r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aabe410b4bbe4d8beb0e4561d3aa158e
e1788632902ddea62cdd9e7ad6009a75ffb69788
ad535e27b201e92670770b2b868c58f7c05633ec66490a41ef4592f062834c1f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AD535E27B201E92670770B2B868C58F7C05633EC66490A41EF4592F062834C1F"
Last-Modified: Wed, 09 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5942
Expires: Wed, 09 Nov 2022 17:14:42 GMT
Date: Wed, 09 Nov 2022 15:35:40 GMT
Connection: keep-alive
enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/
143.198.34.62200 OK 7.4 kB URL HTTP/1.1 enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/
IP 143.198.34.62:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash ca89bc09ff4d7a422266af5ee5b2bf83
498a1005ce8497fe22c646473cf0224f538134c0
373454249cf1eea8545ad1447c232d2ba8cafb25c124e12cf6d0631b9b9afe28
Analyzer Verdict Alert openphish Office365
fortinet Phishing
GET /wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/ HTTP/1.1
Host: enabledsustained.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 09 Nov 2022 15:35:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4c6e4047ec266b87485610e26a85bb6f
cd543757597609d7309d02652318359078a965c2
d8aff7a24f3274782b4f41d6dbd181ba817f5a562d992a3a82966481c91f8a90
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6291
Cache-Control: max-age=160815
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 15:35:40 GMT
Etag: "636b8168-1d7"
Expires: Fri, 11 Nov 2022 12:15:55 GMT
Last-Modified: Wed, 09 Nov 2022 10:31:04 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2b57492bf85f4ae6abbd1641b17dc9ab
008e71ec05d47bf025ca64e17da2ea1bd8e71111
17894427c471f7fa02ca274795dc55df1bfc99d7bd83f9ee36249394035110fd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17894427C471F7FA02CA274795DC55DF1BFC99D7BD83F9EE36249394035110FD"
Last-Modified: Wed, 09 Nov 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10174
Expires: Wed, 09 Nov 2022 18:25:14 GMT
Date: Wed, 09 Nov 2022 15:35:40 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: AseaKnFywMIq0V7YGPHBXpaqDIWQ37synNiruqqYwF+5k89iIyPt6HaZR6Spe2a/LjJjPAA3D0TkpaTDpWfgpQ==
x-amz-request-id: F860BM1SNB4S6SE6
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 09 Nov 2022 15:11:46 GMT
age: 1434
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 09 Nov 2022 15:35:41 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js
104.17.25.14200 OK 27 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (32180)
Hash b1e4b2a99336201b37fb8cea5d57abb9
d57980f0d0eaaf57ec33ddc9ed027274cfa86027
c805bfd991983f57b5b7878b998f7529e9b7e2df4bc2d39ba493934e23ba3f8a
GET /ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://enabledsustained.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 09 Nov 2022 15:35:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 26660
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-14983"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 13454929
expires: Mon, 30 Oct 2023 15:35:41 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cPe4BokWzSQfI4ug4EWCsOar02nH4ehLaiF8ovWDUx7s9kdbhHzkKEM0dtplpk7ugHDJE0eXNgVKzd8xc2gvwV1Hly%2FimTg7Fhf0juLzUFaecReFX1%2FdQMJpgKmxggiMItMTJTNL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 76779ea1e9f40af6-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.min.js
104.17.25.14200 OK 4.0 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.min.js
IP 104.17.25.14:0
File type HTML document, ASCII text, with very long lines (11084), with no line terminators
Hash a5775b673c18ffa903cd1a6129ce5f87
ee2569b285a7dbc4ccc95b01a16f06943fade768
ab8ad2f07d5214be2ade4edcd295d5fb8f8aa60971b3ec1348063a8a19659fc9
GET /ajax/libs/modernizr/2.8.3/modernizr.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://enabledsustained.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 09 Nov 2022 15:35:41 GMT
content-type: application/javascript; charset=utf-8
content-length: 3980
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03f26-2b4c"
last-modified: Mon, 04 May 2020 16:13:26 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 4120508
expires: Mon, 30 Oct 2023 15:35:41 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wk7a22WptQif9ZBAaXoBhxcQarqQlVNgUk%2FpLNZLy97hqVM6HwQ8j95%2FwbWYHTp4Qaw%2BzoOAmZK5HKOnh0BhCxwpZ%2Ffl9wzghynHusB1RHIw1Lnf%2BaPe9x0UltqqOXuQtXVaDH3V"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 76779ea20a080af6-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css
151.101.85.229200 OK 24 kB URL HTTP/2 cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css
IP 151.101.85.229:0
File type ASCII text, with very long lines (65326)
Hash 849f3e827da80e4e4c6a8c49689f057d
035d81aaaf6da3ffa5ce241179a9e14d533e7a3b
9546dbb82c3facf833e4adb713ce7e57a34dd53f6b55697ef1e1877bdbd8bb73
GET /npm/bootstrap@4.6.0/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://enabledsustained.ml
Connection: keep-alive
Referer: http://enabledsustained.ml/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.6.0
x-jsd-version-type: version
etag: W/"27681-LKxK/BIJg5IUESlr1Oj9ipS6I34"
content-encoding: gzip
accept-ranges: bytes
date: Wed, 09 Nov 2022 15:35:41 GMT
age: 4464916
x-served-by: cache-fra19147-FRA, cache-bma1636-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 24100
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 87fa8e71a8dacba779a21338a94f841c
da2f625947dd791987f59af9ef39808804543fbe
1faea1fcba69bc8aac30d26c3d6ea989e914b7311108b150f9257bdcb987d833
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1360
Cache-Control: max-age=143302
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 15:35:41 GMT
Etag: "636b5043-118"
Expires: Fri, 11 Nov 2022 07:24:03 GMT
Last-Modified: Wed, 09 Nov 2022 07:01:23 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280
cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js
151.101.85.229200 OK 22 kB URL HTTP/2 cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js
IP 151.101.85.229:0
File type ASCII text, with very long lines (65299)
Hash a5cbb97cf034dd181106adecdafe3035
5fca1af6c76dd3e609f7f92841e564df1281927a
5ae018daf5df2cd903f80162efbaa3e138e0ed47ff90a315f2e2c497dc88a890
GET /npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://enabledsustained.ml
Connection: keep-alive
Referer: http://enabledsustained.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 4.6.0
x-jsd-version-type: version
etag: W/"1499a-rsVR5NVzRjCI/KfRT7ZE6zifGDk"
content-encoding: gzip
accept-ranges: bytes
date: Wed, 09 Nov 2022 15:35:41 GMT
age: 13696784
x-served-by: cache-fra19162-FRA, cache-bma1636-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 21830
X-Firefox-Spdy: h2
enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/main.css
143.198.34.62200 OK 2.6 kB URL HTTP/1.1 enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/main.css
IP 143.198.34.62:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with CRLF line terminators
Hash ae8b891d64d2a576f96330f2093bba68
0aa5bf230dc45ad61d0ecb35d2bc4b9fcd50bcbf
17f5932a665ef06f8b36a6699bdd03c39f4106c171dd7f64ea00bf42a9f9d440
Analyzer Verdict Alert urlquery Scam - Fake AntiVirus
urlquery Scam - Fake AntiVirus
GET /wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/main.css HTTP/1.1
Host: enabledsustained.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 09 Nov 2022 15:35:41 GMT
Content-Type: text/css
Last-Modified: Wed, 09 Nov 2022 06:31:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"636b494e-31cf"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 2b6e814cf24d6076a53097eacb138a7f
7e3b9b5d44699f81209a7ea0182640f5596804a5
218be263224d3d1a01ba126d0a7311b972bd88744ec0919b5e471077abe68e03
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 15:35:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/fullscreen.js
143.198.34.62200 OK 245 B URL HTTP/1.1 enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/fullscreen.js
IP 143.198.34.62:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with CRLF line terminators
Hash 62f519fe72808a3ec681392b7ff47417
2ee16112e35feb9d6d48ae0f4e66187514dec811
43703d37b8fe2769cb2e12db7aa281dbcca175124d05ff4b0cc3d152534698a4
Analyzer Verdict Alert urlquery Scam - Fake AntiVirus
urlquery Scam - Fake AntiVirus
fortinet Phishing
GET /wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/fullscreen.js HTTP/1.1
Host: enabledsustained.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 09 Nov 2022 15:35:41 GMT
Content-Type: application/javascript
Content-Length: 245
Last-Modified: Wed, 09 Nov 2022 06:31:42 GMT
Connection: keep-alive
ETag: "636b494e-f5"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.21.226:0
Hash f7d883bf5cab2b98dbbaf4f667b14c0e
37d4ec5b11b7d9da3e23b655ff9defe58cc4f791
872640e6e6d5308b2754f34a9ebf5ed196765c24c6f016100424dd1736203804
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 15:35:41 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "60E9F8F4235A565C9B041177B0D7904DE8BBC198"
Expires: Thu, 10 Nov 2022 02:00:00 GMT
Last-Modified: Wed, 09 Nov 2022 14:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1196
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76779ea29e290b59-OSL
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 87fa8e71a8dacba779a21338a94f841c
da2f625947dd791987f59af9ef39808804543fbe
1faea1fcba69bc8aac30d26c3d6ea989e914b7311108b150f9257bdcb987d833
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1360
Cache-Control: max-age=143302
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 15:35:41 GMT
Etag: "636b5043-118"
Expires: Fri, 11 Nov 2022 07:24:03 GMT
Last-Modified: Wed, 09 Nov 2022 07:01:23 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280
www.googletagmanager.com/gtag/js?id=UA-154423629-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-154423629-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash d2ed64f66d52cbe5dd7599ea7a650eca
de8772ce6f17306edd40bdc601cc4c6312fd3191
bdf7651c09647237a84debafd44de0aabe02156007329ace24ee234966a7da04
GET /gtag/js?id=UA-154423629-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://enabledsustained.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 09 Nov 2022 15:35:41 GMT
expires: Wed, 09 Nov 2022 15:35:41 GMT
cache-control: private, max-age=900
last-modified: Wed, 09 Nov 2022 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43639
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/before.js
143.198.34.62200 OK 366 B URL HTTP/1.1 enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/before.js
IP 143.198.34.62:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with CRLF line terminators
Hash 87c2dc3aeb373ca8445f7410ef387689
688f4be3cfb8688b4441f382724495a7b82b3f62
31681779c6f394370dad146169896e9ec2b8f7c716c4b1db78c459033e48bf95
Analyzer Verdict Alert urlquery Scam - Fake AntiVirus
urlquery Scam - Fake AntiVirus
fortinet Phishing
GET /wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/before.js HTTP/1.1
Host: enabledsustained.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 09 Nov 2022 15:35:41 GMT
Content-Type: application/javascript
Content-Length: 366
Last-Modified: Wed, 09 Nov 2022 06:31:42 GMT
Connection: keep-alive
ETag: "636b494e-16e"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/main.js
143.198.34.62200 OK 414 B URL HTTP/1.1 enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/main.js
IP 143.198.34.62:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with CRLF line terminators
Hash b422842850b554c56c664fa141fd0943
7a20f93081a059e6b12e49803edfb13d5574be4f
0dd7e335fa881224bea371115dc81d97cd08c23577a8afa5b5ecd74434bafa23
Analyzer Verdict Alert urlquery Scam - Fake AntiVirus
urlquery Scam - Fake AntiVirus
fortinet Phishing
GET /wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/main.js HTTP/1.1
Host: enabledsustained.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 09 Nov 2022 15:35:41 GMT
Content-Type: application/javascript
Last-Modified: Wed, 09 Nov 2022 06:31:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"636b494e-50a"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip
enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/light.js
143.198.34.62200 OK 503 B URL HTTP/1.1 enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/light.js
IP 143.198.34.62:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with CRLF line terminators
Hash cd6c33fbc221d0271c910af910e6ebed
9b52f24d6f10b885bb19db1c4b531469f96d2914
318698ae5e67c32550d6b40ac09848d598f6317f51a8f09638ba925f6e7cc479
Analyzer Verdict Alert urlquery Scam - Fake AntiVirus
urlquery Scam - Fake AntiVirus
fortinet Phishing
GET /wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/light.js HTTP/1.1
Host: enabledsustained.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 09 Nov 2022 15:35:41 GMT
Content-Type: application/javascript
Content-Length: 503
Last-Modified: Wed, 09 Nov 2022 06:31:42 GMT
Connection: keep-alive
ETag: "636b494e-1f7"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/microsoft.png
143.198.34.62200 OK 1.0 kB URL HTTP/1.1 enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/microsoft.png
IP 143.198.34.62:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 47 x 46, 8-bit/color RGBA, non-interlaced\012- data
Hash bf2b460590fbb9d8e9611a6e9006b816
561e1dab259d61e798b3ce380527b71b61074ff3
ee4bc5fe81fa7c1e8497d79c9c8a96485df217092d334e9b48fa8840fed11d03
Analyzer Verdict Alert urlquery Scam - Fake AntiVirus
urlquery Scam - Fake AntiVirus
GET /wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/microsoft.png HTTP/1.1
Host: enabledsustained.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 09 Nov 2022 15:35:41 GMT
Content-Type: image/png
Content-Length: 1045
Last-Modified: Wed, 09 Nov 2022 06:31:42 GMT
Connection: keep-alive
ETag: "636b494e-415"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/minimize.jpeg
143.198.34.62200 OK 2.2 kB URL HTTP/1.1 enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/minimize.jpeg
IP 143.198.34.62:0
ASN #14061 DIGITALOCEAN-ASN
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 180x39, components 3\012- data
Hash 1ba392dce74f8987dca48bf65d817c8f
db0b8444c46125105b52f272bd422a7f52da1f72
a05245b6f7fd752af4a7b0131bbdfdf3eaee6c5a25a81cb498e0f0759189473c
Analyzer Verdict Alert urlquery Scam - Fake AntiVirus
urlquery Scam - Fake AntiVirus
fortinet Phishing
GET /wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/minimize.jpeg HTTP/1.1
Host: enabledsustained.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 09 Nov 2022 15:35:41 GMT
Content-Type: image/jpeg
Content-Length: 2247
Last-Modified: Wed, 09 Nov 2022 06:31:42 GMT
Connection: keep-alive
ETag: "636b494e-8c7"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 3b26e900b9be930a07101e0d5f5de579
fc84082e3eef2e000f255f1cbd4cf45b694a2118
1dff9aae4984871070d193b60d41548a8a816f0ba20839d41d6e73a08e548afe
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 15:35:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/setting.png
143.198.34.62200 OK 364 B URL HTTP/1.1 enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/setting.png
IP 143.198.34.62:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced\012- data
Hash e144c3378090087c8ce129a30cb6cb4e
59da5466551de941d0215e45c54aa2ceaf436be1
b13a03e0db893734298cbe203bf264407636ffe5dab0a141f83c492d0034dd6a
Analyzer Verdict Alert urlquery Scam - Fake AntiVirus
urlquery Scam - Fake AntiVirus
GET /wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/setting.png HTTP/1.1
Host: enabledsustained.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 09 Nov 2022 15:35:41 GMT
Content-Type: image/png
Content-Length: 364
Last-Modified: Wed, 09 Nov 2022 06:31:42 GMT
Connection: keep-alive
ETag: "636b494e-16c"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/que.png
143.198.34.62200 OK 349 B URL HTTP/1.1 enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/que.png
IP 143.198.34.62:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 13 x 13, 8-bit/color RGB, non-interlaced\012- data
Hash 7454c652e0733d92de6c920c2d646ae0
34a5bd8c7401f95e346895b0e5ccffbf0e9ad638
44f752b0bd2e48052d538bc6aca5379f3630ca64da945f794690ddf47e8eaef7
Analyzer Verdict Alert urlquery Scam - Fake AntiVirus
urlquery Scam - Fake AntiVirus
GET /wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/que.png HTTP/1.1
Host: enabledsustained.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 09 Nov 2022 15:35:41 GMT
Content-Type: image/png
Content-Length: 349
Last-Modified: Wed, 09 Nov 2022 06:31:42 GMT
Connection: keep-alive
ETag: "636b494e-15d"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/bell.png
143.198.34.62200 OK 1.1 kB URL HTTP/1.1 enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/bell.png
IP 143.198.34.62:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced\012- data
Hash a3555871399f1f67bfacaf437974b03a
b6337de87cd7a75a73cd804774651d14c83fe76a
2e48fef820929c21295e13444901f60e3aed61ba6f8c773ff1466e6843e76b49
Analyzer Verdict Alert urlquery Scam - Fake AntiVirus
urlquery Scam - Fake AntiVirus
GET /wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/bell.png HTTP/1.1
Host: enabledsustained.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 09 Nov 2022 15:35:41 GMT
Content-Type: image/png
Content-Length: 1108
Last-Modified: Wed, 09 Nov 2022 06:31:42 GMT
Connection: keep-alive
ETag: "636b494e-454"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/pc.png
143.198.34.62200 OK 4.9 kB URL HTTP/1.1 enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/pc.png
IP 143.198.34.62:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 166 x 92, 8-bit/color RGBA, non-interlaced\012- data
Hash cc5132b56ba46b03dd998aa1fe220106
403e007a0b17d76a9945fa5ec46a9d01733b3040
598699133be5eef63e3b9b5540609ec0dc91d7af9c7f70a3b890e57491a70ae0
Analyzer Verdict Alert urlquery Scam - Fake AntiVirus
urlquery Scam - Fake AntiVirus
GET /wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/pc.png HTTP/1.1
Host: enabledsustained.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 09 Nov 2022 15:35:41 GMT
Content-Type: image/png
Content-Length: 4949
Last-Modified: Wed, 09 Nov 2022 06:31:42 GMT
Connection: keep-alive
ETag: "636b494e-1355"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/def.png
143.198.34.62200 OK 3.8 kB URL HTTP/1.1 enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/def.png
IP 143.198.34.62:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 77a2ffc5545f87551d74781201de9b3b
c9c3798afd2ae95aa3bba3c428335d49c8255b06
316e6a6737bd296ab30aca2ef7fa36f119d15786a2432d01e31fdc130272f15c
Analyzer Verdict Alert urlquery Scam - Fake AntiVirus
urlquery Scam - Fake AntiVirus
GET /wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/def.png HTTP/1.1
Host: enabledsustained.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 09 Nov 2022 15:35:41 GMT
Content-Type: image/png
Content-Length: 3834
Last-Modified: Wed, 09 Nov 2022 06:31:42 GMT
Connection: keep-alive
ETag: "636b494e-efa"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/virus-scan.png
143.198.34.62200 OK 26 kB URL HTTP/1.1 enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/virus-scan.png
IP 143.198.34.62:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash 2c497dfff84bd8c5af9254c9d6278ce1
667e72e7ba6f00a54629e28133317022d4b59af6
b2dc4153ee7019c70a1095d5d1304d540e3bba045d99e141f63e5b13362e5a4e
Analyzer Verdict Alert urlquery Scam - Fake AntiVirus
urlquery Scam - Fake AntiVirus
GET /wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/virus-scan.png HTTP/1.1
Host: enabledsustained.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 09 Nov 2022 15:35:41 GMT
Content-Type: image/png
Content-Length: 25871
Last-Modified: Wed, 09 Nov 2022 06:31:42 GMT
Connection: keep-alive
ETag: "636b494e-650f"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/virus-images.jpeg
143.198.34.62200 OK 8.2 kB URL HTTP/1.1 enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/virus-images.jpeg
IP 143.198.34.62:0
ASN #14061 DIGITALOCEAN-ASN
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 254x71, components 3\012- data
Hash 5fc559a242f0ea0a023f10830887d2af
9d744c2f3a6bf5b715496350c8de7124cdd7ddc8
3b531d403dc8ce7cbb0efb1a0c307cfb2bbaaf21feaff9f3546f13bebda71887
Analyzer Verdict Alert urlquery Scam - Fake AntiVirus
urlquery Scam - Fake AntiVirus
fortinet Phishing
GET /wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/virus-images.jpeg HTTP/1.1
Host: enabledsustained.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 09 Nov 2022 15:35:41 GMT
Content-Type: image/jpeg
Content-Length: 8196
Last-Modified: Wed, 09 Nov 2022 06:31:42 GMT
Connection: keep-alive
ETag: "636b494e-2004"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/0wa0rni0ng0.mp3
143.198.34.62206 Partial Content 8.4 kB URL HTTP/1.1 enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/0wa0rni0ng0.mp3
IP 143.198.34.62:0
ASN #14061 DIGITALOCEAN-ASN
File type Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 56 kbps, 44.1 kHz, Monaural\012- data
Hash 8618fbb0911e3b8fc96725dee8bfd81f
1bbcb78922946d0cf18fbf3a9e092e36453eb767
0589be7715d2320e559eae6bd26f3528e97450c70293da2e1e8ce45f77f99ab1
Analyzer Verdict Alert urlquery Scam - Fake AntiVirus
urlquery Scam - Fake AntiVirus
fortinet Phishing
GET /wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/0wa0rni0ng0.mp3 HTTP/1.1
Host: enabledsustained.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/
HTTP/1.1 206 Partial Content
Server: nginx
Date: Wed, 09 Nov 2022 15:35:41 GMT
Content-Type: audio/mpeg
Content-Length: 8405
Last-Modified: Wed, 09 Nov 2022 06:31:42 GMT
Connection: keep-alive
ETag: "636b494e-20d5"
Content-Range: bytes 0-8404/8405
enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/cross.png
143.198.34.62200 OK 44 kB URL HTTP/1.1 enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/cross.png
IP 143.198.34.62:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 2080 x 2080, 8-bit/color RGBA, non-interlaced\012- data
Hash 4487a588bf2a07e3d1936d705c5ceefd
db193b3e2ab9fbee6eae99ced2366b1ef5f16971
3821ef20f5904fdb993e34d87ff8fb9c5786a382efb0eeee8b4f00c91428b701
Analyzer Verdict Alert urlquery Scam - Fake AntiVirus
urlquery Scam - Fake AntiVirus
GET /wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/cross.png HTTP/1.1
Host: enabledsustained.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 09 Nov 2022 15:35:41 GMT
Content-Type: image/png
Content-Length: 44098
Last-Modified: Wed, 09 Nov 2022 06:31:42 GMT
Connection: keep-alive
ETag: "636b494e-ac42"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://enabledsustained.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Wed, 09 Nov 2022 14:41:09 GMT
expires: Wed, 09 Nov 2022 16:41:09 GMT
cache-control: public, max-age=7200
age: 3272
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
enabledsustained.ml/favicon.ico
143.198.34.62404 Not Found 725 B URL HTTP/1.1 enabledsustained.ml/favicon.ico
IP 143.198.34.62:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 6ef60fb53752709165f0ef91c1ddfc44
30c91a3f437f9a5148f55e356e463cb92a3e2cd3
201121983c681a61041706ac9d37057680094010b2f5f62e4e07782d5cb5b28d
GET /favicon.ico HTTP/1.1
Host: enabledsustained.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/
HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 09 Nov 2022 15:35:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"636b45b7-598"
Content-Encoding: gzip
www.google-analytics.com/j/collect?v=1&_v=j98&a=342944495&t=pageview&_s=1&dl=http%3A%2F%2Fenabledsustained.ml%2Fwdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603%2F001%2F&ul=en-us&de=UTF-8&dt=%E3%82%BB%E3%82%AD%E3%83%A5%E3%83%AA%E3%83%86%E3%82%A3%E3%82%BB%E3%83%B3%E3%82%BF%E3%83%BCCode0x268d3-Er07%E3%82%B5%E3%83%BC%E3%83%93%E3%82%B9&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=381882130&gjid=2032290180&cid=443568398.1668008138&tid=UA-154423629-1&_gid=668402749.1668008138&_r=1>m=2oub70&z=1342750377
142.250.74.174200 OK 1 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j98&a=342944495&t=pageview&_s=1&dl=http%3A%2F%2Fenabledsustained.ml%2Fwdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603%2F001%2F&ul=en-us&de=UTF-8&dt=%E3%82%BB%E3%82%AD%E3%83%A5%E3%83%AA%E3%83%86%E3%82%A3%E3%82%BB%E3%83%B3%E3%82%BF%E3%83%BCCode0x268d3-Er07%E3%82%B5%E3%83%BC%E3%83%93%E3%82%B9&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=381882130&gjid=2032290180&cid=443568398.1668008138&tid=UA-154423629-1&_gid=668402749.1668008138&_r=1>m=2oub70&z=1342750377
IP 142.250.74.174:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?v=1&_v=j98&a=342944495&t=pageview&_s=1&dl=http%3A%2F%2Fenabledsustained.ml%2Fwdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603%2F001%2F&ul=en-us&de=UTF-8&dt=%E3%82%BB%E3%82%AD%E3%83%A5%E3%83%AA%E3%83%86%E3%82%A3%E3%82%BB%E3%83%B3%E3%82%BF%E3%83%BCCode0x268d3-Er07%E3%82%B5%E3%83%BC%E3%83%93%E3%82%B9&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEBAAUABAAAAACAAI~&jid=381882130&gjid=2032290180&cid=443568398.1668008138&tid=UA-154423629-1&_gid=668402749.1668008138&_r=1>m=2oub70&z=1342750377 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://enabledsustained.ml
Connection: keep-alive
Referer: http://enabledsustained.ml/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: http://enabledsustained.ml
date: Wed, 09 Nov 2022 15:35:41 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c59d06092401e375df491b06ee8e6dbc
2e27b8ff7c08a5349e27969bc2a08e5e19d0c1da
23ee4ab633fcf67dc5d4d1931450e365cec8d436ef1f9ba5f46b6bab974724c4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3866
Cache-Control: max-age=153334
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 15:35:41 GMT
Etag: "636b6da9-1d7"
Expires: Fri, 11 Nov 2022 10:11:15 GMT
Last-Modified: Wed, 09 Nov 2022 09:06:49 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/background.png
143.198.34.62200 OK 934 kB URL HTTP/1.1 enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/background.png
IP 143.198.34.62:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 1920 x 1126, 8-bit/color RGB, non-interlaced\012- data
Size 934 kB (934134 bytes)
Hash 42bd688964c63e6bdeca18b87dadf2ad
3ad538297ebf394b78d0e598f845699e66ff535a
6b52659d061de383cee606a6b251ae45f5f3420ec58eebb50505922f0fdbbfd8
Analyzer Verdict Alert urlquery Scam - Fake AntiVirus
urlquery Scam - Fake AntiVirus
GET /wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/background.png HTTP/1.1
Host: enabledsustained.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 09 Nov 2022 15:35:41 GMT
Content-Type: image/png
Content-Length: 934134
Last-Modified: Wed, 09 Nov 2022 06:31:42 GMT
Connection: keep-alive
ETag: "636b494e-e40f6"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
push.services.mozilla.com/
34.218.164.174101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.218.164.174:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: xlbyr0/goDXPYviIRsCWbw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 0ej3EXK8y8zxSCHd7aWHAWxfO+I=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1b6e55fb9c16b8ec503ca6fb935f650f
1e392159765235158a218248677dc21c46bc4f42
89cc50a881ff8fae94b7bfa2732d133df59bae06680f6d2147281ee7bf8ab00b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89CC50A881FF8FAE94B7BFA2732D133DF59BAE06680F6D2147281EE7BF8AB00B"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10927
Expires: Wed, 09 Nov 2022 18:37:50 GMT
Date: Wed, 09 Nov 2022 15:35:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1b6e55fb9c16b8ec503ca6fb935f650f
1e392159765235158a218248677dc21c46bc4f42
89cc50a881ff8fae94b7bfa2732d133df59bae06680f6d2147281ee7bf8ab00b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89CC50A881FF8FAE94B7BFA2732D133DF59BAE06680F6D2147281EE7BF8AB00B"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10927
Expires: Wed, 09 Nov 2022 18:37:50 GMT
Date: Wed, 09 Nov 2022 15:35:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1b6e55fb9c16b8ec503ca6fb935f650f
1e392159765235158a218248677dc21c46bc4f42
89cc50a881ff8fae94b7bfa2732d133df59bae06680f6d2147281ee7bf8ab00b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89CC50A881FF8FAE94B7BFA2732D133DF59BAE06680F6D2147281EE7BF8AB00B"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10927
Expires: Wed, 09 Nov 2022 18:37:50 GMT
Date: Wed, 09 Nov 2022 15:35:43 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e2853cc6ec6223160471401e6871f4b
f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c
bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10462
x-amzn-requestid: 43480a38-fd89-4c47-b8c4-e6ba90b1321c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aMF6oEz_oAMF8Hg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634e5043-6617fd2e59cab00135301cdd;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 07:05:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: C7GYpM3mXSf0hVyGO9Zzlxa3IHXHdyPlXsvr3i0GoQnaPZF6lO-OwA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 06:24:20 GMT
age: 33083
etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84109408-bbc7-4166-8974-df4b4fbbf1c1.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84109408-bbc7-4166-8974-df4b4fbbf1c1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 11ef1d34ac2d42662fe53fc58c882fdf
16f1e048895ed1ee0c0c071e3939e741113e4969
61c42bae12654cf9bd1e7ca0f616164ff4139dc470fb6c1033176374444d6bda
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84109408-bbc7-4166-8974-df4b4fbbf1c1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 6272
x-amzn-requestid: 7287a2fe-853d-497f-a63e-1d521dd5326e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bG3dSGEIIAMF7Kg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6365d2bb-4c6803ad2d4ea46e68abd386;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 03:04:27 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: HorGiakcVRB2pttVHMwYarPgVp3mK2Fk1uf5dagcCPOWw184ZD4A8A==
via: 1.1 6a6653dfb47ccc5082f2a5b9d0d168ce.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 09:37:53 GMT
age: 21470
etag: "16f1e048895ed1ee0c0c071e3939e741113e4969"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F609c6c88-4535-488a-8bf4-de0e93b9ae31.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F609c6c88-4535-488a-8bf4-de0e93b9ae31.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 86ec3f22045de1a100eccf27d91593ae
e26769d82108f89057b05096061f1276d34e223a
b863d19ab12945922b4d014c517f5ffe349cefe2bbe1c2f16661371f22378cbd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F609c6c88-4535-488a-8bf4-de0e93b9ae31.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 10822
x-amzn-requestid: 730ec36d-2d1d-4a0f-90c8-dd819811bdd1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bM39VEZkIAMF7lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636839ee-6e75e34c64d489ca25765e67;Sampled=0
x-amzn-remapped-date: Sun, 06 Nov 2022 22:49:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: R2JUiJdMAsIbCHDmMMHyN0sKaVBZMDRh2WOfBPUWZpnMBVOcI40Y3w==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 11:14:53 GMT
age: 15650
etag: "e26769d82108f89057b05096061f1276d34e223a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8786d2a2-d21a-4bb6-916d-7fce27ea08f2.jpeg
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8786d2a2-d21a-4bb6-916d-7fce27ea08f2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 39446652ee66d20bd73df20f1a29589c
349ea78f3ad0f2f7376ba22e417226b2e06806d7
655a00944a319ba167e99b43055044cb18bc48d53605ff0d1b6c8b1ba8ee8237
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8786d2a2-d21a-4bb6-916d-7fce27ea08f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4737
x-amzn-requestid: ad230e08-9f4e-46cf-9a86-f8e013a1c498
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bQBFkEhLIAMFq_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63697bbd-7e8b686a23a84c5d473c9ef5;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 21:42:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: FoOPmZEjC6nhw801dgqENVL-9-aC0pyFAF-fMS57XzQyfxck2GGUvA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 21:49:16 GMT
age: 63987
etag: "349ea78f3ad0f2f7376ba22e417226b2e06806d7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b197dc2-1415-4c19-8d36-1fa334168ba5.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b197dc2-1415-4c19-8d36-1fa334168ba5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 29429581f8dc762c69c5916009f70080
9265cae98aa663a5498925b70079abdd8e7031fd
c3deee74c80905a1e92b84868b9987cb30ad7a210dca066b97c325cc2c83872e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b197dc2-1415-4c19-8d36-1fa334168ba5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9313
x-amzn-requestid: be3f6b0f-cf61-4bec-ad1a-87abdbc45d73
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bTTTwF5AoAMFZAw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636acc17-5ca45b5b1065a4ea492f2ac6;Sampled=0
x-amzn-remapped-date: Tue, 08 Nov 2022 21:37:27 GMT
x-amz-cf-pop: SEA19-C3, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 9lVY7YgQQ0FAP3ItgCSWePY0Msd4RIyBz4eNPc-K51BtnWUjOObv6g==
via: 1.1 31dfa94142c6eaf975b0e5454c00340a.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 21:43:31 GMT
etag: "9265cae98aa663a5498925b70079abdd8e7031fd"
content-type: image/jpeg
age: 64332
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff66bafec-6420-4aea-8b22-96b8fe0d292b.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff66bafec-6420-4aea-8b22-96b8fe0d292b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c69b19d2273c3ade32fd0797921c0459
8cafda5659f5b36c855a2bbcaeb03aa715ddeebd
d78b92e1175207b1179c85f9490f937e1647aeae3fe95cf8b3dc336db232945e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff66bafec-6420-4aea-8b22-96b8fe0d292b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8154
x-amzn-requestid: 1d9d6e13-69a4-473d-af4b-ef3d4382f3ca
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bTTU2EyZoAMF94w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636acc1e-0dec203434f42df01d9a1182;Sampled=0
x-amzn-remapped-date: Tue, 08 Nov 2022 21:37:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 5sq7XRYInS334VVDEtCJNlf_O9FTHn2G4u-WAIygFZ-SALN0flMwew==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 22:02:14 GMT
age: 63209
etag: "8cafda5659f5b36c855a2bbcaeb03aa715ddeebd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0
104.18.10.207200 OK 67 kB URL HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0
IP 104.18.10.207:0
File type Web Open Font Format (Version 2), TrueType, length 66624, version 4.262\012- data
Hash db812d8a70a4e88e888744c1c9a27e89
638c652d623280a58144f93e7b552c66d1667a11
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995
GET /font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0 HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://enabledsustained.ml
Connection: keep-alive
Referer: https://maxcdn.bootstrapcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 09 Nov 2022 15:35:43 GMT
content-type: font/woff2
content-length: 66624
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "db812d8a70a4e88e888744c1c9a27e89"
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 08/15/2022 13:52:58
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 0a9881368ccdcbe52c2e7795f0aa5963
cdn-cache: HIT
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 76779eb368b9b523-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
104.18.10.207200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
IP 104.18.10.207:0
GET /font-awesome/4.5.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://enabledsustained.ml/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 09 Nov 2022 15:35:41 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
cdn-edgestorageid: 565, 617, 617
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 2021-06-08 19:04:20
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: e9a84d03a1f7c6aa17012c712a6e5dd5
cdn-status: 200
cdn-cache: HIT
cf-cache-status: HIT
age: 13452389
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 76779ea25c3db50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/wa0lDErtm0s.mp3
143.198.34.62206 Partial Content 0 B URL HTTP/1.1 enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/wa0lDErtm0s.mp3
IP 143.198.34.62:0
ASN #14061 DIGITALOCEAN-ASN
Analyzer Verdict Alert fortinet Phishing
GET /wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/wa0lDErtm0s.mp3 HTTP/1.1
Host: enabledsustained.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://enabledsustained.ml/wdfur3ie5wsd-fre5deo7si-dfe5sdsd9re0w6os-dew5sdew7oa-dew5qsd7ews-dfrju5ew7mnhsd-ewde5wi7si-fure6wd7ewis-sd8ew9srew-fre5woe8wo-sid9ewju7direw-diew2drewsi9603/001/
HTTP/1.1 206 Partial Content
Server: nginx
Date: Wed, 09 Nov 2022 15:35:41 GMT
Content-Type: audio/mpeg
Content-Length: 193612
Last-Modified: Wed, 09 Nov 2022 06:31:42 GMT
Connection: keep-alive
ETag: "636b494e-2f44c"
Content-Range: bytes 0-193611/193612