Report - mar66.com/

Report Overview

Submitted URL
mar66.com/
IP
40.83.119.44
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2022-09-24 02:18:54
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
38

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	52.41.252.32
api.livechatinc.com	5353	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	6.8 kB	23.36.79.16
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	2.8 kB	142.250.74.3
coinexchange.oss-cn-hangzhou.aliyuncs.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	393 B	116 kB	47.110.177.101
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	328 B	964 B	172.64.155.188
cdn.livechatinc.com	6288	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	166 kB	23.36.79.16
accounts.livechatinc.com	7698	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	480 B	1.6 kB	23.36.79.16
mar66.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	12 kB	3.2 MB	40.83.119.44
secure.livechatinc.com	6541	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	564 B	2.1 kB	23.36.79.16
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	484 B	14 kB	142.250.74.163
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	978 B	2.7 kB	23.36.76.226
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	108.156.28.39
ocsp2.globalsign.com	1544	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	355 B	1.9 kB	104.18.20.226
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	423 B	14 kB	216.58.211.10
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	18.164.68.15
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	62 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-24	medium	mar66.com/	Phishing
2022-09-24	medium	mar66.com/	Phishing
2022-09-24	medium	mar66.com/assets/js/manifest.e8a841db9b5340dbc070.js	Phishing
2022-09-24	medium	mar66.com/assets/js/app.a62a532580986d919118.js	Phishing
2022-09-24	medium	mar66.com/assets/js/1.26a3d465e410c1a89ebe.js	Phishing
2022-09-24	medium	mar66.com/api/uc/system/website-information/find-one	Phishing
2022-09-24	medium	mar66.com/api/uc/coinaccuracy/get-accuracy	Phishing
2022-09-24	medium	mar66.com/assets/js/0.6b3b070ffe294320dcf9.js	Phishing
2022-09-24	medium	mar66.com/api/uc/check/login	Phishing
2022-09-24	medium	mar66.com/assets/js/vendor.32318751a524992ab95b.js	Phishing
2022-09-24	medium	mar66.com/api/uc/initData	Phishing
2022-09-24	medium	mar66.com/api/exchange/exchange-rate/usd/usdt	Phishing
2022-09-24	medium	mar66.com/api/uc/ancillary/system/advertise	Phishing
2022-09-24	medium	mar66.com/api/uc/announcement/page	Phishing
2022-09-24	medium	mar66.com/assets/fonts/ionicons.143146f.woff2	Phishing
2022-09-24	medium	mar66.com/api/exchange/symbol-thumb-trend	Phishing
2022-09-24	medium	mar66.com/api/exchange/btc/trend	Phishing
2022-09-24	medium	mar66.com/oss/f27a5810-b5e1-439c-a1ec-c14a6726876e.x-icon	Phishing
2022-09-24	medium	mar66.com//api/exchange/market-ws/053/be4eyt2u/websocket	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (15)

	URL	Size	First Seen	Last Seen
	mar66.com/assets/js/1.26a3d465e410c1a89ebe.js	200 kB	2023-03-07	2023-03-17
Pretty URL mar66.com/assets/js/1.26a3d465e410c1a89ebe.js IP 40.83.119.44 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:21:07 Last Seen2023-03-17 10:36:43 Times Seen1 Hash cf7a42dda93bba7919ea289e205411ca 51ff80dbe48f1da0a4d8615e5a010ece88ad3479 70aa854ece7227dfefd05c8dae00b05d1c3880f2e30c978c1b24ee3d177f40b6 Loading...

	unknown	0 B	2023-03-07	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-25 16:29:17 Times Seen37066641 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	api.livechatinc.com/v3.3/customer/action/get_configuration?license_id=13278714&version=367.3.3.194.63.74.2.4.4.1.3.4&group_id=0&jsonp=__lc_static_config	4.6 kB	2023-03-07	2023-03-17
Pretty URL api.livechatinc.com/v3.3/customer/action/get_configuration?license_id=13278714&version=367.3.3.194.63.74.2.4.4.1.3.4&group_id=0&jsonp=__lc_static_config IP 23.36.79.16 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:21:07 Last Seen2023-03-17 10:36:43 Times Seen1 Hash 66d81493be7f381d00b39f5f5ec0c0aa 590c93d0400669ad89141b9aa142888626a3dc04 f9b84fbd186adc7a38263b010628392f8469cd19c3716fa1dacb7c9db7066185 Loading...

	api.livechatinc.com/v3.3/customer/action/get_localization?license_id=13278714&version=ff93808ef52c6dd040640c4853b854bd_41552a0d10fd9ba9aebeeaaca4ff69d3&language=en&group_id=0&jsonp=__lc_localization	11 kB	2023-03-07	2023-03-17
Pretty URL api.livechatinc.com/v3.3/customer/action/get_localization?license_id=13278714&version=ff93808ef52c6dd040640c4853b854bd_41552a0d10fd9ba9aebeeaaca4ff69d3&language=en&group_id=0&jsonp=__lc_localization IP 23.36.79.16 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:21:07 Last Seen2023-03-17 10:36:42 Times Seen1 Hash d9bc6161bfaf68e2e7fa840ce54ca109 661b1c2226c01b113f4c58db8379d3886cecd2cb 3b095e2170ef849609a0c8cd281c3698d0fcb3756fef4ca8fdc3ba6585021124 Loading...

	mar66.com/	267 B	2023-03-07	2023-03-17
Pretty URL mar66.com/ IP 40.83.119.44 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:21:07 Last Seen2023-03-17 10:36:42 Times Seen1 Hash 7496f7927b2f541f529ce00f28419cd2 64e0730755fd6de16ecb345881bdaa4cb913cb1a 115b6c20782ecd49e5de2a79e5e23d0858335b045e420d5b9c5d3e3d851c5e6d Loading...

	mar66.com/	133 B	2023-03-07	2023-03-17
Pretty URL mar66.com/ IP 40.83.119.44 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:21:07 Last Seen2023-03-17 10:36:43 Times Seen1 Hash 348814c71ea86473428a9070c7ba7bd8 938488755eb9aee3818c99e6158d82a1be8666b3 7ff15edff70b051c1c5cee6cf210fbc49ad72832206d0d07b4ebf6b80d61bf31 Loading...

	api.livechatinc.com/v3.3/customer/action/get_dynamic_configuration?license_id=13278714&url=https%3A%2F%2Fmar66.com%2F%23%2F&channel_type=code&jsonp=__41de51s52ze	263 B	2023-03-08	2023-03-08
Pretty URL api.livechatinc.com/v3.3/customer/action/get_dynamic_configuration?license_id=13278714&url=https%3A%2F%2Fmar66.com%2F%23%2F&channel_type=code&jsonp=__41de51s52ze IP 23.36.79.16 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 00:11:20 Last Seen2023-03-08 00:11:20 Times Seen1 Hash 815539adf060ef180ea39259b19ecca8 b0a70dae5bb40b8bdeef2fa3fcedf66250a0ba55 30ef9c52575dbe03c1b96b1039c846a430d61b12ae746650bd107440938a516f Loading...

	cdn.livechatinc.com/widget/static/js/iframe.ded6051a.chunk.js	456 kB	2023-03-07	2023-03-08
Pretty URL cdn.livechatinc.com/widget/static/js/iframe.ded6051a.chunk.js IP 23.36.79.16 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:13:30 Last Seen2023-03-08 02:57:21 Times Seen1 Hash 2e8c291599908b1794e098530f0794c8 81ad98636ea05739ba5d0dc2bbfd8bf49211613e 1be4b3702ceb3da4d84e70dd015000dcb64aca1c737f607368ecbe41dc5265cc Loading...

	mar66.com/assets/js/manifest.e8a841db9b5340dbc070.js	2.6 kB	2023-03-07	2023-03-17
Pretty URL mar66.com/assets/js/manifest.e8a841db9b5340dbc070.js IP 40.83.119.44 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:21:07 Last Seen2023-03-17 10:36:43 Times Seen1 Hash fe4d0ca54b74f0e05c3070298503e959 e897b34a7c00710f730c358f2b12ff9ecb2bb5e6 797e22609a520de9f11606ea6f6faf58e00261a2b3aef4a7c6b17f8a5123fcd6 Loading...

	cdn.livechatinc.com/widget/static/js/2.a65e7be1.chunk.js	336 kB	2023-03-07	2023-03-08
Pretty URL cdn.livechatinc.com/widget/static/js/2.a65e7be1.chunk.js IP 23.36.79.16 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:13:30 Last Seen2023-03-08 02:57:21 Times Seen1 Hash 4a3412eb638f4f47764705ca249f34e6 e81543406b38371e7cf9af420925c53ed734ce8b bfc25bb4376d7095f56f84bcb96d28ff99b04161b73d2abd81d3484f71a21048 Loading...

	secure.livechatinc.com/customer/action/open_chat?license_id=13278714&group=0&embedded=1&widget_version=3&unique_groups=0	105 B	2023-03-07	2023-04-05
Pretty URL secure.livechatinc.com/customer/action/open_chat?license_id=13278714&group=0&embedded=1&widget_version=3&unique_groups=0 IP 23.36.79.16 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:18 Last Seen2023-04-05 02:06:41 Times Seen330 Hash d30bfddcdb3764a782b7c8584021d1d6 64ed02149d0db57e6c1d68992361d7c1330a663a 5a8894efd9ef253bc344f5587ea4fb4f4b8da39d4dbd49a390c2302898411623 Loading...

	mar66.com/assets/js/vendor.32318751a524992ab95b.js	1.3 MB	2023-03-07	2023-03-17
Pretty URL mar66.com/assets/js/vendor.32318751a524992ab95b.js IP 40.83.119.44 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:21:07 Last Seen2023-03-17 10:36:43 Times Seen1 Hash 8b39b5b2fce6a953d613b10dee084d27 5fdd44b66851222b6f88ff3074ccc1fe7b5679d0 e1ab20ccd1707983c5dc7c55ea7e226f1910c3268fba58d762481efa2265a15d Loading...

	cdn.livechatinc.com/tracking.js	86 kB	2023-03-07	2023-03-08
Pretty URL cdn.livechatinc.com/tracking.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:10:53 Last Seen2023-03-08 02:57:21 Times Seen1 Hash 08c0746873a649a99ee8d47403496ba9 0898abc4749fe16ccf7bbadb716dc633da0a7b1c b9607866e99d4ec34da03476799ffbc3c0435a9cd2786482d4c16626c36495a1 Loading...

	secure.livechatinc.com/customer/action/open_chat?license_id=13278714&group=0&embedded=1&widget_version=3&unique_groups=0	2.4 kB	2023-03-07	2023-03-08
Pretty URL secure.livechatinc.com/customer/action/open_chat?license_id=13278714&group=0&embedded=1&widget_version=3&unique_groups=0 IP 23.36.79.16 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:11:42 Last Seen2023-03-08 02:57:21 Times Seen1 Hash 45dff58acb9a7e1fe4901ef60cb0e0c6 fd2a1659f38c2570f95b79d57e922659810dc5d2 f2f42d2177510d2baf4e859e7901fffe84f2c9e82435d677c0c84a40923a4653 Loading...

		Size	First Seen	Last Seen
	#1 Write - 0e75d2e029cfdf513c6da339b18c52be	6.2 kB	2023-03-08	2023-03-08
Pretty Observations First Seen2023-03-08 00:11:20 Last Seen2023-03-08 00:11:20 Times Seen1 Hash 0e75d2e029cfdf513c6da339b18c52be 963f60d1845cd1682fc7ed6cb8ab2952921b2a47 3edca4dab1a5aa97d2d8a261275ba9472c90a07c57d008159eefe8f78dc1d3d1 Loading...

HTTP Transactions (59)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
09a973de929ab7452edc342c780d3668
3f14f6e0a36f76863c0aea6fb561c266404a7ea3
e82ca5f310e37267fbf792427747e65c2bb35e684d3f629c0aa302f688bc4f80

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12457
Expires: Sat, 24 Sep 2022 05:46:20 GMT
Date: Sat, 24 Sep 2022 02:18:43 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

18.164.68.15

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
18.164.68.15:0
ASN
#0

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 24 Sep 2022 02:05:28 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 bb21de87e304f4ab90cafcf782a8548e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: 8-tsgPSeht8T5PzdYhJ9T64OhCNSP9GyY_KgqCMBIoBIUWlJPkTu0Q==
Age: 795

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

108.156.28.39

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
108.156.28.39:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 23 Sep 2022 04:13:03 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 728b6476f3e2317ec8044d22806d4f94.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: kDGuo0sR4DPMAoIVW3G6IegIrdZLq4-s3kCfit5W32gYJqU3-vsvDw==
age: 79541
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 02:18:43 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

mar66.com/

40.83.119.44

301 Moved Permanently

169 B

URL HTTP/1.1
mar66.com/
IP
40.83.119.44:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
169 B (169 bytes)
Hash
0f952b73d3f5586637ea9a5a789d48f4
b29aff4ffa1d4decd77db5160f920e1c6417e5e9
69d11528ee32902d0c47ed215877f0610399536f755db03ed02a77ecedd74751

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: mar66.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx/1.20.1
Date: Sat, 24 Sep 2022 02:18:43 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://mar66.com/

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

18.164.68.15

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
18.164.68.15:0
ASN
#0

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Expires, Alert, Content-Length, ETag, Cache-Control, Content-Type, Backoff, Pragma, Last-Modified
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sat, 24 Sep 2022 01:33:00 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Sat, 24 Sep 2022 01:33:27 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 49e8093d0b1ec293275e8b264631ad18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: DUDek1HshojUt7f8UhNNlOHMX_o3xo6ZPutmRT-MH34h-58VCOWysA==
Age: 2962

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
f714931cf870bfa33815fd259b7246fd
38e411ef8ca1b31ead8415ee5f21d98bd9653a86
897675130112daff8bdf6fa25b56faa4b9fdb367daca2b2645ed65c83a2e423f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4792
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 02:18:43 GMT
Last-Modified: Sat, 24 Sep 2022 00:58:51 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
581ad8e7d1147dd8519704f76a41dd6a
46274513813c14148d1f67bfed6c1be433ba2c2e
4a60a31d083b38189f3f47421674d755bf88a9d6f256f7d0b892f09957c8caf4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 02:18:44 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 22 Sep 2022 21:24:13 GMT
Expires: Thu, 29 Sep 2022 21:24:12 GMT
Etag: "46274513813c14148d1f67bfed6c1be433ba2c2e"
Cache-Control: max-age=500127,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74f807f7cb350b06-OSL

push.services.mozilla.com/

52.41.252.32

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.41.252.32:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: j8GqTNUbbXjBpXz6SMX+eg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ii1LqjRsFnbAmLQhvzNbY90Lbzs=

mar66.com/

40.83.119.44

200 OK

1.7 kB

URL HTTP/1.1
mar66.com/
IP
40.83.119.44:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1768)
Size
1.7 kB (1727 bytes)
Hash
e259364ab1a3c8b90a9c4442b0616def
82a2db8c511f54c62847b8e233c4cc1cf164d8ce
d5335aec7e733599a355662bc23d42ef6f15716f6511fca488225e23369af738

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: mar66.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 24 Sep 2022 02:18:44 GMT
Content-Type: text/html
Last-Modified: Tue, 23 Aug 2022 11:51:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6304bf56-15ca"
Content-Encoding: gzip

mar66.com/assets/js/manifest.e8a841db9b5340dbc070.js

40.83.119.44

200 OK

2.6 kB

URL HTTP/1.1
mar66.com/assets/js/manifest.e8a841db9b5340dbc070.js
IP
40.83.119.44:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (2642), with no line terminators
Size
2.6 kB (2642 bytes)
Hash
fe4d0ca54b74f0e05c3070298503e959
e897b34a7c00710f730c358f2b12ff9ecb2bb5e6
797e22609a520de9f11606ea6f6faf58e00261a2b3aef4a7c6b17f8a5123fcd6

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /assets/js/manifest.e8a841db9b5340dbc070.js HTTP/1.1
Host: mar66.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mar66.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 24 Sep 2022 02:18:44 GMT
Content-Type: application/javascript
Content-Length: 2642
Last-Modified: Tue, 23 Aug 2022 11:51:50 GMT
Connection: keep-alive
ETag: "6304bf56-a52"
Accept-Ranges: bytes

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15589
Expires: Sat, 24 Sep 2022 06:38:34 GMT
Date: Sat, 24 Sep 2022 02:18:45 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15589
Expires: Sat, 24 Sep 2022 06:38:34 GMT
Date: Sat, 24 Sep 2022 02:18:45 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefe0e74a-9715-4779-b8bd-d79486ea0663.jpeg

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefe0e74a-9715-4779-b8bd-d79486ea0663.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6888 bytes)
Hash
5f71b1368e471f98a48563bd55548cf8
18db64cc911a98afa49bec290658844a54bca927
c1b20952496d33635f8994558227bda8ddd268419f84123a167aade99c0ba56d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefe0e74a-9715-4779-b8bd-d79486ea0663.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6888
x-amzn-requestid: 3b91e2f8-7085-4598-8e10-ca4a5ee87571
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7tAXFbmIAMFVQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e2868-3eb36435766137c86cbd1781;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:43:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: JPJJwEIf969i4y7dwKwlFr6a9-9aKNpHZjDyX0PW3rAIDg1uO8BH3w==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:48:27 GMT
age: 16218
etag: "18db64cc911a98afa49bec290658844a54bca927"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F175a85c3-10d3-4e8f-bb64-d8da75a938c4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.3 kB (6294 bytes)
Hash
007aba90cc24589b974c6039372121d3
c308f846b81275e50122f99a229ae3fec0b5fe4c
dac4561f24f52c33e79e86b0794eab704866a879d6967ec120fdf7bc5a4e2d8c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F175a85c3-10d3-4e8f-bb64-d8da75a938c4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6294
x-amzn-requestid: 4007bdf7-f31a-414b-8711-f319aa09692b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7ruHG-loAMF-QA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e265a-18dc206b23fe3e383c1eb9cc;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:34:18 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Qvt0ZGsgQJ6WpKx36eDB6Q22qDIkhcFOxLYyZJgiZCM7vTsLb7L8lQ==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:48:25 GMT
age: 16220
etag: "c308f846b81275e50122f99a229ae3fec0b5fe4c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10032 bytes)
Hash
aa150280eb113504d61a25935c0f0127
ed04f74fbb4c77b21e2babc51a82857f5e23d169
07df17fffb391aa82efb09e30d97e88fa4dbe6df00e37bb90304f69179f4848e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10032
x-amzn-requestid: 521c4012-9834-4100-a7ed-30093502f1a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sPBHGYoAMFh-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e272c-77b03c321240d76a572d603a;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:37:48 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: N7TwxCLUL8qnvm3YuZ6CGyJquVerc266VvZ1g8j5RxGpQXoUJwhULg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:51:16 GMT
age: 16049
etag: "ed04f74fbb4c77b21e2babc51a82857f5e23d169"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F76fa20bb-9883-4867-b55e-fc56c8f8fc57.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.4 kB (6386 bytes)
Hash
d8d9af95acfc8b9b431eb1e020157f6d
f6f926be6e265a597aaede424f05fcd7c76fcc20
0b61d6cb0e0908cb8d303b9e951e2854166bd232e0291b5d698a6b757c064e88

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F76fa20bb-9883-4867-b55e-fc56c8f8fc57.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6386
x-amzn-requestid: 4380489e-d0ba-4f67-ac4f-67619ba34422
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7shGHryIAMF6zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e27a0-005f9c783c7722f16c178026;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:39:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: RuUOjTDRTkcaGFf_hTWrHZ89edOajgGUdl5PjbaUV7CUppat6IYsRg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:48:27 GMT
age: 16218
etag: "f6f926be6e265a597aaede424f05fcd7c76fcc20"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F261e052d-5e10-4c3b-815c-1ed62855e73c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11865 bytes)
Hash
51954c51a08c2b93c064cb33d062295a
6786581817793da801f0034d9eaee454c11a103b
c753863b9d3a6ac9a52db03ffee8862eb26ae92250d3bffa52e57fc138456eea

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F261e052d-5e10-4c3b-815c-1ed62855e73c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11865
x-amzn-requestid: ae62bd6d-590b-4644-8dea-dcf38adc07e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y13FEHSxoAMFs_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632bd220-1a9fdbc01506bbf15be0fa67;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 03:10:24 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Tw49_6ZXQUKAWP_sEMw_yPFXzN-UksLw7AYkkPqZZ9iGdkYW650INQ==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 03:48:30 GMT
age: 81015
etag: "6786581817793da801f0034d9eaee454c11a103b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

15 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1500786-3bbf-46d0-b16e-4aff6d48a585.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
15 kB (14579 bytes)
Hash
f10a12719b387d176497669ba75f0acc
16e42ba7b20555bf5a8615e5f4bb561204aeeb5a
0cb2231817387d43a490565b61e24ea7a3cfcff3281f4ab4379a882cc5c3173f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd1500786-3bbf-46d0-b16e-4aff6d48a585.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 14579
x-amzn-requestid: bce2c126-0883-4255-9246-d8055860f898
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YcCj6FYCoAMF9Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63217e18-66ba2e5d64b6a5b32b7ab36b;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 07:09:12 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: igIWZ2IhMA_GIovp4HgIHtGeDt5xoX0iThoQFKjnNJUYP_uMdO7FHw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 22:11:52 GMT
age: 14813
etag: "16e42ba7b20555bf5a8615e5f4bb561204aeeb5a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

mar66.com/assets/css/app.39077bfd0a7c64531c2eb3d75537a62d.css

40.83.119.44

200 OK

814 kB

URL HTTP/1.1
mar66.com/assets/css/app.39077bfd0a7c64531c2eb3d75537a62d.css
IP
40.83.119.44:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (65536), with no line terminators
Size
814 kB (813722 bytes)
Hash
d9acf8cd47715ded90f0576a791e4266
15d6063f7f120aca8723b9d6876e068fb126a68e
2ab1f3455907071fe489357c79767dce135e0b981f0b053753bc6c6ccb46da74

HTTP Headers

GET /assets/css/app.39077bfd0a7c64531c2eb3d75537a62d.css HTTP/1.1
Host: mar66.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mar66.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 24 Sep 2022 02:18:44 GMT
Content-Type: text/css
Content-Length: 813722
Last-Modified: Tue, 23 Aug 2022 11:51:50 GMT
Connection: keep-alive
ETag: "6304bf56-c6a9a"
Accept-Ranges: bytes

mar66.com/components/font/font.css

40.83.119.44

200 OK

1.7 kB

URL HTTP/1.1
mar66.com/components/font/font.css
IP
40.83.119.44:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1768)
Size
1.7 kB (1727 bytes)
Hash
e259364ab1a3c8b90a9c4442b0616def
82a2db8c511f54c62847b8e233c4cc1cf164d8ce
d5335aec7e733599a355662bc23d42ef6f15716f6511fca488225e23369af738

HTTP Headers

GET /components/font/font.css HTTP/1.1
Host: mar66.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mar66.com/assets/css/app.39077bfd0a7c64531c2eb3d75537a62d.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 24 Sep 2022 02:18:45 GMT
Content-Type: text/html
Last-Modified: Tue, 23 Aug 2022 11:51:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6304bf56-15ca"
Content-Encoding: gzip

mar66.com/assets/js/app.a62a532580986d919118.js

40.83.119.44

200 OK

1.2 MB

URL HTTP/1.1
mar66.com/assets/js/app.a62a532580986d919118.js
IP
40.83.119.44:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 text, with very long lines (61401), with no line terminators
Size
1.2 MB (1216673 bytes)
Hash
1c0567b7ed5bf168336063983eeec4c2
6658d92b0f6a8d3e21bce6f30076109350c82f93
440e5cace1abb157de4c1aee0a2d8146e338d0eaf0a7341fc9e7f9952ff564d9

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /assets/js/app.a62a532580986d919118.js HTTP/1.1
Host: mar66.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mar66.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 24 Sep 2022 02:18:44 GMT
Content-Type: application/javascript
Content-Length: 1216673
Last-Modified: Tue, 23 Aug 2022 11:51:50 GMT
Connection: keep-alive
ETag: "6304bf56-1290a1"
Accept-Ranges: bytes

mar66.com/assets/js/1.26a3d465e410c1a89ebe.js

40.83.119.44

200 OK

200 kB

URL HTTP/1.1
mar66.com/assets/js/1.26a3d465e410c1a89ebe.js
IP
40.83.119.44:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (65536), with no line terminators
Size
200 kB (199978 bytes)
Hash
cf7a42dda93bba7919ea289e205411ca
51ff80dbe48f1da0a4d8615e5a010ece88ad3479
70aa854ece7227dfefd05c8dae00b05d1c3880f2e30c978c1b24ee3d177f40b6

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /assets/js/1.26a3d465e410c1a89ebe.js HTTP/1.1
Host: mar66.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mar66.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 24 Sep 2022 02:18:46 GMT
Content-Type: application/javascript
Content-Length: 199978
Last-Modified: Tue, 23 Aug 2022 11:51:50 GMT
Connection: keep-alive
ETag: "6304bf56-30d2a"
Accept-Ranges: bytes

mar66.com/api/uc/system/website-information/find-one

40.83.119.44

200 OK

8.8 kB

URL HTTP/1.1
mar66.com/api/uc/system/website-information/find-one
IP
40.83.119.44:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (2077)
Size
8.8 kB (8803 bytes)
Hash
1e9847ca8523e0d652b30c8a30ce2ccd
aad52fee7adfa542419f35270123c05f78b37043
cde239f2df825eb3507edae325c03fd72dafe2378377acb905d26ed4e7b6ec0d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /api/uc/system/website-information/find-one HTTP/1.1
Host: mar66.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
x-auth-token: 
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://mar66.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 24 Sep 2022 02:18:46 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, DELETE, PATCH
Access-Control-Allow-Headers: *
Access-Control-Expose-Headers: *
Access-Control-Max-Age: 18000L
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Encoding: gzip

mar66.com/api/uc/coinaccuracy/get-accuracy

40.83.119.44

200 OK

288 B

URL HTTP/1.1
mar66.com/api/uc/coinaccuracy/get-accuracy
IP
40.83.119.44:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , ASCII text
Size
288 B (288 bytes)
Hash
50fac3c2c675b5a24f6e630cce89a3cf
ca0796e38409808223d56cd0a1c0324b3ef11291
6b8fe94a9d699f7f95e91e4fdc44097346c55b5b140489420ab9a2d3259fc900

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /api/uc/coinaccuracy/get-accuracy HTTP/1.1
Host: mar66.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
x-auth-token: 
X-Requested-With: XMLHttpRequest
Origin: https://mar66.com
Connection: keep-alive
Referer: https://mar66.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 24 Sep 2022 02:18:46 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: https://mar66.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, DELETE, PATCH
Access-Control-Allow-Headers: *
Access-Control-Expose-Headers: *
Access-Control-Max-Age: 18000L
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Encoding: gzip

mar66.com/assets/js/0.6b3b070ffe294320dcf9.js

40.83.119.44

200 OK

601 kB

URL HTTP/1.1
mar66.com/assets/js/0.6b3b070ffe294320dcf9.js
IP
40.83.119.44:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 text, with very long lines (63734), with no line terminators
Size
601 kB (601427 bytes)
Hash
aad7b1468713575fcf0a840ec4a2cfc9
53626faa2d20b560e6c11b15b29dc7f254968ab6
52fc4dbc89a05bf115579c77b653fb86d9c34e654529c210ee5e104131cb105c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /assets/js/0.6b3b070ffe294320dcf9.js HTTP/1.1
Host: mar66.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mar66.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 24 Sep 2022 02:18:46 GMT
Content-Type: application/javascript
Content-Length: 601427
Last-Modified: Tue, 23 Aug 2022 11:51:50 GMT
Connection: keep-alive
ETag: "6304bf56-92d53"
Accept-Ranges: bytes

mar66.com/api/uc/check/login

40.83.119.44

200 OK

93 B

URL HTTP/1.1
mar66.com/api/uc/check/login
IP
40.83.119.44:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , ASCII text
Size
93 B (93 bytes)
Hash
d63b5ada076dd40380514b689e89926e
5ef643b31c092440f28e5a49349429f93dd9227b
5996da5f0f213e984e98b4f81a9f9a1a3691bc4fbb4b3adad7d14cd5f9e0de62

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /api/uc/check/login HTTP/1.1
Host: mar66.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
x-auth-token: 
X-Requested-With: XMLHttpRequest
Content-Length: 0
Origin: https://mar66.com
Connection: keep-alive
Referer: https://mar66.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 24 Sep 2022 02:18:46 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: https://mar66.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, DELETE, PATCH
Access-Control-Allow-Headers: *
Access-Control-Expose-Headers: *
Access-Control-Max-Age: 18000L
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
x-auth-token: 1faf10a3-fc35-4f7c-8d8f-40015442acef
Content-Encoding: gzip

mar66.com/assets/js/vendor.32318751a524992ab95b.js

40.83.119.44

200 OK

24 kB

URL HTTP/1.1
mar66.com/assets/js/vendor.32318751a524992ab95b.js
IP
40.83.119.44:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Web Open Font Format, TrueType, length 24380, version 0.0\012- data
Size
24 kB (24380 bytes)
Hash
0f5768b16a09b3749a6c17cec6c01d50
b4174e270b8861645b9e026923034ef16063c4a3
dff4a26cec5435644347949d6e5c3efc9bbd8910a2bccb8d5f907df53b7c2068

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /assets/js/vendor.32318751a524992ab95b.js HTTP/1.1
Host: mar66.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mar66.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 24 Sep 2022 02:18:44 GMT
Content-Type: application/javascript
Content-Length: 1252889
Last-Modified: Tue, 23 Aug 2022 11:51:50 GMT
Connection: keep-alive
ETag: "6304bf56-131e19"
Accept-Ranges: bytes

mar66.com/oss/382d99e6-3961-4dc3-aa49-6bb9f0f6de74.png

40.83.119.44

200 OK

15 kB

URL HTTP/1.1
mar66.com/oss/382d99e6-3961-4dc3-aa49-6bb9f0f6de74.png
IP
40.83.119.44:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 320 x 70, 8-bit/color RGBA, non-interlaced\012- data
Size
15 kB (14990 bytes)
Hash
f649aaefcf6fea57a33b6e4ed96a179b
f3a55c7da2eca1dce56085920b4f0f27ce41ddca
d494561b5299a63ab3b7552faf2cb692757aee38fad89cc0f1e9647c6186122c

HTTP Headers

GET /oss/382d99e6-3961-4dc3-aa49-6bb9f0f6de74.png HTTP/1.1
Host: mar66.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mar66.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 24 Sep 2022 02:18:47 GMT
Content-Type: image/png
Content-Length: 14990
Connection: keep-alive
Accept-Ranges: bytes
Content-Security-Policy: block-all-mixed-content
ETag: "00000000000000000000000000000000-1"
Last-Modified: Tue, 12 Oct 2021 08:48:30 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 1717AA4BA2EEC2E4
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

mar66.com/api/uc/initData

40.83.119.44

200 OK

383 B

URL HTTP/1.1
mar66.com/api/uc/initData
IP
40.83.119.44:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , ASCII text
Size
383 B (383 bytes)
Hash
7fad264d2e000d5cfe9f55e146af07c4
f87eacd7d9e42013715b03893ee90ba41a60680e
3c0326b778b3281bea9dd857d7f17a29cce4fbbc76d104dffb714fa83c946046

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /api/uc/initData HTTP/1.1
Host: mar66.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
x-auth-token: 
X-Requested-With: XMLHttpRequest
Origin: https://mar66.com
Connection: keep-alive
Referer: https://mar66.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 24 Sep 2022 02:18:47 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: https://mar66.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, DELETE, PATCH
Access-Control-Allow-Headers: *
Access-Control-Expose-Headers: *
Access-Control-Max-Age: 18000L
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
x-auth-token: 53f144b8-80d7-4e78-85a7-c83aff6c0350
Content-Encoding: gzip

mar66.com/api/exchange/exchange-rate/usd/usdt

40.83.119.44

200 OK

82 B

URL HTTP/1.1
mar66.com/api/exchange/exchange-rate/usd/usdt
IP
40.83.119.44:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , ASCII text, with no line terminators
Size
82 B (82 bytes)
Hash
145ab00b0d1d7f41c7a042c941ea2a14
41547555889169a7409461cd237082e29acf6853
037ff25f184bed3acbd79518c0cdbab0cee753f3c8aad8130d74471f068154eb

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /api/exchange/exchange-rate/usd/usdt HTTP/1.1
Host: mar66.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
x-auth-token: 1faf10a3-fc35-4f7c-8d8f-40015442acef
X-Requested-With: XMLHttpRequest
Origin: https://mar66.com
Connection: keep-alive
Referer: https://mar66.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 24 Sep 2022 02:18:47 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: https://mar66.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, DELETE, PATCH
Access-Control-Allow-Headers: *
Access-Control-Expose-Headers: *
Access-Control-Max-Age: 18000L
Content-Encoding: gzip

mar66.com/api/uc/ancillary/system/advertise

40.83.119.44

200 OK

90 B

URL HTTP/1.1
mar66.com/api/uc/ancillary/system/advertise
IP
40.83.119.44:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text
Size
90 B (90 bytes)
Hash
4b34e26bbcef90445138826b506c0474
0bc88f03de2feebbf2efe752d2f5baa6e6d503b7
7ac3e186ef3ff432c638092e9d66540d3c8645fe1643f4cb4b004ab030d504fd

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /api/uc/ancillary/system/advertise HTTP/1.1
Host: mar66.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
x-auth-token: 1faf10a3-fc35-4f7c-8d8f-40015442acef
X-Requested-With: XMLHttpRequest
Content-Length: 33
Origin: https://mar66.com
Connection: keep-alive
Referer: https://mar66.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 24 Sep 2022 02:18:47 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: https://mar66.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, DELETE, PATCH
Access-Control-Allow-Headers: *
Access-Control-Expose-Headers: *
Access-Control-Max-Age: 18000L
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Encoding: gzip

mar66.com/api/uc/announcement/page

40.83.119.44

200 OK

394 B

URL HTTP/1.1
mar66.com/api/uc/announcement/page
IP
40.83.119.44:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , Unicode text, UTF-8 text
Size
394 B (394 bytes)
Hash
0066eee88c21da59825f58f4df7be1bd
3e243347e594cb8496db49a5ac5a8557b99f423b
29dad4236859f9bb70a3692b5f5e610b098011336f63ecee06d3b6ad7f7d6e09

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /api/uc/announcement/page HTTP/1.1
Host: mar66.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
x-auth-token: 1faf10a3-fc35-4f7c-8d8f-40015442acef
X-Requested-With: XMLHttpRequest
Content-Length: 27
Origin: https://mar66.com
Connection: keep-alive
Referer: https://mar66.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 24 Sep 2022 02:18:47 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: https://mar66.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, DELETE, PATCH
Access-Control-Allow-Headers: *
Access-Control-Expose-Headers: *
Access-Control-Max-Age: 18000L
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Encoding: gzip

mar66.com/assets/fonts/ionicons.143146f.woff2

40.83.119.44

200 OK

82 kB

URL HTTP/1.1
mar66.com/assets/fonts/ionicons.143146f.woff2
IP
40.83.119.44:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Web Open Font Format (Version 2), TrueType, length 82216, version 1.0\012- data
Size
82 kB (82216 bytes)
Hash
143146fa24554ae2c5ac0a3982abb952
3c8023fb37786aa29345fc13c6f654734ac9cc0f
503dc6b7a4b1ef89aac99bf92eab623f06d00ca212630514b660fa6ee52c437c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /assets/fonts/ionicons.143146f.woff2 HTTP/1.1
Host: mar66.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://mar66.com/assets/css/app.39077bfd0a7c64531c2eb3d75537a62d.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 24 Sep 2022 02:18:46 GMT
Content-Type: font/woff2
Content-Length: 82216
Last-Modified: Tue, 23 Aug 2022 11:51:50 GMT
Connection: keep-alive
ETag: "6304bf56-14128"
Accept-Ranges: bytes

mar66.com/api/exchange/symbol-thumb-trend

40.83.119.44

200 OK

2.1 kB

URL HTTP/1.1
mar66.com/api/exchange/symbol-thumb-trend
IP
40.83.119.44:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , ASCII text, with very long lines (6527), with no line terminators
Size
2.1 kB (2134 bytes)
Hash
853b10b1581f821662ea02f39f007d5a
e9b6c07a08552202a1f590353b26d1afd5b4596d
989de87a174144880973367b490c1b0796737d5dfc65373ebee03f661e5afdd7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /api/exchange/symbol-thumb-trend HTTP/1.1
Host: mar66.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
x-auth-token: 1faf10a3-fc35-4f7c-8d8f-40015442acef
X-Requested-With: XMLHttpRequest
Content-Length: 0
Origin: https://mar66.com
Connection: keep-alive
Referer: https://mar66.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 24 Sep 2022 02:18:47 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: https://mar66.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, DELETE, PATCH
Access-Control-Allow-Headers: *
Access-Control-Expose-Headers: *
Access-Control-Max-Age: 18000L
Content-Encoding: gzip

mar66.com/api/exchange/btc/trend

40.83.119.44

200 OK

1.2 kB

URL HTTP/1.1
mar66.com/api/exchange/btc/trend
IP
40.83.119.44:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , ASCII text, with very long lines (2677), with no line terminators
Size
1.2 kB (1165 bytes)
Hash
1f6439e7d41c60148712e5189e6353c0
fdde6671c02ee7cc696a6d20905543715d6f7655
dfe8e553b1e4d906776429e406af15f29d13e2ea928113757491ef96e8e61472

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /api/exchange/btc/trend HTTP/1.1
Host: mar66.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
x-auth-token: 1faf10a3-fc35-4f7c-8d8f-40015442acef
X-Requested-With: XMLHttpRequest
Content-Length: 0
Origin: https://mar66.com
Connection: keep-alive
Referer: https://mar66.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 24 Sep 2022 02:18:47 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: https://mar66.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, DELETE, PATCH
Access-Control-Allow-Headers: *
Access-Control-Expose-Headers: *
Access-Control-Max-Age: 18000L
Content-Encoding: gzip

mar66.com/assets/img/bannerbg.219c98f.png

40.83.119.44

200 OK

34 kB

URL HTTP/1.1
mar66.com/assets/img/bannerbg.219c98f.png
IP
40.83.119.44:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 1920 x 491, 4-bit colormap, non-interlaced\012- data
Size
34 kB (34464 bytes)
Hash
b7b4ac409b678c75f8ef2a37b1ec136c
b1c302818f9ec3ad1a8e615ff74cd91acba82ef6
11de8ea6318b4ca7e610809347afcaaf4348b54d1ca5fbbdb2675e7d98cf1ec9

HTTP Headers

GET /assets/img/bannerbg.219c98f.png HTTP/1.1
Host: mar66.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mar66.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 24 Sep 2022 02:18:47 GMT
Content-Type: image/png
Last-Modified: Tue, 23 Aug 2022 11:51:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6304bf56-8689"
Content-Encoding: gzip

mar66.com/assets/img/app-download.f9f2675.jpg

40.83.119.44

200 OK

30 kB

URL HTTP/1.1
mar66.com/assets/img/app-download.f9f2675.jpg
IP
40.83.119.44:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=\377\341\005Qhttp://ns.adobe.com/xap/1.0/], baseline, precision 8, 1920x516, components 3\012- data
Size
30 kB (30382 bytes)
Hash
142add8d2dd7b481144a1ce460f43c60
dae3032dd288846e62485cd8e7539e066014b564
9b603d0a58b9c845f7c1c734dec0e5d7a2ed8eabfd1e6b5d3f9af1ea4bb7f566

HTTP Headers

GET /assets/img/app-download.f9f2675.jpg HTTP/1.1
Host: mar66.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mar66.com/assets/css/app.39077bfd0a7c64531c2eb3d75537a62d.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 24 Sep 2022 02:18:47 GMT
Content-Type: image/jpeg
Last-Modified: Tue, 23 Aug 2022 11:51:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6304bf56-9786"
Content-Encoding: gzip

ocsp2.globalsign.com/gsorganizationvalsha2g2

104.18.20.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsorganizationvalsha2g2
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1459 bytes)
Hash
e05b331b5257247a99535ff65caf72fe
5c4fa7296ed21abaeb50585f0afed2878b9fe292
cfe14ef1dea1525cfb2f6eef0b303383df9b1826511eadd7576587ba1d038423

HTTP Headers

POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 02:18:47 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Wed, 28 Sep 2022 00:59:33 GMT
ETag: "5c4fa7296ed21abaeb50585f0afed2878b9fe292"
Last-Modified: Sat, 24 Sep 2022 00:59:34 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2856
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f8080fba2d0b59-OSL

api.livechatinc.com/v3.3/customer/action/get_dynamic_configuration?license_id=13278714&url=https%3A%2F%2Fmar66.com%2F%23%2F&channel_type=code&jsonp=__41de51s52ze

23.36.79.16

200 OK

263 B

URL HTTP/2
api.livechatinc.com/v3.3/customer/action/get_dynamic_configuration?license_id=13278714&url=https%3A%2F%2Fmar66.com%2F%23%2F&channel_type=code&jsonp=__41de51s52ze
IP
23.36.79.16:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with no line terminators
Size
263 B (263 bytes)
Hash
815539adf060ef180ea39259b19ecca8
b0a70dae5bb40b8bdeef2fa3fcedf66250a0ba55
30ef9c52575dbe03c1b96b1039c846a430d61b12ae746650bd107440938a516f

HTTP Headers

GET /v3.3/customer/action/get_dynamic_configuration?license_id=13278714&url=https%3A%2F%2Fmar66.com%2F%23%2F&channel_type=code&jsonp=__41de51s52ze HTTP/1.1
Host: api.livechatinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mar66.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-security-policy: frame-ancestors https://mar66.com/;
content-type: application/javascript; charset=UTF-8
legacy: 2023-06-30
vary: Accept-Encoding
x-frame-options: allow-from https://mar66.com/
content-length: 263
date: Sat, 24 Sep 2022 02:18:47 GMT
X-Firefox-Spdy: h2

api.livechatinc.com/v3.3/customer/action/get_configuration?license_id=13278714&version=367.3.3.194.63.74.2.4.4.1.3.4&group_id=0&jsonp=__lc_static_config

23.36.79.16

200 OK

1.6 kB

URL HTTP/2
api.livechatinc.com/v3.3/customer/action/get_configuration?license_id=13278714&version=367.3.3.194.63.74.2.4.4.1.3.4&group_id=0&jsonp=__lc_static_config
IP
23.36.79.16:0
ASN
#20940 Akamai International B.V.

File type
Unicode text, UTF-8 text, with very long lines (4564), with no line terminators
Size
1.6 kB (1638 bytes)
Hash
43367bd7f979aa815167f431613d56cf
ec422a8e93a8aa7c732418e587ca4cf7485d4e5d
8009bc087d65995f409892f62306d30ce911033e7f8bf3f6e55e07c83259d6fb

HTTP Headers

GET /v3.3/customer/action/get_configuration?license_id=13278714&version=367.3.3.194.63.74.2.4.4.1.3.4&group_id=0&jsonp=__lc_static_config HTTP/1.1
Host: api.livechatinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mar66.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-encoding: gzip
content-type: application/javascript; charset=UTF-8
legacy: 2023-06-30
vary: Accept-Encoding
content-length: 1638
cache-control: public, max-age=600
expires: Sat, 24 Sep 2022 02:28:47 GMT
date: Sat, 24 Sep 2022 02:18:47 GMT
X-Firefox-Spdy: h2

mar66.com//api/exchange/market-ws/info?t=1663985926921

40.83.119.44

200 OK

78 B

URL HTTP/1.1
mar66.com//api/exchange/market-ws/info?t=1663985926921
IP
40.83.119.44:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , ASCII text, with no line terminators
Size
78 B (78 bytes)
Hash
b921b637d97c10050c30eedc33c24b7a
9dc24e86fe9fa57ef33db79f4820401744574a0e
0263d57f0ed94bea42edc6d8881e9fe6eedf5b57874900c6b2c1811d5b7e04f2

HTTP Headers

GET //api/exchange/market-ws/info?t=1663985926921 HTTP/1.1
Host: mar66.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mar66.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 24 Sep 2022 02:18:47 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 78
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, DELETE, PATCH
Access-Control-Allow-Headers: *
Access-Control-Expose-Headers: *
Access-Control-Max-Age: 18000L
Cache-Control: no-store, no-cache, must-revalidate, max-age=0

api.livechatinc.com/v3.3/customer/action/get_localization?license_id=13278714&version=ff93808ef52c6dd040640c4853b854bd_41552a0d10fd9ba9aebeeaaca4ff69d3&language=en&group_id=0&jsonp=__lc_localization

23.36.79.16

200 OK

3.8 kB

URL HTTP/2
api.livechatinc.com/v3.3/customer/action/get_localization?license_id=13278714&version=ff93808ef52c6dd040640c4853b854bd_41552a0d10fd9ba9aebeeaaca4ff69d3&language=en&group_id=0&jsonp=__lc_localization
IP
23.36.79.16:0
ASN
#20940 Akamai International B.V.

File type
Unicode text, UTF-8 text, with very long lines (10855), with no line terminators
Size
3.8 kB (3773 bytes)
Hash
99a6988ccd58441f4d29fed02a607c9f
6e950ca76ac38170e2e39ecc96283aa77ef8caae
ef314c29d989405921736dbed40f27c7fc67e51d416bcfd41440ba7a707a86cc

HTTP Headers

GET /v3.3/customer/action/get_localization?license_id=13278714&version=ff93808ef52c6dd040640c4853b854bd_41552a0d10fd9ba9aebeeaaca4ff69d3&language=en&group_id=0&jsonp=__lc_localization HTTP/1.1
Host: api.livechatinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mar66.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-encoding: gzip
content-type: application/javascript; charset=UTF-8
legacy: 2023-06-30
vary: Accept-Encoding
cache-control: public, max-age=600
expires: Sat, 24 Sep 2022 02:28:48 GMT
date: Sat, 24 Sep 2022 02:18:48 GMT
content-length: 3773
X-Firefox-Spdy: h2

mar66.com/assets/img/phone_img.9c0182f.png

40.83.119.44

200 OK

116 kB

URL HTTP/1.1
mar66.com/assets/img/phone_img.9c0182f.png
IP
40.83.119.44:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 476 x 506, 8-bit/color RGBA, non-interlaced\012- data
Size
116 kB (115749 bytes)
Hash
ddec2a5823ff01dc7bc556b79adf4c62
e7dc2877543354e1ac85ac51a5cf6506a09bb546
c78c926eb7d93b2dbfa42bf01be8edcce1ab6fe98ed95b4a30078182b37d4b30

HTTP Headers

GET /assets/img/phone_img.9c0182f.png HTTP/1.1
Host: mar66.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mar66.com/assets/css/app.39077bfd0a7c64531c2eb3d75537a62d.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 24 Sep 2022 02:18:47 GMT
Content-Type: image/png
Last-Modified: Tue, 23 Aug 2022 11:51:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"6304bf56-1c416"
Content-Encoding: gzip

mar66.com/oss/f27a5810-b5e1-439c-a1ec-c14a6726876e.x-icon

40.83.119.44

200 OK

4.3 kB

URL HTTP/1.1
mar66.com/oss/f27a5810-b5e1-439c-a1ec-c14a6726876e.x-icon
IP
40.83.119.44:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel\012- data
Size
4.3 kB (4286 bytes)
Hash
65a929417342791f95c0041907845cc8
f7a6c1f44eede1f023914c4d8aa56f73cf51d0aa
89633cb12f839a43213d15d7993b8207e03e447bc4eb61bc7d2e28c8d4fdc361

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /oss/f27a5810-b5e1-439c-a1ec-c14a6726876e.x-icon HTTP/1.1
Host: mar66.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mar66.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 24 Sep 2022 02:18:48 GMT
Content-Type: application/octet-stream
Content-Length: 4286
Connection: keep-alive
Accept-Ranges: bytes
Content-Security-Policy: block-all-mixed-content
ETag: "00000000000000000000000000000000-1"
Last-Modified: Tue, 12 Oct 2021 10:26:26 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 1717AA4BEC9265A3
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

secure.livechatinc.com/customer/action/open_chat?license_id=13278714&group=0&embedded=1&widget_version=3&unique_groups=0

23.36.79.16

200 OK

2.0 kB

URL HTTP/2
secure.livechatinc.com/customer/action/open_chat?license_id=13278714&group=0&embedded=1&widget_version=3&unique_groups=0
IP
23.36.79.16:0
ASN
#20940 Akamai International B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4424), with no line terminators
Size
2.0 kB (1966 bytes)
Hash
9c3f16244be088f5cecf655868ac333a
597c9d5cc676f8391f669a8b63f0f2c79e7fe5cd
bcb414813b0925c5998a0ab7ceabf75130cfbcde72418189844ddcc0ef5e5e46

HTTP Headers

GET /customer/action/open_chat?license_id=13278714&group=0&embedded=1&widget_version=3&unique_groups=0 HTTP/1.1
Host: secure.livechatinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mar66.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-encoding: gzip
content-type: text/html; charset=utf-8
vary: Accept-Encoding
content-length: 1966
date: Sat, 24 Sep 2022 02:18:48 GMT
X-Firefox-Spdy: h2

cdn.livechatinc.com/widget/static/js/0.96a16c18.chunk.js

23.36.79.16

200 OK

70 kB

URL HTTP/2
cdn.livechatinc.com/widget/static/js/0.96a16c18.chunk.js
IP
23.36.79.16:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65462)
Size
70 kB (69542 bytes)
Hash
4e94f8d92e0b5b5d837c91a71518ae93
3a901f88735fe470d89fabae6f6da1bd6ef57370
ad40d01aa34c47aa7e9bc7bf52adc65074e90e7ea81a3646ee536b79a278be8c

HTTP Headers

GET /widget/static/js/0.96a16c18.chunk.js HTTP/1.1
Host: cdn.livechatinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure.livechatinc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 07 Sep 2022 12:23:44 GMT
etag: W/"6a835528d087d08b1f0fe0642cb6d223"
x-amz-version-id: D3auGCHl.1EBD8fIsGg0TVEJ4vGgzVLu
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-amz-cf-pop: AMS54-C1
x-amz-cf-id: 2Z3Jj0ChNSBBVMOnJi6CzXCHxdv4j89b_Ig-RZcY8UGtT5nFkSAmPg==
content-length: 69542
cache-control: max-age=31536000
expires: Sun, 24 Sep 2023 02:18:48 GMT
date: Sat, 24 Sep 2022 02:18:48 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
X-Firefox-Spdy: h2

cdn.livechatinc.com/widget/static/js/2.a65e7be1.chunk.js

23.36.79.16

200 OK

94 kB

URL HTTP/2
cdn.livechatinc.com/widget/static/js/2.a65e7be1.chunk.js
IP
23.36.79.16:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65462)
Size
94 kB (94247 bytes)
Hash
e1f86388fc53362dedcbdf4fa64da3be
25d35495db05ca6314204f14e1b3bdbb719adc66
3094dc7ea9c9fc782b217ee70520a59339ac167fc218c784553b2463a6d343d2

HTTP Headers

GET /widget/static/js/2.a65e7be1.chunk.js HTTP/1.1
Host: cdn.livechatinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure.livechatinc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 22 Sep 2022 10:03:22 GMT
x-amz-version-id: jKznX1AdEp8f6wadV31xCsDL1skHM78l
server: AmazonS3
content-encoding: br
etag: W/"4a3412eb638f4f47764705ca249f34e6"
vary: Accept-Encoding
x-amz-cf-pop: HAM50-C2
x-amz-cf-id: rpRV9JnmpprvF7Fd4qMg5-EYZ1xuAe7ZKowAT7kDGSYaRtZs8svE-A==
content-length: 94247
cache-control: max-age=31536000
expires: Sun, 24 Sep 2023 02:18:48 GMT
date: Sat, 24 Sep 2022 02:18:48 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
4fb51016b82f43bc6ee9f5ace001690c
5390a86aa0a7b82f5d09605b10812567b309d27a
73283fa4b416ee80d2ac87c30d2183afa1ae487a8650563b79adc1f001030f73

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 02:18:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
4fb51016b82f43bc6ee9f5ace001690c
5390a86aa0a7b82f5d09605b10812567b309d27a
73283fa4b416ee80d2ac87c30d2183afa1ae487a8650563b79adc1f001030f73

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 02:18:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

mar66.com//api/exchange/market-ws/053/be4eyt2u/websocket

40.83.119.44

101 Switching Protocols

0 B

URL HTTP/1.1
mar66.com//api/exchange/market-ws/053/be4eyt2u/websocket
IP
40.83.119.44:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET //api/exchange/market-ws/053/be4eyt2u/websocket HTTP/1.1
Host: mar66.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://mar66.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 62MGzQWp1ldL9k4FM3Rz4w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.20.1
Date: Sat, 24 Sep 2022 02:18:48 GMT
Connection: upgrade
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, DELETE, PATCH
Access-Control-Allow-Headers: *
Access-Control-Expose-Headers: *
Access-Control-Max-Age: 18000L
upgrade: websocket
sec-websocket-accept: 4sDCwa5690R8SUsjx4076f+iz24=

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
fa5a7fd1c3d5eed2a8816ac62ad73e51
6536f3880457c6ced9534d5cf10615b6daf42aea
3c3a74be5d72d9e2b5ecdaeafbbf3d0029cd5848d2483cfa10da14859deff436

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 02:18:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
fa5a7fd1c3d5eed2a8816ac62ad73e51
6536f3880457c6ced9534d5cf10615b6daf42aea
3c3a74be5d72d9e2b5ecdaeafbbf3d0029cd5848d2483cfa10da14859deff436

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 02:18:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.googleapis.com/css?family=Noto+Sans:400,700&subset=latin-ext&display=swap

216.58.211.10

200 OK

14 kB

URL HTTP/2
fonts.googleapis.com/css?family=Noto+Sans:400,700&subset=latin-ext&display=swap
IP
216.58.211.10:0
ASN
#15169 GOOGLE

File type
data
Size
14 kB (13545 bytes)
Hash
7493f2f4ea0cc2f09c5b4ca6cca5960a
2656158ff637bab028a04fa7543b056c464de0fe
f32b00e88dae1fd42b89df6cd82157e8f03ac552e6b30e8f912e3d5d3e0b5a21

HTTP Headers

GET /css?family=Noto+Sans:400,700&subset=latin-ext&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure.livechatinc.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 24 Sep 2022 02:18:48 GMT
date: Sat, 24 Sep 2022 02:18:48 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/notosans/v27/o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2

142.250.74.163

200 OK

13 kB

URL HTTP/2
fonts.gstatic.com/s/notosans/v27/o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 12684, version 1.0\012- data
Size
13 kB (12684 bytes)
Hash
0c235386bcf6af06f67e6c89fd19e434
10720574d4609322023984a761f32f9518c07bc4
c1c30918a861cb6a985ab55d54ad7e861682354197f164cb3b7194f20eed67ac

HTTP Headers

GET /s/notosans/v27/o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://secure.livechatinc.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12684
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 19 Sep 2022 21:03:15 GMT
expires: Tue, 19 Sep 2023 21:03:15 GMT
cache-control: public, max-age=31536000
age: 364533
last-modified: Mon, 09 May 2022 18:28:04 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

coinexchange.oss-cn-hangzhou.aliyuncs.com/bannerimg.png

47.110.177.101

200 OK

116 kB

URL HTTP/1.1
coinexchange.oss-cn-hangzhou.aliyuncs.com/bannerimg.png
IP
47.110.177.101:0
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

File type
PNG image data, 2000 x 107, 8-bit/color RGBA, non-interlaced\012- data
Size
116 kB (115692 bytes)
Hash
33da78de4829252c7d7055e1cf90cd76
4908a0c8471707aed26c61683b3470c0840d07d0
40131dff508c32d466b2ee6467d5df745449e2ae7117042e3e320d0a1cffc3dd

HTTP Headers

GET /bannerimg.png HTTP/1.1
Host: coinexchange.oss-cn-hangzhou.aliyuncs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mar66.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: AliyunOSS
Date: Sat, 24 Sep 2022 02:18:48 GMT
Content-Type: image/png
Content-Length: 115692
Connection: keep-alive
x-oss-request-id: 632E6907A966993237292C4C
Accept-Ranges: bytes
ETag: "33DA78DE4829252C7D7055E1CF90CD76"
Last-Modified: Mon, 24 Aug 2020 08:36:33 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 3635289276384272319
x-oss-storage-class: Standard
Content-Disposition: attachment
x-oss-force-download: true
Content-MD5: M9p43kgpJSx9cFXhz5DNdg==
x-oss-server-time: 67

cdn.livechatinc.com/widget/static/js/iframe.ded6051a.chunk.js

23.36.79.16

200 OK

472 B

URL HTTP/2
cdn.livechatinc.com/widget/static/js/iframe.ded6051a.chunk.js
IP
23.36.79.16:0
ASN
#20940 Akamai International B.V.

File type
data
Size
472 B (472 bytes)
Hash
fa5a7fd1c3d5eed2a8816ac62ad73e51
6536f3880457c6ced9534d5cf10615b6daf42aea
3c3a74be5d72d9e2b5ecdaeafbbf3d0029cd5848d2483cfa10da14859deff436

HTTP Headers

GET /widget/static/js/iframe.ded6051a.chunk.js HTTP/1.1
Host: cdn.livechatinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://secure.livechatinc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
last-modified: Thu, 22 Sep 2022 10:03:24 GMT
etag: W/"2e8c291599908b1794e098530f0794c8"
x-amz-version-id: hH.VnI4gZdhI06TOf.rjAvldynmm8Xga
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: G48Kfwr56J4h3rv12sZi723QIXjpNbGK4vw5hElRaAplPc4YqzPlPA==
cache-control: max-age=31536000
expires: Sun, 24 Sep 2023 02:18:48 GMT
date: Sat, 24 Sep 2022 02:18:48 GMT
content-length: 121146
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
X-Firefox-Spdy: h2

accounts.livechatinc.com/customer/token

23.36.79.16

200 OK

138 B

URL HTTP/2
accounts.livechatinc.com/customer/token
IP
23.36.79.16:0
ASN
#20940 Akamai International B.V.

File type
JSON data\012- , ASCII text
Size
138 B (138 bytes)
Hash
4e065ce81db929d537ad60aab9f6d79b
eaa3b571f4c82fe89ed8fa0574657cbcbbd14fb8
3055ab84f624215a645cfd3980818099a34b7443df6ec4e7df7af5cc45afb324

HTTP Headers

POST /customer/token HTTP/1.1
Host: accounts.livechatinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 190
Origin: https://secure.livechatinc.com
Connection: keep-alive
Referer: https://secure.livechatinc.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://secure.livechatinc.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-type: application/json
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
content-length: 138
date: Sat, 24 Sep 2022 02:18:48 GMT
set-cookie: __lc_cid=3bb46660-bee8-4f4f-73db-1f951d93bb22; Path=/v2/customer/token; Domain=accounts.livechatinc.com; Expires=Tue, 24 Sep 2024 02:18:48 GMT; Max-Age=63072000; HttpOnly; Secure; SameSite=None
__lc_cst=b0afb79ccd664a3abfbf75cdc78abca29c0942f31b69a6d60a52fee00919cdd325c1d794286cc1e2c0e56affeab818f9c16f48657c3dd96f76312f9e01f1; Path=/v2/customer/token; Domain=accounts.livechatinc.com; Expires=Tue, 24 Sep 2024 02:18:48 GMT; Max-Age=63072000; HttpOnly; Secure; SameSite=None
__lc_cid=3bb46660-bee8-4f4f-73db-1f951d93bb22; Path=/customer/token; Domain=accounts.livechatinc.com; Expires=Tue, 24 Sep 2024 02:18:48 GMT; Max-Age=63072000; HttpOnly; Secure; SameSite=None
__lc_cst=b0afb79ccd664a3abfbf75cdc78abca29c0942f31b69a6d60a52fee00919cdd325c1d794286cc1e2c0e56affeab818f9c16f48657c3dd96f76312f9e01f1; Path=/customer/token; Domain=accounts.livechatinc.com; Expires=Tue, 24 Sep 2024 02:18:48 GMT; Max-Age=63072000; HttpOnly; Secure; SameSite=None
__oauth_redirect_detector=counter=1&t=1663985958&tag=c605b19ba38d25cdd2d45bcefdb8051f56e1b38d; Path=/; Expires=Sat, 24 Sep 2022 02:19:18 GMT; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2

api.livechatinc.com/v3.3/customer/rtm/ws?license_id=13278714

23.36.79.17

101 Switching Protocols

0 B

URL HTTP/1.1
api.livechatinc.com/v3.3/customer/rtm/ws?license_id=13278714
IP
23.36.79.17:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v3.3/customer/rtm/ws?license_id=13278714 HTTP/1.1
Host: api.livechatinc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://secure.livechatinc.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: OAGpKpEYZYppmDXszbTwUw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
sec-websocket-accept: U84+ECy40Qnc5SBZpc2+esLY/wM=
legacy: 2023-06-30
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://secure.livechatinc.com
Date: Sat, 24 Sep 2022 02:18:49 GMT
Upgrade: websocket
Connection: Upgrade

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (15)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP