP/2
fonts.googleapis.com/css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i|Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&subset=cyrillic,cyrillic-ext,latin-ext
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
data
Size
1.9 kB (1858 bytes)
Hash
1d00fa0e93a3b9b032d68e6947c213dd
0fd9ae7a9cd25d49f5a3e8909a0b6d4ba14fd213
3f9dba0a7696d17ade887ea7681b13192230957c3b1caf1a4eb00884cce5e87f

HTTP Headers

GET /css?family=Lato:100,100i,300,300i,400,400i,700,700i,900,900i|Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&subset=cyrillic,cyrillic-ext,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlstaste.life/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 02 Jan 2023 02:03:46 GMT
date: Mon, 02 Jan 2023 02:03:46 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

girlstaste.life/media/dating/toon2/images/123.jpg

116.202.3.228

200 OK

179 kB

URL HTTP/1.1
girlstaste.life/media/dating/toon2/images/123.jpg
IP
116.202.3.228:0
ASN
#24940 Hetzner Online GmbH

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=1069, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=620], progressive, precision 8, 620x1032, components 3\012- data
Size
179 kB (179176 bytes)
Hash
a2d245e1c43c61ca34bea001510dd6d9
7a7e0dbf8bb132958fecd093e6741ffe49d060b5
f6113b1f6bdd279404fd53c920f6ba411b66a897db4c67e16d2129af22370a57

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /media/dating/toon2/images/123.jpg HTTP/1.1
Host: girlstaste.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlstaste.life/?u=7pfk605&o=e9ym176&cid=2c12236f22909f4731d4ce92c13603b8-11246-0102
Cookie: sid=t1~3rd3uwgjuojsk5bamydcgzso
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jan 2023 02:03:46 GMT
Content-Type: image/jpeg
Content-Length: 179176
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "a2d245e1c43c61ca34bea001510dd6d9"
Last-Modified: Wed, 31 Aug 2022 09:34:40 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17365AA6467137AB
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 02 Jan 2024 02:03:46 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

girlstaste.life/media/dating/toon2/images/bg.jpg

116.202.3.228

200 OK

120 kB

URL HTTP/1.1
girlstaste.life/media/dating/toon2/images/bg.jpg
IP
116.202.3.228:0
ASN
#24940 Hetzner Online GmbH

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=660, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1279], progressive, precision 8, 1279x660, components 3\012- data
Size
120 kB (119754 bytes)
Hash
842a5629f17ec8342230aa12ea32291a
0f2390a3eda1a71d676f1cd1866956fef8e77090
1c7361fcec43aecb4c517914dde9ecbf1fe1aaa0969411a7a383391236f335f4

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /media/dating/toon2/images/bg.jpg HTTP/1.1
Host: girlstaste.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlstaste.life/media/dating/toon2/css/style.css
Cookie: sid=t1~3rd3uwgjuojsk5bamydcgzso
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 02 Jan 2023 02:03:46 GMT
Content-Type: image/jpeg
Content-Length: 119754
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "842a5629f17ec8342230aa12ea32291a"
Last-Modified: Wed, 31 Aug 2022 09:34:40 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17365AD97E512CEF
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 02 Jan 2024 02:03:46 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
47ca3cedb51ab9e282f8654033435e27
69b5555f030f2391bb54a9bbb346df1e26a002fe
1faba6521dffb13110c25219bb4ff94ec9f00bff3079a03f1296d91cb622f7c3

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 02:03:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
47ca3cedb51ab9e282f8654033435e27
69b5555f030f2391bb54a9bbb346df1e26a002fe
1faba6521dffb13110c25219bb4ff94ec9f00bff3079a03f1296d91cb622f7c3

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 02:03:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2

216.58.207.227

200 OK

23 kB

URL HTTP/2
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Size
23 kB (23040 bytes)
Hash
de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

HTTP Headers

GET /s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://girlstaste.life
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-type: font/woff2
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
date: Mon, 02 Jan 2023 02:03:46 GMT
expires: Tue, 02 Jan 2024 02:03:46 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2

216.58.207.227

200 OK

24 kB

URL HTTP/2
fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Size
24 kB (23580 bytes)
Hash
e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

HTTP Headers

GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://girlstaste.life
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 30 Dec 2022 13:33:12 GMT
expires: Sat, 30 Dec 2023 13:33:12 GMT
cache-control: public, max-age=31536000
age: 217834
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
47ca3cedb51ab9e282f8654033435e27
69b5555f030f2391bb54a9bbb346df1e26a002fe
1faba6521dffb13110c25219bb4ff94ec9f00bff3079a03f1296d91cb622f7c3

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 02 Jan 2023 02:03:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

girlstaste.life/favicon.ico

116.202.3.228

204 No Content

0 B

URL HTTP/1.1
girlstaste.life/favicon.ico
IP
116.202.3.228:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: girlstaste.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://girlstaste.life/?u=7pfk605&o=e9ym176&cid=2c12236f22909f4731d4ce92c13603b8-11246-0102
Cookie: sid=t1~3rd3uwgjuojsk5bamydcgzso
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 204 No Content
Server: nginx
Date: Mon, 02 Jan 2023 02:03:46 GMT
Connection: keep-alive
Cache-Control: no-transform

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations