r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2d2e7649ce9e9ba6fc8b68aa89352e3c
0153d1d3d830a457043e16bb40d48a0b9ddef4b8
8eed57c91b42ef7b2d5eff1309e306e23e13c3de21219af24a693cbf3e8977fc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8EED57C91B42EF7B2D5EFF1309E306E23E13C3DE21219AF24A693CBF3E8977FC"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11754
Expires: Thu, 01 Dec 2022 05:23:55 GMT
Date: Thu, 01 Dec 2022 02:08:01 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f3cf023c797da81728c0ac84c8759331
fa07c5e39e4b0741ea484101cccb2202acea9d9c
5206a0bac8bf78d6b84322519271a1ece2c1039a0090e583de6d6192d88873d0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5765
Cache-Control: max-age=122363
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 02:08:01 GMT
Etag: "638730f7-1d7"
Expires: Fri, 02 Dec 2022 12:07:24 GMT
Last-Modified: Wed, 30 Nov 2022 10:31:19 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6d9d34c96b9a826ae5676640c966469c
8052a16d41a637e420478b7de1ff5a2dc951fccd
f18ac558cb786126bb7efb159e03353d268d5f5796bcfd2691a349dfc68d863c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F18AC558CB786126BB7EFB159E03353D268D5F5796BCFD2691A349DFC68D863C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16919
Expires: Thu, 01 Dec 2022 06:50:00 GMT
Date: Thu, 01 Dec 2022 02:08:01 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 01 Dec 2022 01:19:45 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2896
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ZFwmV0gNoLHxz3Yrx00gkqXQ/ECVjaYbj+KfPwTZrlVI40w9MZYg9klsXRpfLpnxhcuM4jXcE7/qORTy0y/49Q==
x-amz-request-id: W0Z762V3P0ENQ3GD
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 01 Dec 2022 01:45:28 GMT
age: 1353
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 02:08:01 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 01 Dec 2022 01:11:15 GMT
cache-control: public,max-age=3600
age: 3407
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cfdd00e67ee6ca21712b867eb5288ab6
b61d5d6ec3b7ad71619e13e32c87f2d01871b88a
f740cac6dfedc1bf0f82efb10dac4f6ffb22f9bb5d4a9b68a4cd971dd2f65793
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5755
Cache-Control: max-age=117284
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 02:08:02 GMT
Etag: "63871d2b-1d7"
Expires: Fri, 02 Dec 2022 10:42:46 GMT
Last-Modified: Wed, 30 Nov 2022 09:06:51 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.161.230.192101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.161.230.192:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: hfOR1XZ5DGvwhMl+l+cSyg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: LXmwe1ylAof7YYkkfABGaIneEKk=
86.104.194.63/DE/in/a1b2c3/596e6c6e88371592b44dff05372d9d5e/login/?index=44027&feeder=a31754e1b9a0ad85e7dd598be79be5def6a611a5
86.104.194.63200 OK 4.8 kB URL HTTP/1.1 86.104.194.63/DE/in/a1b2c3/596e6c6e88371592b44dff05372d9d5e/login/?index=44027&feeder=a31754e1b9a0ad85e7dd598be79be5def6a611a5
IP 86.104.194.63:0
ASN #48874 Hostmaze Inc Srl-d
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (591)
Hash 6da6b848f6751c88e3bfae54b60c59c1
56eb2e5cc0e94f85a5a3d4e48c46ecb02b82a556
965f5f19969d5fd44f0df275c8ea1690d27563f5de895717e5b293f337f52b44
Analyzer Verdict Alert openphish ING
quad9 Sinkholed
GET /DE/in/a1b2c3/596e6c6e88371592b44dff05372d9d5e/login/?index=44027&feeder=a31754e1b9a0ad85e7dd598be79be5def6a611a5 HTTP/1.1
Host: 86.104.194.63
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 02:08:33 GMT
Server: Apache/2.4.29 (Ubuntu)
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4769
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
86.104.194.63/DE/in/bower_components/jquery/dist/jquery.min.js
86.104.194.63200 OK 30 kB URL HTTP/1.1 86.104.194.63/DE/in/bower_components/jquery/dist/jquery.min.js
IP 86.104.194.63:0
ASN #48874 Hostmaze Inc Srl-d
File type ASCII text, with very long lines (32058)
Hash 3430607b4301113ad9394c9260eef3f0
8c4db68b161b17e31be300e968a30ab0116b3193
31e4d11375322cd6f94dba7338570426f2412d6c5fa670427966d45c3648098c
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /DE/in/bower_components/jquery/dist/jquery.min.js HTTP/1.1
Host: 86.104.194.63
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://86.104.194.63/DE/in/a1b2c3/596e6c6e88371592b44dff05372d9d5e/login/?index=44027&feeder=a31754e1b9a0ad85e7dd598be79be5def6a611a5
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 02:08:34 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Tue, 23 Aug 2022 22:01:08 GMT
ETag: "15283-5e6efb394d100-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 30138
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
86.104.194.63/DE/in/login/form/css.css
86.104.194.63200 OK 0 B URL HTTP/1.1 86.104.194.63/DE/in/login/form/css.css
IP 86.104.194.63:0
ASN #48874 Hostmaze Inc Srl-d
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /DE/in/login/form/css.css HTTP/1.1
Host: 86.104.194.63
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://86.104.194.63/DE/in/a1b2c3/596e6c6e88371592b44dff05372d9d5e/login/?index=44027&feeder=a31754e1b9a0ad85e7dd598be79be5def6a611a5
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 02:08:35 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Tue, 23 Aug 2022 22:00:58 GMT
ETag: "0-5e6efb2fc3a80"
Accept-Ranges: bytes
Content-Length: 0
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
86.104.194.63/DE/in/core/token/core_token.js
86.104.194.63200 OK 2.7 kB URL HTTP/1.1 86.104.194.63/DE/in/core/token/core_token.js
IP 86.104.194.63:0
ASN #48874 Hostmaze Inc Srl-d
File type ASCII text, with very long lines (11063), with no line terminators
Hash 15d2920616162f904f6360b756232b2e
ba33180b2696d652e903333d542e0cd442af2c27
f3f5e8953bb2e700f2000350cc991b8c1ee810b25f6f5fceb4a1e814e6f53288
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /DE/in/core/token/core_token.js HTTP/1.1
Host: 86.104.194.63
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://86.104.194.63/DE/in/a1b2c3/596e6c6e88371592b44dff05372d9d5e/login/?index=44027&feeder=a31754e1b9a0ad85e7dd598be79be5def6a611a5
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 02:08:35 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Tue, 23 Aug 2022 22:01:00 GMT
ETag: "2b37-5e6efb31abf00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2745
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
86.104.194.63/DE/in/login/BusyIndicator-ver-B7F2943258D5A2E62FFE465B6AD641A2.css
86.104.194.63200 OK 467 B URL HTTP/1.1 86.104.194.63/DE/in/login/BusyIndicator-ver-B7F2943258D5A2E62FFE465B6AD641A2.css
IP 86.104.194.63:0
ASN #48874 Hostmaze Inc Srl-d
Hash ba3e07908b0b05bbb3357a6a6e0aef79
3efdbf2b58e815cd7583197f416a2bae3cd4f669
9bb57b230d013ece0e0dffddbd0a73b5d370fcb7e9eac5dc9529100fd2f76cb0
Analyzer Verdict Alert quad9 Sinkholed
GET /DE/in/login/BusyIndicator-ver-B7F2943258D5A2E62FFE465B6AD641A2.css HTTP/1.1
Host: 86.104.194.63
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://86.104.194.63/DE/in/a1b2c3/596e6c6e88371592b44dff05372d9d5e/login/?index=44027&feeder=a31754e1b9a0ad85e7dd598be79be5def6a611a5
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 02:08:35 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Tue, 23 Aug 2022 22:00:56 GMT
ETag: "43c-5e6efb2ddb600-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 467
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
86.104.194.63/DE/in/core/form/core_form.js
86.104.194.63200 OK 6.3 kB URL HTTP/1.1 86.104.194.63/DE/in/core/form/core_form.js
IP 86.104.194.63:0
ASN #48874 Hostmaze Inc Srl-d
File type Unicode text, UTF-8 text, with very long lines (21937), with no line terminators
Hash 9ba1edf8ff154ed9f9aabb76328820d5
277380c18797d70f48ba55d260c72983255b8081
fa057bce576e41054378f5150ec29a958a98abd27ea722601b02ad3defbda758
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /DE/in/core/form/core_form.js HTTP/1.1
Host: 86.104.194.63
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://86.104.194.63/DE/in/a1b2c3/596e6c6e88371592b44dff05372d9d5e/login/?index=44027&feeder=a31754e1b9a0ad85e7dd598be79be5def6a611a5
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 02:08:35 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Tue, 23 Aug 2022 22:01:00 GMT
ETag: "55b4-5e6efb31abf00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6294
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
86.104.194.63/DE/in/login/form/form.js?v=63880ca2be2eb
86.104.194.63200 OK 1.1 kB URL HTTP/1.1 86.104.194.63/DE/in/login/form/form.js?v=63880ca2be2eb
IP 86.104.194.63:0
ASN #48874 Hostmaze Inc Srl-d
File type ASCII text, with very long lines (3431), with no line terminators
Hash f020de7de175d94575add93ab0baa4bc
b9337a99fa836129471ce4af685524241da817b7
d1012257889a1ae38805246d2b61bcef24f361493402e4394fff779548b8de5b
Analyzer Verdict Alert quad9 Sinkholed
GET /DE/in/login/form/form.js?v=63880ca2be2eb HTTP/1.1
Host: 86.104.194.63
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://86.104.194.63/DE/in/a1b2c3/596e6c6e88371592b44dff05372d9d5e/login/?index=44027&feeder=a31754e1b9a0ad85e7dd598be79be5def6a611a5
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 02:08:35 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Tue, 23 Aug 2022 22:00:58 GMT
ETag: "d67-5e6efb2fc3a80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1116
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
86.104.194.63/DE/in/login/token/token.js?v=63880ca2be326
86.104.194.63200 OK 746 B URL HTTP/1.1 86.104.194.63/DE/in/login/token/token.js?v=63880ca2be326
IP 86.104.194.63:0
ASN #48874 Hostmaze Inc Srl-d
File type ASCII text, with very long lines (1837), with no line terminators
Hash b82616da6c4063f7371af0e7e2cd2b74
0323c6ac337068d21d7e079d9a72b5fb413282c9
5ad24b1b0516b2a3dbce5e4df8418cd6bd455f58e26feae8498b993651cbf64a
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /DE/in/login/token/token.js?v=63880ca2be326 HTTP/1.1
Host: 86.104.194.63
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://86.104.194.63/DE/in/a1b2c3/596e6c6e88371592b44dff05372d9d5e/login/?index=44027&feeder=a31754e1b9a0ad85e7dd598be79be5def6a611a5
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 02:08:35 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Tue, 23 Aug 2022 22:00:58 GMT
ETag: "72d-5e6efb2fc3a80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 746
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
86.104.194.63/DE/in/bower_components/font-awesome/css/font-awesome.min.css
86.104.194.63200 OK 7.1 kB URL HTTP/1.1 86.104.194.63/DE/in/bower_components/font-awesome/css/font-awesome.min.css
IP 86.104.194.63:0
ASN #48874 Hostmaze Inc Srl-d
File type ASCII text, with very long lines (30837)
Hash 52f1a8a2ce85fa8432308b33bc1a2e79
fd80917af5371c8ecad0198592a1e7cce4b77b0e
07bd6a9ea0213e20f362485aadc17a88c486ecfb394004b41b8b38db6e6a35f6
Analyzer Verdict Alert quad9 Sinkholed
GET /DE/in/bower_components/font-awesome/css/font-awesome.min.css HTTP/1.1
Host: 86.104.194.63
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://86.104.194.63/DE/in/a1b2c3/596e6c6e88371592b44dff05372d9d5e/login/?index=44027&feeder=a31754e1b9a0ad85e7dd598be79be5def6a611a5
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 02:08:35 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Tue, 23 Aug 2022 22:01:06 GMT
ETag: "7918-5e6efb3764c80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7053
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8671
Expires: Thu, 01 Dec 2022 04:32:34 GMT
Date: Thu, 01 Dec 2022 02:08:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8671
Expires: Thu, 01 Dec 2022 04:32:34 GMT
Date: Thu, 01 Dec 2022 02:08:03 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7837c610-4f38-4ecd-b984-5752ff89a1f8.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7837c610-4f38-4ecd-b984-5752ff89a1f8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 37004182402c955f288eb1fa8df7aef4
01a07f9a5725f608fafeced7b3d1ebdbcb776c29
c90c80dd5cadbde3fef20a9c4561b1efa47401e5f6bdf64c91246553c50204f0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7837c610-4f38-4ecd-b984-5752ff89a1f8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7957
x-amzn-requestid: 54f43d6b-cf41-4067-b459-6b8d98869354
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cV91PGgNIAMF2Xg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63857687-069ac54c22797a511c69a220;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 03:03:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5et72pBhP9fdm4fNy6V5AJjs7B5N3HUGgaToNJV3LbA59D-0QDAMvw==
via: 1.1 6c90b631453c435bd0022caa657b67e8.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 03:31:51 GMT
age: 81372
etag: "01a07f9a5725f608fafeced7b3d1ebdbcb776c29"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e1e6b6ba4f82221b41c3d9129008c76d
2f9532d698b4c28df23e18bbb66399ec776d5b9f
218c6f41a16e6087c611d4db5784a7cc1d027084d0bf2bd6dc3843ee5dfd560f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9459
x-amzn-requestid: 9e243a73-18ff-4abf-9b9c-442719960125
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMpppFXjoAMFehg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bca3-47620f39181264772d2fb52d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:13:40 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _v5hatZyEWVRB4Tebygbb-QfE02oaFxE8CRfQsUY7I_ektxE3YeIpw==
via: 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 17:08:01 GMT
age: 32402
etag: "2f9532d698b4c28df23e18bbb66399ec776d5b9f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc551f651-39d0-4021-90ed-915a79168ea0.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc551f651-39d0-4021-90ed-915a79168ea0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b8802d5080eb35e4052ef31cf7658650
1e78566f2e69268c5f753fb49112ab07aae3eccf
9c96906ee1dea353198c9069fa7e42b100e4fa766e5be8e4d8db036033961086
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc551f651-39d0-4021-90ed-915a79168ea0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4409
x-amzn-requestid: cb422842-e955-4749-8b2a-3c028a09c20f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz7XEE2IAMFY3A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd15-3c4d1a6d4d542e81179ea8ba;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: zYLCQ4DUQtMklG-T-ATot22PDIUMjnN1wpVkoHBh4Oa3TAyNzTv86g==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:49:45 GMT
age: 15498
etag: "1e78566f2e69268c5f753fb49112ab07aae3eccf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F350e8884-8903-4779-8a0c-bb74e9168bfb.jpeg
34.120.237.76200 OK 4.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F350e8884-8903-4779-8a0c-bb74e9168bfb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4fd5f7a9e04d27654062b3e18b8aecca
07fafbd614cdb49f20bceea29d5e684725d3bdf6
0cb64a9a33f66b92eed5a591b6c368f3d74363941d8876e553a8ea6aaa547590
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F350e8884-8903-4779-8a0c-bb74e9168bfb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4199
x-amzn-requestid: 61981ad5-3560-43e1-a1cd-37f823e89675
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZQxoEz5IAMFzQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6386c80a-291574e42bee51b2523b3920;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 03:03:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: fL5AwXN4Kitj3BB3DyYyYfFYk3GRgLvhNNTiQKrDcxPR6mkfzyUuzQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 22:05:04 GMT
age: 14579
etag: "07fafbd614cdb49f20bceea29d5e684725d3bdf6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 26d6dffbf400da4803a2e76e2a8ef2f8
2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8
04c6e31623fe48cbe83dc91635bfa47b337590f18919995b08d5bde27e929e03
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8740
x-amzn-requestid: c6c3e3dc-c9a2-4fda-a83b-cdd6ae81166b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7uyE9CoAMF6Xg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830cc4-2c8940405044071a082ee678;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qykE_oaoqqPTgqGnfUo74mH29IOS97b5sZb_3VmB9yW7KUiJ1a7dnA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 18:58:06 GMT
age: 25797
etag: "2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f6b1394-57be-42ed-ad12-94fa7a0b4be7.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f6b1394-57be-42ed-ad12-94fa7a0b4be7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0d0219e6bee2a28f003f396f872eecf0
b3d22d146c6094cb539de40a72b9c5a140802ee5
41c1b037e8e654c19f36b74cceccd1fc841cc9fb7de39ac552ab5089dc3e82db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0f6b1394-57be-42ed-ad12-94fa7a0b4be7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7609
x-amzn-requestid: 1a464872-7c15-42d3-a12a-f344adf99662
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cV91PHVUoAMFf4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63857687-3f77f387752222b212d6e2a5;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 03:03:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XUcf5sxPRTQEOS_HWPDW5ioStuq1TPMKvKQSRi2kZI5TbTWEVKFfog==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 03:42:48 GMT
age: 80715
etag: "b3d22d146c6094cb539de40a72b9c5a140802ee5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
86.104.194.63/DE/in/bower_components/ua-parser-js/dist/ua-parser.min.js
86.104.194.63200 OK 6.1 kB URL HTTP/1.1 86.104.194.63/DE/in/bower_components/ua-parser-js/dist/ua-parser.min.js
IP 86.104.194.63:0
ASN #48874 Hostmaze Inc Srl-d
File type Unicode text, UTF-8 text, with very long lines (16817)
Hash 14da93cff6d49885bf214d2503f614db
04d64d738cd0fd2b4eee3b8abc5326dfda3f1dea
49e584e9a0aee55b81771b9e010ccf1da6278da03fb8ddba07ef7a1f0a126732
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /DE/in/bower_components/ua-parser-js/dist/ua-parser.min.js HTTP/1.1
Host: 86.104.194.63
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://86.104.194.63/DE/in/a1b2c3/596e6c6e88371592b44dff05372d9d5e/login/?index=44027&feeder=a31754e1b9a0ad85e7dd598be79be5def6a611a5
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 02:08:34 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Tue, 23 Aug 2022 22:01:06 GMT
ETag: "4298-5e6efb3764c80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6063
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
86.104.194.63/DE/in/login/bundle.ibbr-ver-0EFCA3FE9DBDCD28ABB2BAEA94D9129E.css
86.104.194.63200 OK 104 kB URL HTTP/1.1 86.104.194.63/DE/in/login/bundle.ibbr-ver-0EFCA3FE9DBDCD28ABB2BAEA94D9129E.css
IP 86.104.194.63:0
ASN #48874 Hostmaze Inc Srl-d
File type ASCII text, with very long lines (65492)
Size 104 kB (103566 bytes)
Hash 1c5a7a1be96c434c36b1b5fcb95fbf5f
655398a8d907912b753723872ea1c98981af0547
c2c0009481e84a3079671ace2f2ca23d8c8be5a63ccc94cd04a9c116cb0a56e2
Analyzer Verdict Alert quad9 Sinkholed
GET /DE/in/login/bundle.ibbr-ver-0EFCA3FE9DBDCD28ABB2BAEA94D9129E.css HTTP/1.1
Host: 86.104.194.63
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://86.104.194.63/DE/in/a1b2c3/596e6c6e88371592b44dff05372d9d5e/login/?index=44027&feeder=a31754e1b9a0ad85e7dd598be79be5def6a611a5
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 02:08:35 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Tue, 23 Aug 2022 22:00:56 GMT
ETag: "bb690-5e6efb2ddb600-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css
86.104.194.63/DE/in/core/form/core_form.css
86.104.194.63200 OK 993 B URL HTTP/1.1 86.104.194.63/DE/in/core/form/core_form.css
IP 86.104.194.63:0
ASN #48874 Hostmaze Inc Srl-d
Hash cff8ee4c6009f32b3f52c86dc55db833
79c29a32a8edeb9b1d4fb87771ef646fce1ba3e8
572e0de6912b4e9e987738fbb778513720540267d0afe86f27d27da78dadaffd
Analyzer Verdict Alert quad9 Sinkholed
GET /DE/in/core/form/core_form.css HTTP/1.1
Host: 86.104.194.63
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://86.104.194.63/DE/in/a1b2c3/596e6c6e88371592b44dff05372d9d5e/login/?index=44027&feeder=a31754e1b9a0ad85e7dd598be79be5def6a611a5
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 02:08:34 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Tue, 23 Aug 2022 22:01:00 GMT
ETag: "127c-5e6efb31abf00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 993
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
86.104.194.63/favicon.ico
86.104.194.63404 Not Found 275 B URL HTTP/1.1 86.104.194.63/favicon.ico
IP 86.104.194.63:0
ASN #48874 Hostmaze Inc Srl-d
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 2dbeb0862b298605fbbd6d8ad842392e
faedb382bbe556536b8dbeac09777dd613770089
e9e2553fe83f48adf2ced7d5af3243ae596aa79372c0bf1e1fbee9193cc4d778
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 86.104.194.63
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://86.104.194.63/DE/in/a1b2c3/596e6c6e88371592b44dff05372d9d5e/login/?index=44027&feeder=a31754e1b9a0ad85e7dd598be79be5def6a611a5
HTTP/1.1 404 Not Found
Date: Thu, 01 Dec 2022 02:08:37 GMT
Server: Apache/2.4.29 (Ubuntu)
Content-Length: 275
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
86.104.194.63/DE/in/login/INGMeWeb-Bold.woff2
86.104.194.63200 OK 30 kB URL HTTP/1.1 86.104.194.63/DE/in/login/INGMeWeb-Bold.woff2
IP 86.104.194.63:0
ASN #48874 Hostmaze Inc Srl-d
File type Web Open Font Format (Version 2), TrueType, length 30456, version 1.0\012- data
Hash 126c1fdeee5cc17fef5f5909ebb5c86f
e2676a4a0c0f88ad2f33fe8acefc038073785de3
3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /DE/in/login/INGMeWeb-Bold.woff2 HTTP/1.1
Host: 86.104.194.63
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://86.104.194.63/DE/in/login/bundle.ibbr-ver-0EFCA3FE9DBDCD28ABB2BAEA94D9129E.css
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 02:08:37 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Tue, 23 Aug 2022 22:00:58 GMT
ETag: "76f8-5e6efb2fc3a80"
Accept-Ranges: bytes
Content-Length: 30456
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
86.104.194.63/DE/in/login/INGMeWeb-Regular.woff2
86.104.194.63200 OK 30 kB URL HTTP/1.1 86.104.194.63/DE/in/login/INGMeWeb-Regular.woff2
IP 86.104.194.63:0
ASN #48874 Hostmaze Inc Srl-d
File type Web Open Font Format (Version 2), TrueType, length 29616, version 1.0\012- data
Hash 97205b19383b6a85ef38eb0997c23c35
f7e0af7cfde57e454dde3a2a0c878cc37de5841e
f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /DE/in/login/INGMeWeb-Regular.woff2 HTTP/1.1
Host: 86.104.194.63
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://86.104.194.63/DE/in/login/bundle.ibbr-ver-0EFCA3FE9DBDCD28ABB2BAEA94D9129E.css
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 02:08:37 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Tue, 23 Aug 2022 22:00:56 GMT
ETag: "73b0-5e6efb2ddb600"
Accept-Ranges: bytes
Content-Length: 29616
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
86.104.194.63/DE/in/login/ING_Deutschland_Claim.svg
86.104.194.63200 OK 21 kB URL HTTP/1.1 86.104.194.63/DE/in/login/ING_Deutschland_Claim.svg
IP 86.104.194.63:0
ASN #48874 Hostmaze Inc Srl-d
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 5dd5d510109fe4d0e8ea8d6988b76805
2793df60c869776d2fdb5ed4316e599e12150792
f41428bb3f8bd412eed7e59325ab789007fb6362ec5f06da18c67e5bb7639114
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /DE/in/login/ING_Deutschland_Claim.svg HTTP/1.1
Host: 86.104.194.63
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://86.104.194.63/DE/in/login/bundle.ibbr-ver-0EFCA3FE9DBDCD28ABB2BAEA94D9129E.css
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 02:08:37 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Tue, 23 Aug 2022 22:00:58 GMT
ETag: "5178-5e6efb2fc3a80"
Accept-Ranges: bytes
Content-Length: 20856
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml
86.104.194.63/DE/in/login/icons.woff
86.104.194.63200 OK 40 kB URL HTTP/1.1 86.104.194.63/DE/in/login/icons.woff
IP 86.104.194.63:0
ASN #48874 Hostmaze Inc Srl-d
File type Web Open Font Format, TrueType, length 40128, version 1.0\012- data
Hash bbf967c24ec9deda08e3ecef994bffb8
963b670dbe0d1d025dab9a1180bae0be469ec519
b5042719aa693ccb50ddf9bb7a99d2df224389b5e8dbf4c2bb3b385b8e63bdd9
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /DE/in/login/icons.woff HTTP/1.1
Host: 86.104.194.63
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://86.104.194.63/DE/in/login/bundle.ibbr-ver-0EFCA3FE9DBDCD28ABB2BAEA94D9129E.css
HTTP/1.1 200 OK
Date: Thu, 01 Dec 2022 02:08:37 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Tue, 23 Aug 2022 22:00:56 GMT
ETag: "9cc0-5e6efb2ddb600"
Accept-Ranges: bytes
Content-Length: 40128
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/font-woff
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb53953-3f6b-43ee-95d9-fb65d133745f.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb53953-3f6b-43ee-95d9-fb65d133745f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 328ce221bcf3442f88d09373193ff594
63bfa2ea925aa2c188c664a7bf7af7b0e5417e60
21d5b5ec267430dba91b17f89a557aca5cd2a21535da18eb02ec69ed0e1b7371
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb53953-3f6b-43ee-95d9-fb65d133745f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 13411
x-amzn-requestid: 71f8798f-93e9-4649-8822-7ad3fadeec34
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz6vH05oAMF_qw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd11-1849aa08463e5c1f3d9b15b9;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QVGFEOePBybOeNxG6eWBffm8Ha_fmBnT8vMIGcI8zv9C7yiBeSncDw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:52:00 GMT
etag: "63bfa2ea925aa2c188c664a7bf7af7b0e5417e60"
content-type: image/jpeg
age: 15370
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2