Report - frfghtr.com/acct/epc68367/add/

Report Overview

Submitted URL
frfghtr.com/acct/epc68367/add/
IP
207.120.33.35
ASN
#3356 LEVEL3
Submitted
2022-09-01 21:12:32
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-07T05:09:07Z	594 B	127 B	54.149.28.179
maxcdn.bootstrapcdn.com	724	2014-06-18T02:37:31Z	2023-03-07T05:37:16Z	400 B	6.7 kB	104.18.10.207
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-07T06:58:15Z	936 B	18 kB	142.250.74.163
bam.nr-data.net	630	2015-02-10T01:06:27Z	2023-03-06T05:22:52Z	881 B	607 B	162.247.241.14
frfghtr.com	unknown			7.4 kB	1.1 MB	207.120.33.7
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-07T05:09:06Z	758 B	2.7 kB	143.204.55.35
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-07T09:34:07Z	329 B	737 B	93.184.220.29
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-07T05:09:07Z	2.3 kB	6.2 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-07T05:09:06Z	401 B	5.8 kB	143.204.55.110
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-07T05:09:22Z	2.1 kB	37 kB	34.120.237.76
cdnjs.cloudflare.com	235	2015-04-17T22:46:33Z	2023-03-07T05:10:27Z	390 B	1.9 kB	104.17.24.14
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-07T05:09:18Z	993 B	2.1 kB	142.250.74.3
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-07T05:09:06Z	321 B	229 B	34.117.237.239
stackpath.bootstrapcdn.com	2467	2018-06-15T22:36:43Z	2023-03-06T11:17:42Z	792 B	27 kB	104.18.11.207
ajax.googleapis.com	12905	2013-08-16T11:51:31Z	2023-03-07T09:44:55Z	375 B	32 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-01	medium	frfghtr.com/acct/epc68367/add/	Phishing
2022-09-01	medium	frfghtr.com/acct/epc68367/add/	Phishing
2022-09-01	medium	frfghtr.com/site/images/2.mp4	Phishing
2022-09-01	medium	frfghtr.com/site/js/custom.js	Phishing
2022-09-01	medium	frfghtr.com/common/js/cscc_validator/bin_last4_validator.js	Phishing
2022-09-01	medium	frfghtr.com/common/js/cscc_validator/bowser.min.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (13)

	URL	Size	First Seen	Last Seen
	frfghtr.com/404	31 kB	2023-03-07	2023-03-17
Pretty URL frfghtr.com/404 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:13 Last Seen2023-03-17 12:47:27 Times Seen1 Hash 0d87c9ac63664e90bcdcf1df76813118 4922933dfd297349786a49b93ade8565bc3040bc 692f48e66ad8fd2dec40dc04445caa0f052e1cfc39da5802ae2e0f36b36eca6e Loading...

	frfghtr.com/common/js/cscc_validator/bowser.min.js	4.0 kB	2023-03-07	2024-01-25
Pretty URL frfghtr.com/common/js/cscc_validator/bowser.min.js IP 207.120.33.13 ASN #3356 LEVEL3 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:05:37 Last Seen2024-01-25 21:43:04 Times Seen25 Hash 852fb9db3c750a3d384c51f39f27cac2 24de0ab644d5e5d3f52e3992fe37899cf5edd2cf 8ac6fb0a62b73e876b46951720e896895392378eee3ab30a48535ab7b58b4fe4 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery-easing/1.4.1/jquery.easing.min.js	2.5 kB	2023-03-07	2024-04-24
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery-easing/1.4.1/jquery.easing.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-24 10:59:09 Times Seen4413 Hash e2d41e5c8fed838d9014fea53d45ce75 bde98133f735398b27339c423a817e755329f7d1 1f7723b6b9bfced0deba108df48e3287888dd986f1ff2d5133bacc9807ac0349 Loading...

	frfghtr.com/404	146 B	2023-03-07	2024-01-25
Pretty URL frfghtr.com/404 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:05:37 Last Seen2024-01-25 21:43:04 Times Seen11 Hash 42a07b2ea338c4ef53cd7d12a06e2bdf 34fef7ac1e16e1648297b1916dff059dfe66cdb6 b1e6d825afe8b85dac40607ccaee6c6fbd52e32a875284141d00e5c6c666b841 Loading...

	frfghtr.com/404	1.5 kB	2023-03-07	2023-03-07
Pretty URL frfghtr.com/404 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:05:37 Last Seen2023-03-07 12:05:37 Times Seen1 Hash b45425428c2a5cd304f762df56212a1c 8f1a13d0b6d9de9681fab183109a1db0fc664215 164e6152696a129069ec926747678535135e8903a54489064bd8760e4fd1067c Loading...

	frfghtr.com/404	293 B	2023-03-07	2023-03-07
Pretty URL frfghtr.com/404 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:05:37 Last Seen2023-03-07 12:05:37 Times Seen1 Hash dc27e47409f7a6a027ac264ad777a889 1fc930f648c832d8de68f03188b6d8a9cf7d7655 8b98f92bca73bd502b722322d6485993e585cab23e9f98df390a40872c77b512 Loading...

	js-agent.newrelic.com/nr-spa-1216.min.js	50 kB	2023-03-07	2024-03-22
Pretty URL js-agent.newrelic.com/nr-spa-1216.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:54 Last Seen2024-03-22 06:11:43 Times Seen568 Hash 63e2df852d15ab21d7ff8fc4363222e8 7ee401ba652db0a4ec960350e17216cda01e22fb 545156adeae44dadc82b98d504f805ebe77fb79c928ef34eed1057bb9d4cb8fe Loading...

	stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js	60 kB	2023-03-07	2024-04-25
Pretty URL stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js IP 104.18.11.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:50 Last Seen2024-04-25 00:30:21 Times Seen7385 Hash 02d223393e00c273efdcb1ade8f4f8b1 0cc93b8421d89c24a889642428b363cb831de78a 79c599dd760cec0c1621a1af49d9a2a49da5d45e1b37d4575bace0a5e0226582 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js	90 kB	2023-03-07	2024-04-25
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-25 01:48:41 Times Seen139046 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	frfghtr.com/common/js/cscc_validator/bin_last4_validator.js	4.3 kB	2023-03-07	2024-01-25
Pretty URL frfghtr.com/common/js/cscc_validator/bin_last4_validator.js IP 207.120.33.13 ASN #3356 LEVEL3 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:05:37 Last Seen2024-01-25 21:43:04 Times Seen23 Hash 7ffb884213b7e70d26a98a8ef8293e42 eaf23fdf0e33ffa45dc66fd069a3d57f11c96197 46cdcc2d65446b4dc7cd2636a10c2584dde50eddae365b86a39ba82e967b0f16 Loading...

	frfghtr.com/site/js/custom.js	613 B	2023-03-07	2023-10-26
Pretty URL frfghtr.com/site/js/custom.js IP 207.120.33.13 ASN #3356 LEVEL3 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:05:37 Last Seen2023-10-26 15:49:00 Times Seen7 Hash 47577c314696119f83cc69e4e10726f0 20ec31aa32ea91764500e3b9b1eb97219d95c2a1 7233a818ef4f626160cea8cf40121f832afe7e79c8b57b3d28d4cb23d2678d85 Loading...

	frfghtr.com/404	308 B	2023-03-07	2023-10-26
Pretty URL frfghtr.com/404 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:05:37 Last Seen2023-10-26 15:49:00 Times Seen7 Hash 10ca2bd91afd4b7e5a6c7523761b495f 6ef2f9b419a1b5aa527ee40d7a6f20a00b0b22ef a45648a99d217a58e3b35ac952db9f32d2276813a476be0e37998f73a98854ec Loading...

	bam.nr-data.net/1/NRJS-53a3e8e5a523894a2ee?a=936088839&v=1216.487a282&to=M1JTNkMACEoAVRcNDAoYZBBYTg9XBVMbShMMRw%3D%3D&rst=2182&ck=1&ref=https://frfghtr.com/404&ap=55&be=1233&fe=2094&dc=1660&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1662066741176,%22n%22:0,%22f%22:896,%22dn%22:896,%22dne%22:896,%22c%22:896,%22s%22:896,%22ce%22:896,%22rq%22:902,%22rp%22:1206,%22rpe%22:1206,%22dl%22:1218,%22di%22:1624,%22ds%22:1659,%22de%22:1665,%22dc%22:2092,%22l%22:2092,%22le%22:2116%7D,%22navigation%22:%7B%7D%7D&fcp=1674&at=HxVQQAsaG0Q%3D&jsonp=NREUM.setToken	49 B	2023-03-07	2024-03-22
Pretty URL bam.nr-data.net/1/NRJS-53a3e8e5a523894a2ee?a=936088839&v=1216.487a282&to=M1JTNkMACEoAVRcNDAoYZBBYTg9XBVMbShMMRw%3D%3D&rst=2182&ck=1&ref=https://frfghtr.com/404&ap=55&be=1233&fe=2094&dc=1660&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1662066741176,%22n%22:0,%22f%22:896,%22dn%22:896,%22dne%22:896,%22c%22:896,%22s%22:896,%22ce%22:896,%22rq%22:902,%22rp%22:1206,%22rpe%22:1206,%22dl%22:1218,%22di%22:1624,%22ds%22:1659,%22de%22:1665,%22dc%22:2092,%22l%22:2092,%22le%22:2116%7D,%22navigation%22:%7B%7D%7D&fcp=1674&at=HxVQQAsaG0Q%3D&jsonp=NREUM.setToken IP 162.247.241.14 ASN #23467 NEWRELIC-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:54 Last Seen2024-03-22 06:11:42 Times Seen2776 Hash ada33e5b8877e743ff658bf4bfa1867c 5a78662243dac43c0ee48bcb7e05a536b84c2e38 dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82 Loading...

HTTP Transactions (45)

URL IP Response Size

frfghtr.com/acct/epc68367/add/

207.120.33.7

301 Moved Permanently

276 B

URL HTTP/1.1
frfghtr.com/acct/epc68367/add/
IP
207.120.33.7:0
ASN
#3356 LEVEL3

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
276 B (276 bytes)
Hash
53dbc7f4dddd6e112b5ee1abf9c951fd
e54f0192526d0b0a2475f6180da376911b27e6ed
a8bb90282bf4bb9b984b9384f7a77f615d6883399cc120c2e745472a177d4141

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /acct/epc68367/add/ HTTP/1.1
Host: frfghtr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Thu, 01 Sep 2022 21:12:21 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 276
Connection: keep-alive
X-Varnish: 13014045
Location: https://frfghtr.com/acct/epc68367/add/
Retry-After: 5
section-io-id: 0f2addd7f5d0a07bb661fb2129520626

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bcdebf7a2bad5db595e8a0c1abb2ddcb
249dda2fa5e37b8a8f3a8c797193bf0874b6eedc
9b43ec48b16f96449208a0094c4d660806a2a2d344b5862dbff4c393bf3f9f9f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B43EC48B16F96449208A0094C4D660806A2A2D344B5862DBFF4C393BF3F9F9F"
Last-Modified: Thu, 01 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10503
Expires: Fri, 02 Sep 2022 00:07:25 GMT
Date: Thu, 01 Sep 2022 21:12:22 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.35

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 01 Sep 2022 20:41:21 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: C1y8pUaWy5kmp1jUeFfM1cqUjsMbTuUlGaQEtHjGrr5UgD83ksE_4g==
Age: 1861

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.110

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.110:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
date: Thu, 01 Sep 2022 01:15:17 GMT
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
etag: "742edb4038f38bc533514982f3d2e861"
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: OYsfZPvTnwKW_jaTJXZzvS04KaCkb7EfOiO2WlZJhvR6kAJxxlAnKA==
age: 71826
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 01 Sep 2022 21:12:22 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c05f3e8b34a462bd86e4a4ec1731cf97
5fc3f5371f4d7ec6a15dcb10917e6bbd65e52106
1c3bb5e9aec35943567ad7687b1978ced7e09efe75b19c06307865ccb15b5819

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1C3BB5E9AEC35943567AD7687B1978CED7E09EFE75B19C06307865CCB15B5819"
Last-Modified: Wed, 31 Aug 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11596
Expires: Fri, 02 Sep 2022 00:25:38 GMT
Date: Thu, 01 Sep 2022 21:12:22 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.35

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Cache-Control, Pragma, Backoff, Last-Modified, ETag, Expires, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Thu, 01 Sep 2022 20:57:05 GMT
Expires: Thu, 01 Sep 2022 21:07:02 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: nUiilfTKX8ogp6JXi4tv90La23x6e7UwK6TT0nIv66PmXMG4vt01dw==
Age: 917

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
2eb022bbcb69557dc09477b624814e87
6030f2c630a01fbc027c887d31e696f84cc60c97
d7a508e276f0ca1b58b6af39720fb7ebb26fb38df50a159eb82d1d2542610b85

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2947
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Sep 2022 21:12:22 GMT
Last-Modified: Thu, 01 Sep 2022 20:23:15 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

54.149.28.179

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.149.28.179:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: XApXFivOVJDEXDSMU916IA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: iE4xI8oM+UYgZHqAImVAjNWo09s=

cdnjs.cloudflare.com/ajax/libs/jquery-easing/1.4.1/jquery.easing.min.js

104.17.24.14

200 OK

747 B

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery-easing/1.4.1/jquery.easing.min.js
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2532), with no line terminators
Size
747 B (747 bytes)
Hash
69438616d726a860ad4e3f87a7de6210
2af04ff3978c0e322c236516503169168a160a21
661f5dd5559ae4f915e00c0f9911250552fc5ccf9f007f55c72fb5a92d5deaa4

HTTP Headers

GET /ajax/libs/jquery-easing/1.4.1/jquery.easing.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://frfghtr.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 01 Sep 2022 21:12:23 GMT
content-type: application/javascript; charset=utf-8
content-length: 747
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec1-9e4"
last-modified: Mon, 04 May 2020 16:11:45 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 783949
expires: Tue, 22 Aug 2023 21:12:23 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pzWtdFyzna85Oo5PIgeVDjYyOWQ4wxcguSlwl%2BW1Y8xKTlMs1QbuG68IAJMHGvnX3qUeQ%2B8jGBzk3X7pVN%2FV2M40E7dwOr9uy3RnkPdGSBCLC1iZo2%2Fahtc62kfd9wTS%2FIwohI40"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 744100f8afb8b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css

104.18.11.207

200 OK

25 kB

URL HTTP/2
stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css
IP
104.18.11.207:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65326)
Size
25 kB (25408 bytes)
Hash
ac56480d5b3f818a83b6a3cb601331d2
d5b72267374e5d555427aee0987a3d5927e5b62e
9dd2d5f70f7d02444dc9a981d92fcb4eab22cff4ab08dbb8bcf7c0fdbba9f679

HTTP Headers

GET /bootstrap/4.5.2/css/bootstrap.min.css HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://frfghtr.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 01 Sep 2022 21:12:23 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: SE
cdn-edgestorageid: 601, 617, 617
last-modified: Mon, 25 Jan 2021 22:04:11 GMT
cdn-cachedat: 2021-04-23 06:38:57
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 13251c3df5248784fca36d69c81e4532
cdn-cache: HIT
cf-cache-status: HIT
age: 10177047
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 744100f86e2b0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

142.250.74.106

200 OK

31 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65451)
Size
31 kB (31021 bytes)
Hash
903bc7a7e510f87aa5d0201eb59a0832
ac9aa4dd94cde1bcba9037e94087138b127e41fc
41a7ac8150cc9f38421451d5143c1ffec7a1f1fafbf7a7fc0f51b98ad699cf8f

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://frfghtr.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31021
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Sep 2022 10:39:21 GMT
expires: Fri, 01 Sep 2023 10:39:21 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 37982
last-modified: Fri, 08 May 2020 07:05:03 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css

104.18.10.207

200 OK

5.8 kB

URL HTTP/2
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css
IP
104.18.10.207:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (23577)
Size
5.8 kB (5842 bytes)
Hash
27485f384c841ff83019936729bfee34
7ff26a58af7210b9d1b02bf4c6ebb216651d965b
b951eb02a6928bc267246fedf2954b492483f6321e4cd6c5d536995076f6fd2f

HTTP Headers

GET /font-awesome/4.3.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://frfghtr.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 01 Sep 2022 21:12:23 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
cdn-edgestorageid: 632, 617, 617
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 2021-06-08 21:08:57
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: e6a55b08fe5091f45c9e99ce9e9f98c2
cdn-status: 200
cdn-cache: HIT
cf-cache-status: HIT
age: 7508342
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 744100f85aceb4e8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

frfghtr.com/acct/epc68367/add/

207.120.33.13

302 Found

17 kB

URL HTTP/2
frfghtr.com/acct/epc68367/add/
IP
207.120.33.13:0
ASN
#3356 LEVEL3

File type
data
Size
17 kB (17440 bytes)
Hash
4370cb3b2968bb56b3dcaaae9a423c3e
538f53208c45c5aa174760c62c1a2d7384b1d238
d7338b7b400ba4dbacdecd3f6f4f4090beecf9be01661b39b2a74e91ed25ce97

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /acct/epc68367/add/ HTTP/1.1
Host: frfghtr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 302 Found
date: Thu, 01 Sep 2022 21:12:22 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=f411abbc3820d4141d4c2325c038d4de; path=/; secure; SameSite=None
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
location: /404
x-varnish: 12893879
age: 0
via: 1.1 varnish (Varnish/7.0)
section-io-cache: Miss
section-io-id: f28c21cc4d89584e0ba4d13118767eb1
X-Firefox-Spdy: h2

frfghtr.com/site/css/hb.min.css

207.120.33.13

200 OK

4.4 kB

URL HTTP/2
frfghtr.com/site/css/hb.min.css
IP
207.120.33.13:0
ASN
#3356 LEVEL3

File type
data
Size
4.4 kB (4370 bytes)
Hash
2fbfe4e231c0077955862422f949da35
9692653d6461e07cae1c1b85d0432465801333cd
17d44152a66bfd74684999077aeaeb85d06df0b081d6dfcd9e9602e79fc08a33

HTTP Headers

GET /site/css/hb.min.css HTTP/1.1
Host: frfghtr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://frfghtr.com/404
Cookie: PHPSESSID=b32d8713b700a310d2c88a0aef213888
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Sep 2022 21:12:23 GMT
content-type: text/css;charset=UTF-8
set-cookie: PHPSESSID=4c4fae21f4be48ad179c0f9f5bb3dcb9; path=/; secure; SameSite=None
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'none'
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-encoding: gzip
vary: Accept-Encoding
x-varnish: 12830638
age: 0
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Miss
section-io-id: 839aa63e13cc1e3bbe63044b4376d931
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
660657162b524658006a1856e274a946
56c933c6682c0019f6dbd040da6b929044dc216a
9578fc0408868ae40d41af8d13787f4137853c056300524b5558b1c57d39b2b3

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Sep 2022 21:12:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
660657162b524658006a1856e274a946
56c933c6682c0019f6dbd040da6b929044dc216a
9578fc0408868ae40d41af8d13787f4137853c056300524b5558b1c57d39b2b3

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Sep 2022 21:12:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

142.250.74.163

200 OK

7.8 kB

URL HTTP/2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 7816, version 1.0\012- data
Size
7.8 kB (7816 bytes)
Hash
25b0e113ca7cce3770d542736db26368
cb726212d5d525021752a1d8470a0fb593e0c49e
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

HTTP Headers

GET /s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://frfghtr.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:30:58 GMT
expires: Thu, 31 Aug 2023 19:30:58 GMT
cache-control: public, max-age=31536000
age: 92485
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

142.250.74.163

200 OK

7.9 kB

URL HTTP/2
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Size
7.9 kB (7884 bytes)
Hash
9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

HTTP Headers

GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://frfghtr.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:32:09 GMT
expires: Thu, 31 Aug 2023 19:32:09 GMT
cache-control: public, max-age=31536000
age: 92414
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
660657162b524658006a1856e274a946
56c933c6682c0019f6dbd040da6b929044dc216a
9578fc0408868ae40d41af8d13787f4137853c056300524b5558b1c57d39b2b3

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Sep 2022 21:12:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

frfghtr.com/site/images/icon1.png

207.120.33.13

200 OK

17 kB

URL HTTP/2
frfghtr.com/site/images/icon1.png
IP
207.120.33.13:0
ASN
#3356 LEVEL3

File type
PNG image data, 496 x 135, 8-bit/color RGBA, non-interlaced\012- data
Size
17 kB (16677 bytes)
Hash
6704359ddc11371fb06c824c76dbf9c9
641f2ecd451a6b3d477623a74b7bc9c121e482b6
8a748fd06f80cca09444c1c1fea1c294c3097b8d6b0379711c29a09a989b03f6

HTTP Headers

GET /site/images/icon1.png HTTP/1.1
Host: frfghtr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://frfghtr.com/404
Cookie: PHPSESSID=9a9bb7a5730be72b7f12978effab3e22
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Sep 2022 21:12:23 GMT
content-type: image/png
content-length: 16677
set-cookie: PHPSESSID=971f4a4976f67dfbacace48af28cb1c0; path=/; secure; SameSite=None
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'none'
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-varnish: 11893550
age: 0
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Miss
section-io-id: df798c1387604fef811f219d59c67b23
X-Firefox-Spdy: h2

frfghtr.com/site/images/wp.png

207.120.33.13

200 OK

12 kB

URL HTTP/2
frfghtr.com/site/images/wp.png
IP
207.120.33.13:0
ASN
#3356 LEVEL3

File type
PNG image data, 300 x 150, 8-bit/color RGBA, non-interlaced\012- data
Size
12 kB (11943 bytes)
Hash
0937d1c34a1fb2e33066591d5a517a98
ea49408f451c630085d04256205c633dc0166d7b
d377148a97273a08285909ba6b4b371677ebeb661832254544963ffbdff4bf95

HTTP Headers

GET /site/images/wp.png HTTP/1.1
Host: frfghtr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://frfghtr.com/site/css/style.css
Cookie: PHPSESSID=9a9bb7a5730be72b7f12978effab3e22
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Sep 2022 21:12:23 GMT
content-type: image/png
set-cookie: PHPSESSID=e9e82c6336672a869d8f0eac31cda3d8; path=/; secure; SameSite=None
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'none'
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-varnish: 12830645
age: 0
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Miss
section-io-id: fbada6491d88f07151dae22438550acb
X-Firefox-Spdy: h2

frfghtr.com/site/images/banner.jpg

207.120.33.13

200 OK

175 kB

URL HTTP/2
frfghtr.com/site/images/banner.jpg
IP
207.120.33.13:0
ASN
#3356 LEVEL3

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=13, height=963, bps=170, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x629, components 3\012- data
Size
175 kB (174633 bytes)
Hash
5d36b24cfbe974efbec1f596018ca89c
fae4ea0c5e4bd9fee7f2f1b513eb12adf84062a0
dac260f927bdc584a4e8de40d8c6ab28e0431bb230d2dace3fe12a9da7322d37

HTTP Headers

GET /site/images/banner.jpg HTTP/1.1
Host: frfghtr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://frfghtr.com/site/css/style.css
Cookie: PHPSESSID=9a9bb7a5730be72b7f12978effab3e22
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Sep 2022 21:12:23 GMT
content-type: image/jpeg
set-cookie: PHPSESSID=7516e6c64d2cde6a214749ee3cc19cc5; path=/; secure; SameSite=None
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'none'
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-varnish: 12605505
age: 0
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Miss
section-io-id: ced4f0ca0aa2e7457da64f9c21ba13a8
X-Firefox-Spdy: h2

frfghtr.com/site/images/1icon.png

207.120.33.13

200 OK

4.6 kB

URL HTTP/2
frfghtr.com/site/images/1icon.png
IP
207.120.33.13:0
ASN
#3356 LEVEL3

File type
PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Size
4.6 kB (4573 bytes)
Hash
68caa7a1d5e1db9211d0b36eb36e1998
bae2f7219a1220b977b82c3dcc383efb88d64985
ccf1f501f393d1feeab2753295cc9540496b3fa1a31a285ec8c3a5446617076d

HTTP Headers

GET /site/images/1icon.png HTTP/1.1
Host: frfghtr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://frfghtr.com/404
Cookie: PHPSESSID=971f4a4976f67dfbacace48af28cb1c0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Sep 2022 21:12:24 GMT
content-type: image/png
content-length: 4573
set-cookie: PHPSESSID=c4ac183f8744011e5e9b5bca952ee273; path=/; secure; SameSite=None
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'none'
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-varnish: 8203314
age: 0
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Miss
section-io-id: c47a72a7d56b6e382015b5f2db492179
X-Firefox-Spdy: h2

frfghtr.com/site/images/3icon.png

207.120.33.13

200 OK

5.5 kB

URL HTTP/2
frfghtr.com/site/images/3icon.png
IP
207.120.33.13:0
ASN
#3356 LEVEL3

File type
PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Size
5.5 kB (5548 bytes)
Hash
44a173183a3886fdb73f524e4a0433cb
22a60137241b3025b7d11800308d725de6e9497d
98731e51193762853cc0b95d8b6c2ad8ef946327e7e213efbf719318823038c0

HTTP Headers

GET /site/images/3icon.png HTTP/1.1
Host: frfghtr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://frfghtr.com/404
Cookie: PHPSESSID=971f4a4976f67dfbacace48af28cb1c0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Sep 2022 21:12:24 GMT
content-type: image/png
content-length: 5548
set-cookie: PHPSESSID=8e4b85105400d7f9baf3c3b7be345430; path=/; secure; SameSite=None
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'none'
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-varnish: 12154351
age: 0
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Miss
section-io-id: 73b9b6c67205b50f5a7c12ddea43b4e1
X-Firefox-Spdy: h2

frfghtr.com/site/images/2icon.png

207.120.33.13

200 OK

5.3 kB

URL HTTP/2
frfghtr.com/site/images/2icon.png
IP
207.120.33.13:0
ASN
#3356 LEVEL3

File type
PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Size
5.3 kB (5294 bytes)
Hash
394e16773719d8451c28433297ce2175
7656966396f1cd96597876fd0422de6c3bf16a0c
a18ccf1af20fa0c6e677703c6e67041706b9f9a0c26618de2ad408c6a39240e6

HTTP Headers

GET /site/images/2icon.png HTTP/1.1
Host: frfghtr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://frfghtr.com/404
Cookie: PHPSESSID=971f4a4976f67dfbacace48af28cb1c0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Sep 2022 21:12:24 GMT
content-type: image/png
content-length: 5294
set-cookie: PHPSESSID=b040298895961daa3219511b7aef40f9; path=/; secure; SameSite=None
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'none'
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-varnish: 11893552
age: 0
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Miss
section-io-id: c606a29a5d44f25ed1da86cddef4656b
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15474
Expires: Fri, 02 Sep 2022 01:30:18 GMT
Date: Thu, 01 Sep 2022 21:12:24 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15474
Expires: Fri, 02 Sep 2022 01:30:18 GMT
Date: Thu, 01 Sep 2022 21:12:24 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15474
Expires: Fri, 02 Sep 2022 01:30:18 GMT
Date: Thu, 01 Sep 2022 21:12:24 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15474
Expires: Fri, 02 Sep 2022 01:30:18 GMT
Date: Thu, 01 Sep 2022 21:12:24 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15474
Expires: Fri, 02 Sep 2022 01:30:18 GMT
Date: Thu, 01 Sep 2022 21:12:24 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F141f656b-9191-4cf5-a05b-891ed5c9656f.jpeg

34.120.237.76

200 OK

5.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F141f656b-9191-4cf5-a05b-891ed5c9656f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.1 kB (5079 bytes)
Hash
5c3b7580a37e6eb7e5bd18491f1d4dd6
288b82ad8f924eb9570ae1c55da84d041f862366
046d1ef76448c53446068ef5f8315b7299484996cdebfd9d1e749b4ded9c7d3c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F141f656b-9191-4cf5-a05b-891ed5c9656f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5079
x-amzn-requestid: 3b19c77a-2e9b-499f-890b-36fc4ee72ba7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XslOVEtZIAMFv1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630e825b-01b7b71617b59f7414a0e5e5;Sampled=0
x-amzn-remapped-date: Tue, 30 Aug 2022 21:34:19 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: et3ZsWRVoBNMpArUk9CohTyMpS5F0eKiR6cZJRfwAEiiFJUaeay58g==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Wed, 31 Aug 2022 21:44:24 GMT
age: 84480
etag: "288b82ad8f924eb9570ae1c55da84d041f862366"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

frfghtr.com/site/images/_1.jpg

207.120.33.13

200 OK

119 kB

URL HTTP/2
frfghtr.com/site/images/_1.jpg
IP
207.120.33.13:0
ASN
#3356 LEVEL3

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 300x300, components 3\012- data
Size
119 kB (119342 bytes)
Hash
050aa8159e54c2022ed768097593f8f7
0f73be544ab09acb173009b47b3f76ed37879e61
7542b6c16a3b0bccbc18974b353ff4400ae48084fc7122e488e38678f1b596c2

HTTP Headers

GET /site/images/_1.jpg HTTP/1.1
Host: frfghtr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://frfghtr.com/404
Cookie: PHPSESSID=971f4a4976f67dfbacace48af28cb1c0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Sep 2022 21:12:24 GMT
content-type: image/jpeg
set-cookie: PHPSESSID=1d90551ae8afa7aa5d10e8512a0c915f; path=/; secure; SameSite=None
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'none'
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-varnish: 12605510
age: 0
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Miss
section-io-id: b3d2e72012c523eb0068c779f6ea1e4f
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfd1bafb-f92b-46dc-9f17-4df493cefb83.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10137 bytes)
Hash
ac4d5b101c9dc6a6f7e4bf252bfa9ca7
b844f3dcb14a2995644312406a80842e3f02a114
e81f08ce6d9c7670f6e291f3d6a674b624386bd550d5c364264c3ff8fb7c797a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfd1bafb-f92b-46dc-9f17-4df493cefb83.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10137
x-amzn-requestid: 7d5f19c4-7c9b-4aad-928c-bb44da795f1f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XaISzFY1IAMF-zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630720de-0ea5331041f0167a196f9820;Sampled=0
x-amzn-remapped-date: Thu, 25 Aug 2022 07:12:30 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: h1ELVJBwpf4d3Fbspah-2KCSXx08D8_ZAgcZZjQSJdkMIUmtNmGJOw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 04:59:05 GMT
age: 58399
etag: "b844f3dcb14a2995644312406a80842e3f02a114"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

frfghtr.com/site/images/_2.jpg

207.120.33.13

200 OK

110 kB

URL HTTP/2
frfghtr.com/site/images/_2.jpg
IP
207.120.33.13:0
ASN
#3356 LEVEL3

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 300x300, components 3\012- data
Size
110 kB (109759 bytes)
Hash
5d14933576c6ab9d957b93207a780aae
9de3c7841512df077ab65539cda0cbe8ed58d082
0c61b903dd2312a0fbefd6511137d1e80031a038d97a74727fd1d2fa3a532f48

HTTP Headers

GET /site/images/_2.jpg HTTP/1.1
Host: frfghtr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://frfghtr.com/404
Cookie: PHPSESSID=971f4a4976f67dfbacace48af28cb1c0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Sep 2022 21:12:24 GMT
content-type: image/jpeg
set-cookie: PHPSESSID=5a6373762864294994c7dc78de552ee3; path=/; secure; SameSite=None
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'none'
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-varnish: 13054809
age: 0
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Miss
section-io-id: 7a66b8bba999b692dc0edb2f043366a9
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bffab86-e623-4ccd-9297-981c9dc6e4cd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9674 bytes)
Hash
b0f6c541f6335bb709d2270147bd5aed
b691ef5e7a302e2678302818130a9637c3efbe3a
e63922331a4463519e6df77ae7a1ad3316a36e54dd03c00ff6b119ee3fa684c5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bffab86-e623-4ccd-9297-981c9dc6e4cd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9674
x-amzn-requestid: 79dc68ea-ea2e-4eab-bab9-1c89b0a955a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XjMSvHJ-oAMF6Jw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630ac0de-2370cf5363d5f308121f0ca4;Sampled=0
x-amzn-remapped-date: Sun, 28 Aug 2022 01:11:58 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qAEve6mBQ9a1hr2fBR8xq42pxeG9Kjn4yWaMr4z4On46QC9R1K91pw==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 14:45:21 GMT
age: 23223
etag: "b691ef5e7a302e2678302818130a9637c3efbe3a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5b5a9a-050c-4a84-9e0d-dfa84795640f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (8009 bytes)
Hash
6b2c036e67f8c39c136f6c69b0922eb1
98e27f0dafd7b1b49e159ee038b41a811096a2d0
9dc9e00e6f63a22dd85f54ba26326a9733f6c1d7a19c7b1636f14fca2722e6eb

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffe5b5a9a-050c-4a84-9e0d-dfa84795640f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8009
x-amzn-requestid: 6d716dae-efa3-449a-a505-fb5f3d99c2df
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XsvlaFEaoAMFwDw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630e92ef-708228ce7e1fb3cb770cb490;Sampled=0
x-amzn-remapped-date: Tue, 30 Aug 2022 22:45:03 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Gwk8Z-MzgO1APlMgvdN3-5KGdQ2K4I959yy-YdbVUD5AOZTQ0mjYhQ==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 00:00:46 GMT
age: 76298
etag: "98e27f0dafd7b1b49e159ee038b41a811096a2d0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

bam.nr-data.net/1/NRJS-53a3e8e5a523894a2ee?a=936088839&v=1216.487a282&to=M1JTNkMACEoAVRcNDAoYZBBYTg9XBVMbShMMRw%3D%3D&rst=2182&ck=1&ref=https://frfghtr.com/404&ap=55&be=1233&fe=2094&dc=1660&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1662066741176,%22n%22:0,%22f%22:896,%22dn%22:896,%22dne%22:896,%22c%22:896,%22s%22:896,%22ce%22:896,%22rq%22:902,%22rp%22:1206,%22rpe%22:1206,%22dl%22:1218,%22di%22:1624,%22ds%22:1659,%22de%22:1665,%22dc%22:2092,%22l%22:2092,%22le%22:2116%7D,%22navigation%22:%7B%7D%7D&fcp=1674&at=HxVQQAsaG0Q%3D&jsonp=NREUM.setToken

162.247.241.14

200 OK

77 B

URL HTTP/1.1
bam.nr-data.net/1/NRJS-53a3e8e5a523894a2ee?a=936088839&v=1216.487a282&to=M1JTNkMACEoAVRcNDAoYZBBYTg9XBVMbShMMRw%3D%3D&rst=2182&ck=1&ref=https://frfghtr.com/404&ap=55&be=1233&fe=2094&dc=1660&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1662066741176,%22n%22:0,%22f%22:896,%22dn%22:896,%22dne%22:896,%22c%22:896,%22s%22:896,%22ce%22:896,%22rq%22:902,%22rp%22:1206,%22rpe%22:1206,%22dl%22:1218,%22di%22:1624,%22ds%22:1659,%22de%22:1665,%22dc%22:2092,%22l%22:2092,%22le%22:2116%7D,%22navigation%22:%7B%7D%7D&fcp=1674&at=HxVQQAsaG0Q%3D&jsonp=NREUM.setToken
IP
162.247.241.14:0
ASN
#23467 NEWRELIC-AS-1

File type
ASCII text, with no line terminators
Size
77 B (77 bytes)
Hash
f1442f5831dbbe0210da2d7a4180d6b8
2ade23c6c7a001c66f0c0a9a101ec152747b434e
c6acf9fb2ecc1b144c51bd0337bbf1c26db3df2f649ac2da5c56db20d93eb3ef

HTTP Headers

GET /1/NRJS-53a3e8e5a523894a2ee?a=936088839&v=1216.487a282&to=M1JTNkMACEoAVRcNDAoYZBBYTg9XBVMbShMMRw%3D%3D&rst=2182&ck=1&ref=https://frfghtr.com/404&ap=55&be=1233&fe=2094&dc=1660&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1662066741176,%22n%22:0,%22f%22:896,%22dn%22:896,%22dne%22:896,%22c%22:896,%22s%22:896,%22ce%22:896,%22rq%22:902,%22rp%22:1206,%22rpe%22:1206,%22dl%22:1218,%22di%22:1624,%22ds%22:1659,%22de%22:1665,%22dc%22:2092,%22l%22:2092,%22le%22:2116%7D,%22navigation%22:%7B%7D%7D&fcp=1674&at=HxVQQAsaG0Q%3D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://frfghtr.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 01 Sep 2022 21:12:24 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7441010089e90b49-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=fd26332ede352a8f; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip

frfghtr.com/site/images/2.mp4

207.120.33.13

200 OK

644 kB

URL HTTP/2
frfghtr.com/site/images/2.mp4
IP
207.120.33.13:0
ASN
#3356 LEVEL3

File type
ISO Media, MP4 v2 [ISO 14496-14]\012- data
Size
644 kB (644410 bytes)
Hash
8863e96cc47204c7bbf3689208f252a9
7653fb9ccf51a097d9a9e400400383c16572e097
172b0452320cc4ac383f06b2c470f7caf9e2f46491b1d1dd3573dde95f36c5b4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /site/images/2.mp4 HTTP/1.1
Host: frfghtr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://frfghtr.com/404
Cookie: PHPSESSID=971f4a4976f67dfbacace48af28cb1c0
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Sep 2022 21:12:24 GMT
content-type: video/mp4
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'none'
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-varnish: 12770573
age: 0
via: 1.1 varnish (Varnish/7.0)
section-io-cache: Miss
section-io-id: d20e66d53d2e8200d2e6eaace8da04de
X-Firefox-Spdy: h2

frfghtr.com/site/js/custom.js

207.120.33.13

200 OK

0 B

URL HTTP/2
frfghtr.com/site/js/custom.js
IP
207.120.33.13:0
ASN
#3356 LEVEL3

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /site/js/custom.js HTTP/1.1
Host: frfghtr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://frfghtr.com/404
Cookie: PHPSESSID=b32d8713b700a310d2c88a0aef213888
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Sep 2022 21:12:23 GMT
content-type: application/javascript
vary: Accept-Encoding
set-cookie: PHPSESSID=9a9bb7a5730be72b7f12978effab3e22; path=/; secure; SameSite=None
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'none'
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-varnish: 8203302
age: 0
via: 1.1 varnish (Varnish/7.0)
section-io-cache: Miss
content-encoding: gzip
section-io-id: 96aeee9342f906e3c772a099b0fa8537
X-Firefox-Spdy: h2

frfghtr.com/common/js/cscc_validator/bin_last4_validator.js

207.120.33.13

200 OK

0 B

URL HTTP/2
frfghtr.com/common/js/cscc_validator/bin_last4_validator.js
IP
207.120.33.13:0
ASN
#3356 LEVEL3

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /common/js/cscc_validator/bin_last4_validator.js HTTP/1.1
Host: frfghtr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://frfghtr.com/404
Cookie: PHPSESSID=b32d8713b700a310d2c88a0aef213888
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Sep 2022 21:12:23 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 27 Aug 2015 20:22:53 GMT
etag: W/"55df719d-10b5"
section-io-cache-id: c7415245a298eac183c330e820fcb9dd
x-varnish: 13014055 12430761
age: 11053
via: 1.1 varnish (Varnish/7.0)
section-io-cache: Hit
content-encoding: gzip
section-io-id: a345d625bcfe94aa4515b989fee4caef
X-Firefox-Spdy: h2

frfghtr.com/site/css/style.css

207.120.33.13

200 OK

0 B

URL HTTP/2
frfghtr.com/site/css/style.css
IP
207.120.33.13:0
ASN
#3356 LEVEL3

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /site/css/style.css HTTP/1.1
Host: frfghtr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://frfghtr.com/404
Cookie: PHPSESSID=b32d8713b700a310d2c88a0aef213888
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Sep 2022 21:12:23 GMT
content-type: text/css;charset=UTF-8
set-cookie: PHPSESSID=7b830c142f00895cbd57ea443b6d0f5a; path=/; secure; SameSite=None
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'none'
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-encoding: gzip
vary: Accept-Encoding
x-varnish: 8877833
age: 0
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Miss
section-io-id: ee8c801e0bb6f2efbc4c6e0e890a0ecc
X-Firefox-Spdy: h2

frfghtr.com/common/js/cscc_validator/bowser.min.js

207.120.33.13

200 OK

0 B

URL HTTP/2
frfghtr.com/common/js/cscc_validator/bowser.min.js
IP
207.120.33.13:0
ASN
#3356 LEVEL3

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /common/js/cscc_validator/bowser.min.js HTTP/1.1
Host: frfghtr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://frfghtr.com/404
Cookie: PHPSESSID=b32d8713b700a310d2c88a0aef213888
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Sep 2022 21:12:23 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 18 Aug 2015 20:56:46 GMT
etag: W/"55d39c0e-f97"
section-io-cache-id: a58c01624cb7a57a08b9399d9ef0fad1
x-varnish: 8203301 11497982
age: 11053
via: 1.1 varnish (Varnish/7.0)
section-io-cache: Hit
content-encoding: gzip
section-io-id: f23ea63a46aab88dabe3b1246f6fc021
X-Firefox-Spdy: h2

stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js

104.18.11.207

200 OK

0 B

URL HTTP/2
stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js
IP
104.18.11.207:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /bootstrap/4.5.2/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://frfghtr.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Sep 2022 21:12:23 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: SE
cdn-edgestorageid: 601, 617
last-modified: Mon, 25 Jan 2021 22:04:11 GMT
cdn-cachedat: 2021-03-10 20:26:27
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 5ce2f8fa36a8c84cc4233659805815b8
cdn-cache: HIT
cf-cache-status: HIT
age: 11377359
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 744100f86e360b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

frfghtr.com/site/images/_3.jpg

207.120.33.13

200 OK

0 B

URL HTTP/2
frfghtr.com/site/images/_3.jpg
IP
207.120.33.13:0
ASN
#3356 LEVEL3

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /site/images/_3.jpg HTTP/1.1
Host: frfghtr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://frfghtr.com/404
Cookie: PHPSESSID=971f4a4976f67dfbacace48af28cb1c0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Sep 2022 21:12:24 GMT
content-type: image/jpeg
set-cookie: PHPSESSID=cd0926340863abe4d94d17beae75d0d0; path=/; secure; SameSite=None
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'none'
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-varnish: 13046692
age: 0
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Miss
section-io-id: 89ef5c64b7fa709a21b798c276a71b9b
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations