Report - box.zero.camp/analysis/14536/network/

Report Overview

Submitted URL
box.zero.camp/analysis/14536/network/
IP
175.208.134.152
ASN
#4766 Korea Telecom
Submitted
2023-03-29 11:39:02
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
62

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
box.zero.camp	unknown	2021-03-11T10:03:46Z	2023-03-08T03:52:04Z	19 kB	4.3 MB	175.208.134.152
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-29T22:31:06Z	340 B	963 B	104.18.32.68
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-29T18:12:02Z	1.7 kB	3.5 kB	142.250.74.3
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-29T18:24:36Z	413 B	5.9 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-29T18:13:46Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-29T18:37:20Z	606 B	127 B	35.167.190.70
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-29T22:30:19Z	3.2 kB	52 kB	34.120.237.76
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-29T23:11:09Z	1.5 kB	41 kB	216.58.207.227
maxcdn.bootstrapcdn.com	724	2014-06-18T02:37:31Z	2023-03-29T18:15:41Z	919 B	68 kB	188.114.99.234
code.ionicframework.com	14473	2014-02-05T18:09:16Z	2023-03-29T13:38:52Z	406 B	1.1 kB	188.114.98.234
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-29T18:25:22Z	411 B	630 B	142.250.74.106
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-29T18:12:03Z	3.0 kB	8.0 kB	23.36.77.32
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-29T18:14:38Z	782 B	2.4 kB	35.241.9.150

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-03-29	medium	box.zero.camp/analysis/14536/network/	Malware
2023-03-29	medium	box.zero.camp/static/js/handlebars-templates.js	Malware
2023-03-29	medium	box.zero.camp/static/js/hexdump.js	Malware
2023-03-29	medium	box.zero.camp/static/js/cuckoo/loader.js	Malware
2023-03-29	medium	box.zero.camp/static/js/cuckoo/sticky.js	Malware
2023-03-29	medium	box.zero.camp/static/js/cuckoo/analysis_sidebar.js	Malware
2023-03-29	medium	box.zero.camp/static/js/cuckoo/analysis_feedback.js	Malware
2023-03-29	medium	box.zero.camp/static/js/cuckoo/process_tree.js	Malware
2023-03-29	medium	box.zero.camp/static/js/cuckoo/recent.js	Malware
2023-03-29	medium	box.zero.camp/static/js/cuckoo/analysis_network.js	Malware
2023-03-29	medium	box.zero.camp/static/js/cuckoo/rdp.js	Malware
2023-03-29	medium	box.zero.camp/static/js/cuckoo/app.js	Malware
2023-03-29	medium	box.zero.camp/static/js/cuckoo/submission.js	Malware
2023-03-29	medium	box.zero.camp/static/lightslider/lightslider.js	Malware
2023-03-29	medium	box.zero.camp/static/lightslider/lightgallery-all.min.js	Malware
2023-03-29	medium	box.zero.camp/static/custom/js/datepicker-ko.js	Malware
2023-03-29	medium	box.zero.camp/static/dist/js/adminlte.js	Malware
2023-03-29	medium	box.zero.camp/static/plugins/toastr/toastr.min.js	Malware
2023-03-29	medium	box.zero.camp/static/plugins/pace-progress/pace.min.js	Malware
2023-03-29	medium	box.zero.camp/static/plugins/bootstrap/js/bootstrap.bundle.min.js	Malware
2023-03-29	medium	box.zero.camp/static/custom/js/jquery-ui.min.js	Malware
2023-03-29	medium	box.zero.camp/static/js/vendor.js	Malware
2023-03-29	medium	box.zero.camp/static/plugins/fontawesome-free/webfonts/fa-solid-900.woff2	Malware
2023-03-29	medium	box.zero.camp/static/plugins/fontawesome-free/webfonts/fa-regular-400.woff2	Malware
2023-03-29	medium	box.zero.camp/static/fonts/Roboto_normal_400_default.woff	Malware
2023-03-29	medium	box.zero.camp/static/fonts/Roboto_normal_500_default.woff	Malware
2023-03-29	medium	box.zero.camp/static/fonts/Roboto_normal_700_default.woff	Malware
2023-03-29	medium	box.zero.camp/static/custom/js/jquery-1.11.0.min.js	Malware
2023-03-29	medium	box.zero.camp/analysis/14536/pcapstream/192.168.56.101,61479,164.124.101.2,53,udp/	Malware
2023-03-29	medium	box.zero.camp/analysis/14536/network/	Malware
2023-03-29	medium	box.zero.camp/board/etc/notification.html	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (28)

	URL	Size	First Seen	Last Seen
	box.zero.camp/static/js/cuckoo/analysis_sidebar.js	3.4 kB	2023-03-29	2023-03-29
Pretty URL box.zero.camp/static/js/cuckoo/analysis_sidebar.js IP 175.208.134.152 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:49:35 Last Seen2023-03-29 23:49:35 Times Seen1 Hash 70bc139be269df8214f7f7119a0cab72 34d2adef378bc161d726813f90842fc8a561bbb2 0e7953a6534f61bd92ac25f94596b5653da2e3163a50636da6cabc7e3cea6b47 Loading...

	box.zero.camp/analysis/14536/network/	966 B	2023-03-29	2023-03-29
Pretty URL box.zero.camp/analysis/14536/network/ IP 175.208.134.152 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:49:35 Last Seen2023-03-29 23:49:35 Times Seen1 Hash ba34a9e848aa6a08ce77d667caf6510e fafd0784e638008cbfc7915affdd94e80dbacb08 c39a1046c39ce1db34f4cf4c362cb920eaef7cef010e837c0812585512b2579e Loading...

	box.zero.camp/static/js/cuckoo/submission.js	88 kB	2023-03-29	2023-03-29
Pretty URL box.zero.camp/static/js/cuckoo/submission.js IP 175.208.134.152 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:49:35 Last Seen2023-03-29 23:49:35 Times Seen1 Hash da0e5accd48bc7a70d3220a1152415c1 03c5089ca434905d97b0d825b00e41a2fffb0762 2a05481e90b0c249ddaf88ef69125604bf6abd1746adbc9f2b14441ed80aeafa Loading...

	box.zero.camp/static/custom/js/jquery-ui.min.js	240 kB	2023-03-07	2024-05-10
Pretty URL box.zero.camp/static/custom/js/jquery-ui.min.js IP 175.208.134.152 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:04:01 Last Seen2024-05-10 22:54:47 Times Seen4694 Hash d935d506ae9c8dd9e0f96706fbb91f65 7f650ee30c6a4d3eea04032039b20ff72997559b c4d8dbe77feb63e5a61bee0bead4e5f66e8fa6a927599bd1b74aced52467273c Loading...

	box.zero.camp/static/js/cuckoo/loader.js	2.5 kB	2023-03-29	2023-03-29
Pretty URL box.zero.camp/static/js/cuckoo/loader.js IP 175.208.134.152 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:49:35 Last Seen2023-03-29 23:49:35 Times Seen1 Hash e68edf68867c60ff30fb2bbc8f37bc60 596bacac27436b34fe70cba21a56704f8070747f 2f3dcda69c829ed1eed605ca5f9ce6656dbcf737d7247e5cb4cc8b52e95712ad Loading...

	box.zero.camp/static/plugins/bootstrap/js/bootstrap.bundle.min.js	79 kB	2023-03-07	2024-05-10
Pretty URL box.zero.camp/static/plugins/bootstrap/js/bootstrap.bundle.min.js IP 175.208.134.152 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:59 Last Seen2024-05-10 11:37:34 Times Seen15759 Hash a454220fc07088bf1fdd19313b6bfd50 265a733cb7fbc481fd2510a659a85ad55c93c895 7f3145c87d3570154f633975e8a4f8d30aa38603edaba145501e9c90ddbe186c Loading...

	box.zero.camp/static/js/cuckoo/sticky.js	3.2 kB	2023-03-29	2023-03-29
Pretty URL box.zero.camp/static/js/cuckoo/sticky.js IP 175.208.134.152 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:49:35 Last Seen2023-03-29 23:49:35 Times Seen1 Hash 187271cb087bc2ab0bf9806e26bb261e cc879e72603e099791df40e0c701a0af90bf80f1 56bd173f6da73cc160192ea96c489984d7e944d1eb5a34ed8ed16419ead12314 Loading...

	box.zero.camp/analysis/14536/network/	1.0 kB	2023-03-29	2023-03-29
Pretty URL box.zero.camp/analysis/14536/network/ IP 175.208.134.152 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:49:35 Last Seen2023-03-29 23:49:35 Times Seen1 Hash 0f65822603f89bcd9820e277243b893b b3f127db335f4d88052d3103308662ff69e86df4 7a8731521a2a4d953912bf6e69365c4ddedc6a71eb529077726aac920bfc31c0 Loading...

	box.zero.camp/static/js/cuckoo/process_tree.js	16 kB	2023-03-29	2023-03-29
Pretty URL box.zero.camp/static/js/cuckoo/process_tree.js IP 175.208.134.152 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:49:35 Last Seen2023-03-29 23:49:35 Times Seen1 Hash f0004bd2c1fe58c81dc8ca72f0e9de7d 87e9a672f7a966e2a46d7ca47c10e7c61382609f 3abf62ebb8810a05952c64d8fb9f55b7316f871ea8e10e846975e121a0aa5ba0 Loading...

	box.zero.camp/static/js/cuckoo/recent.js	7.5 kB	2023-03-29	2023-03-29
Pretty URL box.zero.camp/static/js/cuckoo/recent.js IP 175.208.134.152 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:49:35 Last Seen2023-03-29 23:49:35 Times Seen1 Hash 81c92a1f79ce4d39000a2fba63d1ed6b 3c86a0590d347ff0c1099672e54f69d040b5bba7 5a58ef63bc385c65f1e904fdb6ad4b1cb2da4f5b704eb944812a6defaac1ad85 Loading...

	box.zero.camp/analysis/14536/network/	11 kB	2023-03-29	2023-03-29
Pretty URL box.zero.camp/analysis/14536/network/ IP 175.208.134.152 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:49:35 Last Seen2023-03-29 23:49:35 Times Seen1 Hash be97ce15f030c8260fdbcd2672db7b94 13b4e554426a0d4b92aaad3cf42f35cbb644f44b 64c3056ae0340e34727335242cc2835592f6e1fce0640c602baa0ff162ed6643 Loading...

	box.zero.camp/analysis/14536/network/	1.9 kB	2023-03-29	2023-03-29
Pretty URL box.zero.camp/analysis/14536/network/ IP 175.208.134.152 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:49:35 Last Seen2023-03-29 23:49:35 Times Seen1 Hash c47cd382361ebe7242085c7090ecc6b9 b8f92ab5457bea9856becfd297f825257a874582 ee8d38c64f187dff3bec31fa35734df1338c647c206e75a0f0bd28e371314fd0 Loading...

	box.zero.camp/static/js/cuckoo/analysis_network.js	21 kB	2023-03-29	2023-03-29
Pretty URL box.zero.camp/static/js/cuckoo/analysis_network.js IP 175.208.134.152 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:49:35 Last Seen2023-03-29 23:49:35 Times Seen1 Hash 5a5cec33622af0140a4d1c4cbd9740bf c990d67d47154275519e5fe8fa8cbab153df1b15 2078b1afaf207dbac97331d0d0dc4e643b562f91324f7b07bbf788260e93febe Loading...

	box.zero.camp/static/js/cuckoo/rdp.js	22 kB	2023-03-29	2023-03-29
Pretty URL box.zero.camp/static/js/cuckoo/rdp.js IP 175.208.134.152 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:49:35 Last Seen2023-03-29 23:49:35 Times Seen1 Hash 3193d1a02e05e42140bda6e20136d9d9 41a2894dc8c9b13a3ccc7dcedbbbdf1cdb2fdbd1 283dd288072cc9dfa3085939f533e371ea974a0455457e2943e62316cbc8c855 Loading...

	box.zero.camp/static/js/cuckoo/app.js	37 kB	2023-03-29	2023-03-29
Pretty URL box.zero.camp/static/js/cuckoo/app.js IP 175.208.134.152 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:49:35 Last Seen2023-03-29 23:49:35 Times Seen1 Hash 0b686a969aeb68b4162cd5345921835c 190f83c9a1d13bbbe34710ad9ff0b2779a0da731 9f924ab8f969f100f3d0f400f5009153810eaf20dc312577dcfee0d61b75528f Loading...

	box.zero.camp/static/js/cuckoo/analysis_feedback.js	9.1 kB	2023-03-29	2023-03-29
Pretty URL box.zero.camp/static/js/cuckoo/analysis_feedback.js IP 175.208.134.152 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:49:35 Last Seen2023-03-29 23:49:35 Times Seen1 Hash bf9126df85803e1076772595bd84fb6a 7ead05f1c1663a1cf03d96742686054a2854b945 896a6acd7c4cfd7211113ca175240d5ea6dfb149aea9fae581e3d928c2b7e903 Loading...

	box.zero.camp/static/custom/js/jquery-1.11.0.min.js	96 kB	2023-03-07	2024-05-10
Pretty URL box.zero.camp/static/custom/js/jquery-1.11.0.min.js IP 175.208.134.152 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:53 Last Seen2024-05-10 19:18:02 Times Seen1209 Hash 52d16e147b5346147d0f3269cd4d0f80 4566b5815f47f976c7c3d3083c600ad5561b6fc0 2e945ebcd9b955e7c543ba4ad41e8f7779a077b482a0207db74bd6ded2021d17 Loading...

	box.zero.camp/static/custom/js/datepicker-ko.js	1.2 kB	2023-03-29	2023-03-29
Pretty URL box.zero.camp/static/custom/js/datepicker-ko.js IP 175.208.134.152 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:49:35 Last Seen2023-03-29 23:49:35 Times Seen1 Hash 1b106e5418337b1e8e4617b5584b942f adc07c20ae596abbc989f7c4592acb35c080a913 90e7519a54d201908092071f6ce0492aff21c39c7cdd994b9796b7a4d8f94494 Loading...

	box.zero.camp/analysis/14536/network/	725 B	2023-03-29	2023-03-29
Pretty URL box.zero.camp/analysis/14536/network/ IP 175.208.134.152 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:49:35 Last Seen2023-03-29 23:49:35 Times Seen1 Hash 6a02631bdd18456b0b9fa91e785079d1 3df8f047a8d17963df828b35568939e9e1ae6824 1d97fb11ec91d44edffbd95997639ca98588cc4fc4605064fa77316c34b17e8c Loading...

	box.zero.camp/static/js/handlebars-templates.js	46 kB	2023-03-11	2023-09-14
Pretty URL box.zero.camp/static/js/handlebars-templates.js IP 175.208.134.152 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 19:02:32 Last Seen2023-09-14 17:16:46 Times Seen4 Hash 6068437130179796771a5a9ff3f51dcd 3889958ea97c3cbe57df9295a6ba18e64c328e19 386565f9f3595d16a020f3ac2a6c92b578cf2641ccff54ee89defbae0f86dfb4 Loading...

	box.zero.camp/static/plugins/toastr/toastr.min.js	5.3 kB	2023-03-07	2024-05-10
Pretty URL box.zero.camp/static/plugins/toastr/toastr.min.js IP 175.208.134.152 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:06:48 Last Seen2024-05-10 16:44:25 Times Seen12059 Hash 8ee1218b09fb02d43fcf0b84e30637ad f871160d56be073d37159b169da23945fa132ab7 1e0c2ad4e069276efa1d43fd1f7549912bfd64219119037e26574f27ca4d7143 Loading...

	box.zero.camp/static/lightslider/lightgallery-all.min.js	43 kB	2023-03-11	2023-06-18
Pretty URL box.zero.camp/static/lightslider/lightgallery-all.min.js IP 175.208.134.152 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:13:06 Last Seen2023-06-18 08:10:52 Times Seen10 Hash 296454dc80c160293d3441b066202088 06c7119bdaeff73880f804f87656d02b2da44e66 de458463e2b248fe0cb74b0fc4ccf947526e55c59ef796756f5a3f075548bb9f Loading...

	box.zero.camp/static/plugins/pace-progress/pace.min.js	13 kB	2023-03-29	2024-01-23
Pretty URL box.zero.camp/static/plugins/pace-progress/pace.min.js IP 175.208.134.152 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:49:35 Last Seen2024-01-23 06:44:16 Times Seen7 Hash dcd797ec8b940995a124bb0503f0c07a 1b567f39842225854e30cb7748ade6925a86df4b 181aec520284dc6bb5e4c9ca58791aa154b64dd4029e1a87d6af9629c71feec5 Loading...

	box.zero.camp/static/js/vendor.js	2.0 MB	2023-03-29	2023-03-29
Pretty URL box.zero.camp/static/js/vendor.js IP 175.208.134.152 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:49:35 Last Seen2023-03-29 23:49:35 Times Seen1 Hash 6c11d6040023e361d98b2928e87fa8fb b2f6cad809cb03484c7a32501d301cf1c378cd99 071f40c43789de435cd23a3b7bd8299ed0ae3f98cc82232e76b5909beaa44abc Loading...

	box.zero.camp/analysis/14536/network/	46 B	2023-03-29	2023-03-29
Pretty URL box.zero.camp/analysis/14536/network/ IP 175.208.134.152 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 23:49:35 Last Seen2023-03-29 23:49:35 Times Seen1 Hash 4b47d1c488197af7b466093bf594ec61 c05d726f70e991c19e94c4ec92953211971c25b5 2fe8318e88e713585fa8f655150879b99bd8eb2912b5a39748d9476187e8defc Loading...

	box.zero.camp/static/js/hexdump.js	6.1 kB	2023-03-11	2023-09-14
Pretty URL box.zero.camp/static/js/hexdump.js IP 175.208.134.152 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 19:02:32 Last Seen2023-09-14 17:16:46 Times Seen4 Hash 21dcbb81e4d80a393f845fbf313e513e e4dae2de862574783eacc33ea34f322ad5540463 c14bbd1192c9d657566d6175f7b0be4c28b89c55cc8d34c6547e8fe0dadb11df Loading...

	box.zero.camp/static/lightslider/lightslider.js	48 kB	2023-03-07	2024-02-25
Pretty URL box.zero.camp/static/lightslider/lightslider.js IP 175.208.134.152 ASN #4766 Korea Telecom Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 22:57:36 Last Seen2024-02-25 04:37:34 Times Seen103 Hash 7427efa1e5a3d5fd342df614d0082b58 c9ec9cfd1549146cc58b326b9233a76450214fea e168ad9744a125f307b3eb3c851d497ba3de0c50e9e55f88d13586acff596b12 Loading...

		Size	First Seen	Last Seen
	#1 Write - bfc747d1d588d29c606d6ce1da8c11b3	33 B	2023-03-29	2023-03-29
Pretty Observations First Seen2023-03-29 23:49:35 Last Seen2023-03-29 23:49:35 Times Seen1 Hash bfc747d1d588d29c606d6ce1da8c11b3 214fcd15d1f0638d24fa679c9587c66982001f9d cf6a06012583465f15ad8d0977e2ef5171565ad6f095d9a2daf8ac287c5700b3 Loading...

HTTP Transactions (72)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
93f633ce30c038eb581544323c5a971e
2f60526cb750c6babccc207f75fb5a8ae6f7598b
0ff6df80a892199848fb943af78541b66efc09a7ab70d4b169906fdbac1eabf8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FF6DF80A892199848FB943AF78541B66EFC09A7AB70D4B169906FDBAC1EABF8"
Last-Modified: Mon, 27 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6333
Expires: Wed, 29 Mar 2023 13:24:23 GMT
Date: Wed, 29 Mar 2023 11:38:50 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c83d39f350161ed2f5d20dcd68e47c92
2695a888e652cb314f8094cc6073c3364336d272
62e5cc6aea61c3c32acd964d4bbe143806416008181eebc4451a8f035b69a0bc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62E5CC6AEA61C3C32ACD964D4BBE143806416008181EEBC4451A8F035B69A0BC"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14575
Expires: Wed, 29 Mar 2023 15:41:45 GMT
Date: Wed, 29 Mar 2023 11:38:50 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c0d9353dc46e88bf564ed464b0b073c7
0b5ce170e7db24267a3ba5b79a48548b1acd2e5b
7c7ef189b14109b44aa96454ea1b94bcbd3d69599cc7ba429f8234f6acd88a9b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7C7EF189B14109B44AA96454EA1B94BCBD3D69599CC7BA429F8234F6ACD88A9B"
Last-Modified: Mon, 27 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4357
Expires: Wed, 29 Mar 2023 12:51:27 GMT
Date: Wed, 29 Mar 2023 11:38:50 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ed282214b024a7895d90e229e92bb1cc
1f447aa59287ce2b45860a1a909d005a41305f77
a35ae9f89cbc77ed5fe849acdc2701592799c335f2674776d69c25bca0a00c2e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 29 Mar 2023 11:15:56 GMT
content-type: application/json
age: 1374
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: p1C2gR/LO0wavNS8icmZ5EXJuOPOCfDt2SnZzo35IpbhGyrDyv7q6CCrkls3lNc5HApKIIJyrN4iRoXjtrNyFA==
x-amz-request-id: H7Y3TMT9VTYK04K6
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 29 Mar 2023 11:02:28 GMT
age: 2182
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:50 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

box.zero.camp/analysis/14536/network/

175.208.134.152

301 Moved Permanently

178 B

URL HTTP/1.1
box.zero.camp/analysis/14536/network/
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /analysis/14536/network/ HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 29 Mar 2023 11:38:50 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://box.zero.camp/analysis/14536/network/

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, ETag, Alert, Last-Modified, Retry-After, Content-Length, Pragma, Backoff, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 29 Mar 2023 11:14:36 GMT
age: 1454
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
76a0aba3ddb470751c690f5a725159f2
8cb789e8e0dfa336270700ef1e607173f2aee6cd
e76de476654125a06994065d66e30c6fb6c354d0f67fd4e31a3f78679e2bfdcb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E76DE476654125A06994065D66E30C6FB6C354D0F67FD4E31A3F78679E2BFDCB"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15219
Expires: Wed, 29 Mar 2023 15:52:30 GMT
Date: Wed, 29 Mar 2023 11:38:51 GMT
Connection: keep-alive

push.services.mozilla.com/

35.167.190.70

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.167.190.70:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Qhdc0hPfNDA058Rej865cg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: IVEheSEB4Fd93FfnquilAsM7kWA=

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
85896e0b50555ed84ae2627c4198e41d
1eb58646491f9224cb8c259681b2f9e360231947
b5a05cf83f2bcbbda7cbe8e88c7a01e91850636f5213857b3b503296cab361a8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 29 Mar 2023 11:38:51 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 28 Mar 2023 07:11:48 GMT
Expires: Tue, 04 Apr 2023 07:11:47 GMT
Etag: "1eb58646491f9224cb8c259681b2f9e360231947"
Cache-Control: max-age=501775,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7af7d436b928b517-OSL

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
bfa3fc96de14a80af0187a7c3ee285d4
e60c9b3124ec2a611286af0b777319cf10230c1b
ccdfe9029ede4a2535fb88ed1d74b419cf65a63b204e7d28f215722c6fdd160b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 11:38:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
bfa3fc96de14a80af0187a7c3ee285d4
e60c9b3124ec2a611286af0b777319cf10230c1b
ccdfe9029ede4a2535fb88ed1d74b419cf65a63b204e7d28f215722c6fdd160b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 11:38:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6687
Expires: Wed, 29 Mar 2023 13:30:19 GMT
Date: Wed, 29 Mar 2023 11:38:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6687
Expires: Wed, 29 Mar 2023 13:30:19 GMT
Date: Wed, 29 Mar 2023 11:38:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6687
Expires: Wed, 29 Mar 2023 13:30:19 GMT
Date: Wed, 29 Mar 2023 11:38:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6687
Expires: Wed, 29 Mar 2023 13:30:19 GMT
Date: Wed, 29 Mar 2023 11:38:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6687
Expires: Wed, 29 Mar 2023 13:30:19 GMT
Date: Wed, 29 Mar 2023 11:38:52 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85885238-8732-476a-b37c-1eac5dbc3e90.jpeg

34.120.237.76

200 OK

6.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85885238-8732-476a-b37c-1eac5dbc3e90.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.0 kB (6049 bytes)
Hash
253f48aa7cbf667d52cb37fda10cdb1f
e29478b866f90402b48d2b516d01d60a863c9cf9
b4a73ab71250b9e4a3f95e28dbf50dd000e1f338c7c3ac9f3351c1f6d6d3bfff

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85885238-8732-476a-b37c-1eac5dbc3e90.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6049
x-amzn-requestid: 2d1a2a66-8b63-44f0-83ec-10628a5fcac6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CgvBFFMGIAMFhCg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235ed3-2a90bf0365925acb3b348489;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:40:35 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: bXiCIy2ZqOyLvougeQikdsmaIJ9BfMPpOO4oU-3nEGY33FQGCm0ZoQ==
via: 1.1 c28e01aa413e9ea602538ccda1511062.cloudfront.net (CloudFront), 1.1 49cdeca097624936e070b73619df7da8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:44:35 GMT
age: 50057
etag: "e29478b866f90402b48d2b516d01d60a863c9cf9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d713593-a582-498a-b202-20cddce4f8c4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7605 bytes)
Hash
fd1bc71c7e9eed7c086d752ea8b4b992
02a74cf88501d65b3dfcceb5adc79fd93ce785ed
a9a423d347533322d4d3ba90ee5fca5ca32f8d540f744ea2621deeda46df89f3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d713593-a582-498a-b202-20cddce4f8c4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7605
x-amzn-requestid: b7628073-4eb3-4ef6-b7d0-0224e0a75601
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CguY8GFPoAMFebQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235dd2-445041c74356c54053f772a1;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:36:18 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: npXnMYBUM1bcf7FQIJEHng73EkILWwM0Jvey0QDUvmln0kAJUG_Rpw==
via: 1.1 ffc1e24c06bfbb135c0a4d240b382048.cloudfront.net (CloudFront), 1.1 0a2ce08fa1ec3c33302a7547d3305978.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:43:57 GMT
age: 50095
etag: "02a74cf88501d65b3dfcceb5adc79fd93ce785ed"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.9 kB (9859 bytes)
Hash
da174e6ccc9451c5071ba10eeb97f6f6
c38827a9ac1218768839877263e1f2984fbdc454
76da406c8ae8cd6ca8471928f3aec3876aed2c21bc10edc0fbdaef5c100c1030

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9859
x-amzn-requestid: 7571f483-0d57-4f3f-9d86-2f18175cc0b1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CRP5DG2BoAMFrdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641d2d06-400180d700df598366b8b16f;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 04:54:30 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 8LzPrLvhUnXntYPNCg_QN2LFUvQ-4FL4SMyYBxPOwlGd1sgL3j-Znw==
via: 1.1 8f251d23da31b683c3c9d6fad6ca944c.cloudfront.net (CloudFront), 1.1 b4085435efbe95a420f374958bd145be.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 23:09:21 GMT
age: 44971
etag: "c38827a9ac1218768839877263e1f2984fbdc454"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3fb4d16c-eef2-49cc-ac24-b125a7d6d9e0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.6 kB (3589 bytes)
Hash
1ec08d4bd079a92161fc80f41281b5a9
bf61369962342cce85de8f48942b4b150fd2721e
8a8ed12c31d89d71c3cb88f0813ded83939529206461e917dcb0b8bc11abdda4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3fb4d16c-eef2-49cc-ac24-b125a7d6d9e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3589
x-amzn-requestid: 9c09af43-79e8-4734-b28b-4194e0bb1e4e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CW1uyE2joAMF50g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641f6991-7607d33f6301182b591c56e8;Sampled=0
x-amzn-remapped-date: Sat, 25 Mar 2023 21:37:21 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: GiRkprg-C9719Vg2jIHR3ks1S9srN0yPXyO_qSCfqfLN7PmS8lmaFw==
via: 1.1 46673955829b59a6da0ab071e0b7fbea.cloudfront.net (CloudFront), 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:37:26 GMT
age: 50486
etag: "bf61369962342cce85de8f48942b4b150fd2721e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8819ddc-015a-4da7-bf88-9a5f6fac4462.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.9 kB (9886 bytes)
Hash
9ab378a6531b886829e1762f72866500
9509f3e388d0f2627468b5ff8afd408eb19297a4
9535702379130bbc5e3439b2c226d3d8c51c6ee07690e64cbccf71e49085615c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff8819ddc-015a-4da7-bf88-9a5f6fac4462.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9886
x-amzn-requestid: efa3e368-7941-467c-a4d7-f303b50a32a6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CK848FbOoAMFnXg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641aa838-5357cad3565e7b230505442f;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 07:03:20 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: UjD8avDwm-zEFik18U34bWU06SOeb-fBjelZcoGyzcie0Z1CAj6JUQ==
via: 1.1 b6cdb2111444305bd4957a473b711ad6.cloudfront.net (CloudFront), 1.1 49cdeca097624936e070b73619df7da8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 18:08:57 GMT
age: 62995
etag: "9509f3e388d0f2627468b5ff8afd408eb19297a4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0794d5a0-7014-425b-9ea0-5dca44ddb4dd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8745 bytes)
Hash
ef54a1ed997cc09495edb102ccdf6803
f5637efb37b5eecff77e60e6bcf5f599991f334f
fa76d7a82dc15baf02b207cea874d1332c20a0ebe1eea99929a6f2746608412c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0794d5a0-7014-425b-9ea0-5dca44ddb4dd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8745
x-amzn-requestid: e1d8dab6-4c15-4752-b528-21854c93a11c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CguJ5Hy5oAMFyAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235d72-4bd62c8472f7257a155b2a80;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:34:42 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: LAAUFZcFBIpdMUkaDQXGW1sdwLK9c_uhQQHLiJHGF7dEvfJ0KX7MaA==
via: 1.1 8f251d23da31b683c3c9d6fad6ca944c.cloudfront.net (CloudFront), 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:37:00 GMT
age: 50512
etag: "f5637efb37b5eecff77e60e6bcf5f599991f334f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

box.zero.camp/static/custom/css/screen_variablilty.css

175.208.134.152

200 OK

0 B

URL HTTP/2
box.zero.camp/static/custom/css/screen_variablilty.css
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /static/custom/css/screen_variablilty.css HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: text/css
content-length: 0
last-modified: Mon, 22 Jun 2020 00:50:15 GMT
etag: "5ef00047-0"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/static/plugins/fontawesome-free/css/all.min.css

175.208.134.152

200 OK

57 kB

URL HTTP/2
box.zero.camp/static/plugins/fontawesome-free/css/all.min.css
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
ASCII text, with very long lines (56656)
Size
57 kB (56842 bytes)
Hash
41d394990448b2c2b1afe840e837dc8e
29250ef1fa6bfbda364a1112a86b2fb7157dd44b
f8de3f57f49b005896d4c3c10979df9cff5048ddfe29ebbe36507ed1ebff60a4

HTTP Headers

GET /static/plugins/fontawesome-free/css/all.min.css HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: text/css
content-length: 56842
last-modified: Thu, 16 Jan 2020 15:05:36 GMT
etag: "5e207bc0-de0a"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/static/js/handlebars-templates.js

175.208.134.152

200 OK

46 kB

URL HTTP/2
box.zero.camp/static/js/handlebars-templates.js
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
HTML document, ASCII text, with very long lines (1931)
Size
46 kB (46043 bytes)
Hash
6068437130179796771a5a9ff3f51dcd
3889958ea97c3cbe57df9295a6ba18e64c328e19
386565f9f3595d16a020f3ac2a6c92b578cf2641ccff54ee89defbae0f86dfb4

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /static/js/handlebars-templates.js HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 46043
last-modified: Wed, 06 Jun 2018 10:03:38 GMT
etag: "5b17b17a-b3db"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/static/js/hexdump.js

175.208.134.152

200 OK

6.1 kB

URL HTTP/2
box.zero.camp/static/js/hexdump.js
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
Unicode text, UTF-8 text
Size
6.1 kB (6054 bytes)
Hash
21dcbb81e4d80a393f845fbf313e513e
e4dae2de862574783eacc33ea34f322ad5540463
c14bbd1192c9d657566d6175f7b0be4c28b89c55cc8d34c6547e8fe0dadb11df

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /static/js/hexdump.js HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 6054
last-modified: Wed, 06 Jun 2018 10:03:38 GMT
etag: "5b17b17a-17a6"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/static/js/cuckoo/loader.js

175.208.134.152

200 OK

2.5 kB

URL HTTP/2
box.zero.camp/static/js/cuckoo/loader.js
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
ASCII text, with very long lines (564)
Size
2.5 kB (2463 bytes)
Hash
e68edf68867c60ff30fb2bbc8f37bc60
596bacac27436b34fe70cba21a56704f8070747f
2f3dcda69c829ed1eed605ca5f9ce6656dbcf737d7247e5cb4cc8b52e95712ad

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /static/js/cuckoo/loader.js HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 2463
last-modified: Wed, 19 Jun 2019 17:29:35 GMT
etag: "5d0a70ff-99f"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/static/js/cuckoo/sticky.js

175.208.134.152

200 OK

3.2 kB

URL HTTP/2
box.zero.camp/static/js/cuckoo/sticky.js
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
ASCII text, with very long lines (564)
Size
3.2 kB (3240 bytes)
Hash
187271cb087bc2ab0bf9806e26bb261e
cc879e72603e099791df40e0c701a0af90bf80f1
56bd173f6da73cc160192ea96c489984d7e944d1eb5a34ed8ed16419ead12314

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /static/js/cuckoo/sticky.js HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 3240
last-modified: Wed, 19 Jun 2019 17:29:35 GMT
etag: "5d0a70ff-ca8"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/static/js/cuckoo/analysis_sidebar.js

175.208.134.152

200 OK

3.4 kB

URL HTTP/2
box.zero.camp/static/js/cuckoo/analysis_sidebar.js
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
ASCII text, with very long lines (564)
Size
3.4 kB (3357 bytes)
Hash
70bc139be269df8214f7f7119a0cab72
34d2adef378bc161d726813f90842fc8a561bbb2
0e7953a6534f61bd92ac25f94596b5653da2e3163a50636da6cabc7e3cea6b47

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /static/js/cuckoo/analysis_sidebar.js HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 3357
last-modified: Wed, 19 Jun 2019 17:29:35 GMT
etag: "5d0a70ff-d1d"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/static/js/cuckoo/analysis_feedback.js

175.208.134.152

200 OK

9.1 kB

URL HTTP/2
box.zero.camp/static/js/cuckoo/analysis_feedback.js
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
ASCII text, with very long lines (564)
Size
9.1 kB (9085 bytes)
Hash
bf9126df85803e1076772595bd84fb6a
7ead05f1c1663a1cf03d96742686054a2854b945
896a6acd7c4cfd7211113ca175240d5ea6dfb149aea9fae581e3d928c2b7e903

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /static/js/cuckoo/analysis_feedback.js HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 9085
last-modified: Wed, 19 Jun 2019 17:29:35 GMT
etag: "5d0a70ff-237d"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/static/js/cuckoo/process_tree.js

175.208.134.152

200 OK

16 kB

URL HTTP/2
box.zero.camp/static/js/cuckoo/process_tree.js
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
ASCII text, with very long lines (564)
Size
16 kB (16278 bytes)
Hash
f0004bd2c1fe58c81dc8ca72f0e9de7d
87e9a672f7a966e2a46d7ca47c10e7c61382609f
3abf62ebb8810a05952c64d8fb9f55b7316f871ea8e10e846975e121a0aa5ba0

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /static/js/cuckoo/process_tree.js HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 16278
last-modified: Wed, 19 Jun 2019 17:29:35 GMT
etag: "5d0a70ff-3f96"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/static/js/cuckoo/recent.js

175.208.134.152

200 OK

7.5 kB

URL HTTP/2
box.zero.camp/static/js/cuckoo/recent.js
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
ASCII text, with very long lines (564)
Size
7.5 kB (7491 bytes)
Hash
81c92a1f79ce4d39000a2fba63d1ed6b
3c86a0590d347ff0c1099672e54f69d040b5bba7
5a58ef63bc385c65f1e904fdb6ad4b1cb2da4f5b704eb944812a6defaac1ad85

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /static/js/cuckoo/recent.js HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 7491
last-modified: Fri, 29 May 2020 01:06:45 GMT
etag: "5ed06025-1d43"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/static/js/cuckoo/analysis_network.js

175.208.134.152

200 OK

21 kB

URL HTTP/2
box.zero.camp/static/js/cuckoo/analysis_network.js
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
ASCII text, with very long lines (564)
Size
21 kB (20622 bytes)
Hash
5a5cec33622af0140a4d1c4cbd9740bf
c990d67d47154275519e5fe8fa8cbab153df1b15
2078b1afaf207dbac97331d0d0dc4e643b562f91324f7b07bbf788260e93febe

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /static/js/cuckoo/analysis_network.js HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 20622
last-modified: Wed, 19 Jun 2019 17:29:35 GMT
etag: "5d0a70ff-508e"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/static/js/cuckoo/rdp.js

175.208.134.152

200 OK

22 kB

URL HTTP/2
box.zero.camp/static/js/cuckoo/rdp.js
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
ASCII text, with very long lines (21728)
Size
22 kB (21729 bytes)
Hash
3193d1a02e05e42140bda6e20136d9d9
41a2894dc8c9b13a3ccc7dcedbbbdf1cdb2fdbd1
283dd288072cc9dfa3085939f533e371ea974a0455457e2943e62316cbc8c855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /static/js/cuckoo/rdp.js HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 21729
last-modified: Wed, 19 Jun 2019 17:29:35 GMT
etag: "5d0a70ff-54e1"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/static/js/cuckoo/app.js

175.208.134.152

200 OK

37 kB

URL HTTP/2
box.zero.camp/static/js/cuckoo/app.js
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
ASCII text, with very long lines (564)
Size
37 kB (36905 bytes)
Hash
0b686a969aeb68b4162cd5345921835c
190f83c9a1d13bbbe34710ad9ff0b2779a0da731
9f924ab8f969f100f3d0f400f5009153810eaf20dc312577dcfee0d61b75528f

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /static/js/cuckoo/app.js HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 36905
last-modified: Wed, 19 Jun 2019 17:29:35 GMT
etag: "5d0a70ff-9029"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/static/plugins/pace-progress/themes/black/pace-theme-flat-top.css

175.208.134.152

200 OK

899 B

URL HTTP/2
box.zero.camp/static/plugins/pace-progress/themes/black/pace-theme-flat-top.css
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
ASCII text
Size
899 B (899 bytes)
Hash
5ff423b3b1908bbfb0018d822fd736bf
b53d863a1ef34abced216cc18c578941a1f77b0f
7f51045e413d8900f1b4a1f259daccb6dde3d7ea9dae1d771d80712cf90d2122

HTTP Headers

GET /static/plugins/pace-progress/themes/black/pace-theme-flat-top.css HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: text/css
content-length: 899
last-modified: Thu, 16 Jan 2020 15:05:36 GMT
etag: "5e207bc0-383"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/static/plugins/toastr/toastr.min.css

175.208.134.152

200 OK

6.5 kB

URL HTTP/2
box.zero.camp/static/plugins/toastr/toastr.min.css
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
ASCII text, with very long lines (6454), with no line terminators
Size
6.5 kB (6454 bytes)
Hash
f284028c678041d687c6f1be6968f68a
a668ec5d16eec86372216a8c1b161cdec3eebecf
47dd690f8f315bea076e92581a7e7147443bb4c847e313ab5a7d50a8c44836d0

HTTP Headers

GET /static/plugins/toastr/toastr.min.css HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: text/css
content-length: 6454
last-modified: Thu, 16 Jan 2020 15:05:36 GMT
etag: "5e207bc0-1936"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/static/js/cuckoo/submission.js

175.208.134.152

200 OK

88 kB

URL HTTP/2
box.zero.camp/static/js/cuckoo/submission.js
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
ASCII text, with very long lines (1501)
Size
88 kB (87505 bytes)
Hash
da0e5accd48bc7a70d3220a1152415c1
03c5089ca434905d97b0d825b00e41a2fffb0762
2a05481e90b0c249ddaf88ef69125604bf6abd1746adbc9f2b14441ed80aeafa

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /static/js/cuckoo/submission.js HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 87505
last-modified: Mon, 26 Sep 2022 08:30:32 GMT
etag: "63316328-155d1"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/static/lightslider/lightslider.js

175.208.134.152

200 OK

48 kB

URL HTTP/2
box.zero.camp/static/lightslider/lightslider.js
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
ASCII text
Size
48 kB (48079 bytes)
Hash
7427efa1e5a3d5fd342df614d0082b58
c9ec9cfd1549146cc58b326b9233a76450214fea
e168ad9744a125f307b3eb3c851d497ba3de0c50e9e55f88d13586acff596b12

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /static/lightslider/lightslider.js HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 48079
last-modified: Fri, 24 Jul 2020 06:56:56 GMT
etag: "5f1a8638-bbcf"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/static/lightslider/lightgallery-all.min.js

175.208.134.152

200 OK

43 kB

URL HTTP/2
box.zero.camp/static/lightslider/lightgallery-all.min.js
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
ASCII text, with very long lines (32039)
Size
43 kB (43169 bytes)
Hash
296454dc80c160293d3441b066202088
06c7119bdaeff73880f804f87656d02b2da44e66
de458463e2b248fe0cb74b0fc4ccf947526e55c59ef796756f5a3f075548bb9f

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /static/lightslider/lightgallery-all.min.js HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 43169
last-modified: Fri, 24 Jul 2020 07:25:23 GMT
etag: "5f1a8ce3-a8a1"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/static/custom/js/datepicker-ko.js

175.208.134.152

200 OK

1.2 kB

URL HTTP/2
box.zero.camp/static/custom/js/datepicker-ko.js
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
Unicode text, UTF-8 text
Size
1.2 kB (1158 bytes)
Hash
1b106e5418337b1e8e4617b5584b942f
adc07c20ae596abbc989f7c4592acb35c080a913
90e7519a54d201908092071f6ce0492aff21c39c7cdd994b9796b7a4d8f94494

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /static/custom/js/datepicker-ko.js HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 1158
last-modified: Tue, 26 May 2020 01:11:04 GMT
etag: "5ecc6ca8-486"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/static/dist/js/adminlte.js

175.208.134.152

200 OK

57 kB

URL HTTP/2
box.zero.camp/static/dist/js/adminlte.js
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
ASCII text
Size
57 kB (56638 bytes)
Hash
5c8e05ee7b838af7d66bef23b754d515
58a734ce452a4a6ea3c3d802a407a02dc08f20d6
73a779774983c364d6fb8af9a0f86131691f737fba802f12b5820b0e916ef424

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /static/dist/js/adminlte.js HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 56638
last-modified: Wed, 01 Jul 2020 08:08:44 GMT
etag: "5efc448c-dd3e"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/static/plugins/toastr/toastr.min.js

175.208.134.152

200 OK

5.3 kB

URL HTTP/2
box.zero.camp/static/plugins/toastr/toastr.min.js
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
ASCII text, with very long lines (5215)
Size
5.3 kB (5251 bytes)
Hash
8ee1218b09fb02d43fcf0b84e30637ad
f871160d56be073d37159b169da23945fa132ab7
1e0c2ad4e069276efa1d43fd1f7549912bfd64219119037e26574f27ca4d7143

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /static/plugins/toastr/toastr.min.js HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 5251
last-modified: Thu, 16 Jan 2020 15:05:36 GMT
etag: "5e207bc0-1483"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/static/plugins/pace-progress/pace.min.js

175.208.134.152

200 OK

13 kB

URL HTTP/2
box.zero.camp/static/plugins/pace-progress/pace.min.js
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
ASCII text, with very long lines (12566)
Size
13 kB (12603 bytes)
Hash
dcd797ec8b940995a124bb0503f0c07a
1b567f39842225854e30cb7748ade6925a86df4b
181aec520284dc6bb5e4c9ca58791aa154b64dd4029e1a87d6af9629c71feec5

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /static/plugins/pace-progress/pace.min.js HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 12603
last-modified: Thu, 16 Jan 2020 15:05:36 GMT
etag: "5e207bc0-313b"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/img/profile/logo.png

175.208.134.152

200 OK

4.9 kB

URL HTTP/2
box.zero.camp/img/profile/logo.png
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced\012- data
Size
4.9 kB (4905 bytes)
Hash
22fc2c297e60959d35de25475ba94289
81a3ab6f1d8923b620d8f4bbac5dfa1bc92a848b
67e1f9815d59bec01693e5833c450e9e8cabd35771281dad16b591f99f28f479

HTTP Headers

GET /img/profile/logo.png HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: image/png
content-length: 4905
last-modified: Fri, 12 Apr 2019 07:11:06 GMT
etag: "5cb03a0a-1329"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/static/plugins/bootstrap/js/bootstrap.bundle.min.js

175.208.134.152

200 OK

79 kB

URL HTTP/2
box.zero.camp/static/plugins/bootstrap/js/bootstrap.bundle.min.js
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
ASCII text, with very long lines (65297)
Size
79 kB (78635 bytes)
Hash
a454220fc07088bf1fdd19313b6bfd50
265a733cb7fbc481fd2510a659a85ad55c93c895
7f3145c87d3570154f633975e8a4f8d30aa38603edaba145501e9c90ddbe186c

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /static/plugins/bootstrap/js/bootstrap.bundle.min.js HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 78635
last-modified: Thu, 16 Jan 2020 15:05:36 GMT
etag: "5e207bc0-1332b"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/static/dist/css/adminlte.min.css

175.208.134.152

200 OK

674 kB

URL HTTP/2
box.zero.camp/static/dist/css/adminlte.min.css
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
ASCII text, with very long lines (65137)
Size
674 kB (674546 bytes)
Hash
81dd70595b706c87e1c62540b00f389a
9b5154ea84d316fb341a19d065cd586a2ded0ec5
98c5922395c64fe56b7689aa5dd5508172bd11da2ee159326d302f1e2f75f5ed

HTTP Headers

GET /static/dist/css/adminlte.min.css HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: text/css
content-length: 674546
last-modified: Wed, 01 Jul 2020 08:08:44 GMT
etag: "5efc448c-a4af2"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/static/custom/js/jquery-ui.min.js

175.208.134.152

200 OK

240 kB

URL HTTP/2
box.zero.camp/static/custom/js/jquery-ui.min.js
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
ASCII text, with very long lines (32035)
Size
240 kB (240427 bytes)
Hash
d935d506ae9c8dd9e0f96706fbb91f65
7f650ee30c6a4d3eea04032039b20ff72997559b
c4d8dbe77feb63e5a61bee0bead4e5f66e8fa6a927599bd1b74aced52467273c

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /static/custom/js/jquery-ui.min.js HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 240427
last-modified: Tue, 26 May 2020 01:10:01 GMT
etag: "5ecc6c69-3ab2b"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/static/js/vendor.js

175.208.134.152

200 OK

2.0 MB

URL HTTP/2
box.zero.camp/static/js/vendor.js
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
ASCII text
Size
2.0 MB (2011970 bytes)
Hash
6c11d6040023e361d98b2928e87fa8fb
b2f6cad809cb03484c7a32501d301cf1c378cd99
071f40c43789de435cd23a3b7bd8299ed0ae3f98cc82232e76b5909beaa44abc

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /static/js/vendor.js HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 2011970
last-modified: Thu, 18 Jun 2020 04:49:14 GMT
etag: "5eeaf24a-1eb342"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/static/css/main.css

175.208.134.152

200 OK

674 kB

URL HTTP/2
box.zero.camp/static/css/main.css
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
Unicode text, UTF-8 text, with very long lines (399)
Size
674 kB (674177 bytes)
Hash
0b7bf449f6f71e30d3565b59e5b9a42e
7f6aa1e0ecb1de0f05bb3500960f38f8c8dca2f4
1dd65c9aacfc2e5f1e9e9fe928095805551995f8f77c096511a9affde0ebc0b4

HTTP Headers

GET /static/css/main.css HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: text/css
content-length: 674177
last-modified: Thu, 06 Oct 2022 01:47:08 GMT
etag: "633e339c-a4981"
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e74baca1ac97b7e56ede5d3c6275b0b6
42d00f7402dff5c40a733d0b13d0bf97f779d072
d270ad25df7752707d30a41ddd2aef306c10d0396baccaa25ffd98fb148acaf8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 11:38:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e74baca1ac97b7e56ede5d3c6275b0b6
42d00f7402dff5c40a733d0b13d0bf97f779d072
d270ad25df7752707d30a41ddd2aef306c10d0396baccaa25ffd98fb148acaf8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 11:38:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2

216.58.207.227

200 OK

13 kB

URL HTTP/2
fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 12956, version 1.0\012- data
Size
13 kB (12956 bytes)
Hash
1c772d9d0531b187db80bcfc199c1786
c0c04fb334190e10dffed0dcc5c817c2a6041a15
122854df4f39cf922db317714c2ff0eccab27a1028c14a5aa2211f48b7e0eade

HTTP Headers

GET /s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://box.zero.camp
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12956
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 10:26:53 GMT
expires: Sat, 23 Mar 2024 10:26:53 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 16:54:52 GMT
content-type: font/woff2
age: 436322
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2

216.58.207.227

200 OK

13 kB

URL HTTP/2
fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 12924, version 1.0\012- data
Size
13 kB (12924 bytes)
Hash
4610010f425c140b99c88b6819ce1c02
a7e839aa0452ceeb6228de7c15062fe82cc6d1c3
7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4

HTTP Headers

GET /s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://box.zero.camp
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12924
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 10:26:42 GMT
expires: Sat, 23 Mar 2024 10:26:42 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 16:02:31 GMT
content-type: font/woff2
age: 436333
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

216.58.207.227

200 OK

13 kB

URL HTTP/2
fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 13036, version 1.0\012- data
Size
13 kB (13036 bytes)
Hash
0ad032b3d07aaf33b160ac4799dda40f
06b931e0d0bf37f5037d9e66d6feedfddd21c0ba
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

HTTP Headers

GET /s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://box.zero.camp
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13036
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 10:26:47 GMT
expires: Sat, 23 Mar 2024 10:26:47 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
content-type: font/woff2
age: 436328
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0

188.114.99.234

200 OK

67 kB

URL HTTP/2
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0
IP
188.114.99.234:0
ASN
#0

File type
Web Open Font Format (Version 2), TrueType, length 66624, version 4.262\012- data
Size
67 kB (66624 bytes)
Hash
db812d8a70a4e88e888744c1c9a27e89
638c652d623280a58144f93e7b552c66d1667a11
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

HTTP Headers

GET /font-awesome/4.5.0/fonts/fontawesome-webfont.woff2?v=4.5.0 HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://box.zero.camp
Connection: keep-alive
Referer: https://maxcdn.bootstrapcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 29 Mar 2023 11:38:55 GMT
content-type: font/woff2
content-length: 66624
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "db812d8a70a4e88e888744c1c9a27e89"
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 08/15/2022 13:52:58
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: cfbaffcb8ed6d5078c3285a862351512
cdn-cache: HIT
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7af7d44fce860b45-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e74baca1ac97b7e56ede5d3c6275b0b6
42d00f7402dff5c40a733d0b13d0bf97f779d072
d270ad25df7752707d30a41ddd2aef306c10d0396baccaa25ffd98fb148acaf8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 11:38:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

box.zero.camp/static/plugins/fontawesome-free/webfonts/fa-solid-900.woff2

175.208.134.152

200 OK

76 kB

URL HTTP/2
box.zero.camp/static/plugins/fontawesome-free/webfonts/fa-solid-900.woff2
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
Web Open Font Format (Version 2), TrueType, length 75728, version 330.32636\012- data
Size
76 kB (75728 bytes)
Hash
44d537ab79f921fde5a28b2c1636f397
b2879f9e1d0985a96842bf7f55a2b2cc4c636d04
3d1080625d3030e88357b3ac9aa377dcec23f1b529c4ad03f7a9a435ccae04be

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /static/plugins/fontawesome-free/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://box.zero.camp/static/plugins/fontawesome-free/css/all.min.css
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:55 GMT
content-type: application/octet-stream
content-length: 75728
last-modified: Thu, 16 Jan 2020 15:05:36 GMT
etag: "5e207bc0-127d0"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/static/plugins/fontawesome-free/webfonts/fa-regular-400.woff2

175.208.134.152

200 OK

14 kB

URL HTTP/2
box.zero.camp/static/plugins/fontawesome-free/webfonts/fa-regular-400.woff2
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
Web Open Font Format (Version 2), TrueType, length 13584, version 330.32636\012- data
Size
14 kB (13584 bytes)
Hash
f5f2566b93e89391da4db79462b8078b
be142af0f56062f6e864de121b98054c7b5954fd
0fc0a22e5e67c95d02c389a1454acc67df53e2f6a46af739f3eac7e352644751

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /static/plugins/fontawesome-free/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://box.zero.camp/static/plugins/fontawesome-free/css/all.min.css
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:55 GMT
content-type: application/octet-stream
content-length: 13584
last-modified: Thu, 16 Jan 2020 15:05:36 GMT
etag: "5e207bc0-3510"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/static/fonts/Roboto_normal_400_default.woff

175.208.134.152

200 OK

13 kB

URL HTTP/2
box.zero.camp/static/fonts/Roboto_normal_400_default.woff
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
Web Open Font Format, TrueType, length 13308, version 1.1\012- data
Size
13 kB (13308 bytes)
Hash
f94d5e5102359961c44a1da1b58d37c9
4932a1b55bd4f3a3dcc95db33ec07ba729e86c61
ae9fef3590e372918422a612dcf99565d0c7ca71420f56dd434a9e759808d6b8

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /static/fonts/Roboto_normal_400_default.woff HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://box.zero.camp/static/css/main.css
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:55 GMT
content-type: application/font-woff
content-length: 13308
last-modified: Wed, 06 Jun 2018 10:03:38 GMT
etag: "5b17b17a-33fc"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/static/fonts/Roboto_normal_500_default.woff

175.208.134.152

200 OK

13 kB

URL HTTP/2
box.zero.camp/static/fonts/Roboto_normal_500_default.woff
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
Web Open Font Format, TrueType, length 13248, version 1.1\012- data
Size
13 kB (13248 bytes)
Hash
0f3b7101a8adc1afe1fbe89775553c32
3087b20015925170e65cf2b6c1fdbf0cd4ec3b3b
a089bc05bebca42a4a9985446f614c1801771712e2595b1fbc2b2594f569dc8e

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /static/fonts/Roboto_normal_500_default.woff HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://box.zero.camp/static/css/main.css
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:55 GMT
content-type: application/font-woff
content-length: 13248
last-modified: Wed, 06 Jun 2018 10:03:38 GMT
etag: "5b17b17a-33c0"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/static/fonts/Roboto_normal_700_default.woff

175.208.134.152

200 OK

13 kB

URL HTTP/2
box.zero.camp/static/fonts/Roboto_normal_700_default.woff
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
Web Open Font Format, TrueType, length 13348, version 1.1\012- data
Size
13 kB (13348 bytes)
Hash
43183beef21370d8a4b0d64152287eba
622799489e97e418c8967cbf1e011dce834e14fa
55293f28da0996bafa1ac38771d518d64879e76c68f9913e95f072b1a3dcfd19

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /static/fonts/Roboto_normal_700_default.woff HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://box.zero.camp/static/css/main.css
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:55 GMT
content-type: application/font-woff
content-length: 13348
last-modified: Wed, 06 Jun 2018 10:03:38 GMT
etag: "5b17b17a-3424"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/favicon.ico

175.208.134.152

200 OK

17 kB

URL HTTP/2
box.zero.camp/favicon.ico
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type
MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel\012- data
Size
17 kB (16958 bytes)
Hash
904b0b11d38f0b07221885c1b125c26d
854656ca9e554e2a99c4bac94a3691cb1c073290
23b815075310a9ef37396732dfaa673e432209a2b60ce046cede99770451ebe3

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X; PHPSESSID=5cjbgfa0ej5m8lc6rc676brm3i
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:56 GMT
content-type: image/x-icon
content-length: 16958
last-modified: Fri, 12 Apr 2019 07:22:34 GMT
etag: "5cb03cba-423e"
accept-ranges: bytes
X-Firefox-Spdy: h2

code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css

188.114.98.234

200 OK

0 B

URL HTTP/2
code.ionicframework.com/ionicons/2.0.1/css/ionicons.min.css
IP
188.114.98.234:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /ionicons/2.0.1/css/ionicons.min.css HTTP/1.1
Host: code.ionicframework.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: text/css; charset=utf-8
x-origin-cache: HIT
last-modified: Fri, 28 Oct 2022 02:55:05 GMT
access-control-allow-origin: *
etag: W/"635b4489-c854"
expires: Tue, 28 Mar 2023 00:58:54 GMT
cache-control: max-age=31536000
x-proxy-cache: MISS
x-github-request-id: 5C46:AAE0:21238BC:2246215:64223976
via: 1.1 varnish
age: 38122
x-served-by: cache-bma1627-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1680051811.822168,VS0,VE1
vary: Accept-Encoding
x-fastly-request-id: ad355f11b2eccba29a86b30d051fc7a77cf0d4dc
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LTWt8adeTCr90fmhq1uMeS9BAMhVSWPnACPL1bItwpRoueLe0O4YKGNwQKycUkWSfK7AKviNbmC9i5rCI1yo3xdckMCzoNRSnlvd%2F95yJLHic4ZMREsXWc27fOiHyIOS%2FzABGKu3lJPX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7af7d43dce0ab511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

box.zero.camp/static/custom/js/jquery-1.11.0.min.js

175.208.134.152

200 OK

0 B

URL HTTP/2
box.zero.camp/static/custom/js/jquery-1.11.0.min.js
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /static/custom/js/jquery-1.11.0.min.js HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: application/javascript; charset=utf-8
content-length: 96380
last-modified: Tue, 26 May 2020 01:08:26 GMT
etag: "5ecc6c0a-1787c"
accept-ranges: bytes
X-Firefox-Spdy: h2

box.zero.camp/analysis/14536/pcapstream/192.168.56.101,61479,164.124.101.2,53,udp/

175.208.134.152

200 OK

0 B

URL HTTP/2
box.zero.camp/analysis/14536/pcapstream/192.168.56.101,61479,164.124.101.2,53,udp/
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /analysis/14536/pcapstream/192.168.56.101,61479,164.124.101.2,53,udp/ HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:55 GMT
content-type: application/json
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
expires: 0
pragma: no-cache
cache-control: no-cache
x-frame-options: DENY
x-cuckoo-version: 2.0.7
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Source+Sans+Pro:300,400,400i,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 29 Mar 2023 11:38:52 GMT
date: Wed, 29 Mar 2023 11:38:52 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

box.zero.camp/analysis/14536/network/

175.208.134.152

200 OK

0 B

URL HTTP/2
box.zero.camp/analysis/14536/network/
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /analysis/14536/network/ HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:51 GMT
content-type: text/html; charset=utf-8
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
expires: 0
vary: Cookie
pragma: no-cache
cache-control: no-cache
x-frame-options: DENY
x-cuckoo-version: 2.0.7
set-cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X; expires=Wed, 27-Mar-2024 11:38:51 GMT; Max-Age=31449600; Path=/
content-encoding: gzip
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css

188.114.99.234

200 OK

0 B

URL HTTP/2
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
IP
188.114.99.234:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /font-awesome/4.5.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://box.zero.camp/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 29 Mar 2023 11:38:52 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
cdn-edgestorageid: 565, 617, 617
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 2021-06-08 19:04:20
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: e9a84d03a1f7c6aa17012c712a6e5dd5
cdn-status: 200
cdn-cache: HIT
cf-cache-status: HIT
age: 25534180
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7af7d43dab67b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

box.zero.camp/board/etc/notification.html

175.208.134.152

200 OK

0 B

URL HTTP/2
box.zero.camp/board/etc/notification.html
IP
175.208.134.152:0
ASN
#4766 Korea Telecom

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST /board/etc/notification.html HTTP/1.1
Host: box.zero.camp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 14
Origin: https://box.zero.camp
Connection: keep-alive
Referer: https://box.zero.camp/analysis/14536/network/
Cookie: csrftoken=JXQ20K8uQ9YG8xGssJ17kIUSHNNfes5X
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 11:38:55 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=5cjbgfa0ej5m8lc6rc676brm3i; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (28)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML