urlquery - report: gzybl13.com/vendor/sebastian/diff/bana/cca1aace666b4c6999ae3136c854c50c/execution.html?validation=e1s1

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	IP	Comment
contile.services.mozilla.com (1)	1114	2021-05-27 18:32:35 UTC	2022-10-01 05:00:18 UTC	34.117.237.239
ajax.googleapis.com (1)	12905	2013-06-10 06:53:41 UTC	2022-10-01 21:01:30 UTC	172.217.21.170
push.services.mozilla.com (1)	2140	2015-09-03 10:29:36 UTC	2022-10-01 05:28:34 UTC	54.148.242.254
img-getpocket.cdn.mozilla.net (6)	1631	2017-09-01 03:40:57 UTC	2022-10-01 14:59:59 UTC	34.120.237.76
gzybl13.com (16)	0	2022-09-14 15:07:23 UTC	2022-10-01 18:34:43 UTC	121.42.94.163	Unknown ranking
ocsp.digicert.com (1)	86	2012-05-21 07:02:23 UTC	2022-10-01 19:20:31 UTC	93.184.220.29
ocsp.pki.goog (2)	175	2017-06-14 07:23:31 UTC	2022-10-01 04:58:47 UTC	142.250.74.3
cdn.jsdelivr.net (2)	439	2012-09-30 00:15:09 UTC	2022-10-01 04:58:51 UTC	151.101.85.229
r3.o.lencr.org (5)	344	2020-12-02 08:52:13 UTC	2022-10-01 04:59:16 UTC	23.36.77.32
code.jquery.com (1)	634	2012-05-21 17:28:02 UTC	2022-10-01 05:11:01 UTC	69.16.175.10
firefox.settings.services.mozilla.com (2)	867	2020-05-27 20:08:30 UTC	2022-10-01 15:00:41 UTC	18.165.201.80
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03 12:26:46 UTC	2022-10-01 05:17:12 UTC	108.156.28.95
ipinfo.io (2)	8136	2015-02-06 06:58:53 UTC	2022-10-01 13:13:16 UTC	34.117.59.81
ocsp.globalsign.com (1)	2075	2012-05-25 06:20:55 UTC	2022-10-01 05:00:56 UTC	104.18.21.226

Scan Date	Severity	Indicator	Comment
2022-10-01	2	gzybl13.com/vendor/sebastian/diff/bana/dist/js.cookie.js	Phishing
2022-10-01	2	gzybl13.com/vendor/sebastian/diff/bana/dist/jquery-lang.js	Phishing
2022-10-01	2	gzybl13.com/vendor/sebastian/diff/bana/dist/fonts/default-274a65bae9742377a (...)	Phishing
2022-10-01	2	gzybl13.com/vendor/sebastian/diff/bana/dist/load.php	Phishing
2022-10-01	2	gzybl13.com/vendor/sebastian/diff/bana/dist/DHL_head.html	Phishing
2022-10-01	2	gzybl13.com/vendor/sebastian/diff/bana/dist/DHL_footer.html	Phishing
2022-10-01	2	gzybl13.com/vendor/sebastian/diff/bana/dist/fonts/iconfont-e7bece496cd0e6d6 (...)	Phishing
2022-10-01	2	gzybl13.com/vendor/sebastian/diff/bana/dist/fonts/default-3e828e80f6e985c35 (...)	Phishing
2022-10-01	2	gzybl13.com/vendor/sebastian/diff/bana/dist/fonts/default-815fcbb4d2c579017 (...)	Phishing
2022-10-01	2	gzybl13.com/vendor/sebastian/diff/bana/dist/DHL_track.html	Phishing
2022-10-01	2	gzybl13.com/vendor/sebastian/diff/bana/dist/jquery.validate.min.js	Phishing
2022-10-01	2	gzybl13.com/vendor/sebastian/diff/bana/dist/langpack/en.json	Phishing
2022-10-01	2	gzybl13.com/vendor/sebastian/diff/bana/dist/fonts/default-5a6dd86f272b304a8 (...)	Phishing

Date	UQ / IDS / BL	URL	IP
2022-10-01 23:16:28 +0000	6 - 0 - 13	gzybl13.com/vendor/sebastian/diff/bana/cca1aa (...)	121.42.94.163
2022-10-01 22:53:35 +0000	6 - 0 - 13	gzybl13.com/vendor/sebastian/diff/bana/90e069 (...)	121.42.94.163
2022-10-01 22:52:43 +0000	7 - 0 - 14	gzybl13.com/vendor/sebastian/diff/bana/8db71c (...)	121.42.94.163
2022-10-01 22:52:27 +0000	6 - 0 - 13	gzybl13.com/vendor/sebastian/diff/bana/7dc89f (...)	121.42.94.163
2022-10-01 22:21:05 +0000	6 - 0 - 13	gzybl13.com/vendor/sebastian/diff/bana/f47529 (...)	121.42.94.163

Date	UQ / IDS / BL	URL	IP
2023-01-29 18:31:23 +0000	0 - 1 - 3	jcedu.org/ebook/cs17.exe	47.100.62.130
2023-01-29 18:21:58 +0000	0 - 1 - 1	soft.110route.com/PAETools.exe	39.106.158.243
2023-01-29 18:21:55 +0000	0 - 0 - 2	47.102.62.79/	47.102.62.79
2023-01-29 18:16:44 +0000	0 - 1 - 0	daohang1.oss-cn-beijing.aliyuncs.com/dh_pz/jp (...)	59.110.117.115
2023-01-29 18:12:35 +0000	0 - 2 - 1	www.ysbaojia.com/downfile.asp?sid=276663/	120.77.146.229

Date	UQ / IDS / BL	URL	IP
2022-10-01 23:16:28 +0000	6 - 0 - 13	gzybl13.com/vendor/sebastian/diff/bana/cca1aa (...)	121.42.94.163
2022-10-01 22:53:35 +0000	6 - 0 - 13	gzybl13.com/vendor/sebastian/diff/bana/90e069 (...)	121.42.94.163
2022-10-01 22:52:43 +0000	7 - 0 - 14	gzybl13.com/vendor/sebastian/diff/bana/8db71c (...)	121.42.94.163
2022-10-01 22:52:27 +0000	6 - 0 - 13	gzybl13.com/vendor/sebastian/diff/bana/7dc89f (...)	121.42.94.163
2022-10-01 22:21:05 +0000	6 - 0 - 13	gzybl13.com/vendor/sebastian/diff/bana/f47529 (...)	121.42.94.163

Date	UQ / IDS / BL	URL	IP
2023-01-29 18:35:48 +0000	34 - 1 - 16	www.ndnmag.fr/en/a0239a4daf50402b14b2d597de66 (...)	46.182.4.120
2023-01-29 18:35:44 +0000	34 - 0 - 16	www.ndnmag.fr/en/f13c86b8414e28c33f9e447b91ec (...)	46.182.4.120
2023-01-29 18:35:44 +0000	34 - 0 - 16	www.ndnmag.fr/en/b39220da92c4125d2db7447673f0 (...)	46.182.4.120
2023-01-29 18:35:43 +0000	34 - 1 - 16	www.ndnmag.fr/en/eb47e3f50be8ed1a1f14e73feaf1 (...)	46.182.4.120
2023-01-29 18:34:40 +0000	34 - 1 - 16	www.ndnmag.fr/en/f350af96f5b444d8d98bf6aa824f (...)	46.182.4.120

HTTP Transactions (42)

Request	Response
GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/ FQDN: firefox.settings.services.mozilla.com IP: 18.165.201.80 HASH: a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45 18.165.201.80 HTTP/1.1 200 OK Content-Type: application/json Content-Length: 939 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After Cache-Control: max-age=3600 Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Date: Sat, 01 Oct 2022 23:02:48 GMT X-Content-Type-Options: nosniff X-Cache: Hit from cloudfront Via: 1.1 182a59e089d675b68d266c3e1c14253c.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P3 X-Amz-Cf-Id: sEiY8sWI-S_ZyNyMLsdFTdv2AEhkJsjXH89CBapPF9SkXVHVaxEvRA== Age: 809 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size: 939 Md5: 1b3053fa528e28810f8a2cc9284cc921 Sha1: cca9eb471d941881a6b9a1793aecb6c281908f6a Sha256: a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 763e2dadfdd286a51327cd2000ca335e30cd0b9b7267875d22ca33f7556ba200 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "763E2DADFDD286A51327CD2000CA335E30CD0B9B7267875D22CA33F7556BA200" Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=4665 Expires: Sun, 02 Oct 2022 00:34:02 GMT Date: Sat, 01 Oct 2022 23:16:17 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 60e4edea7b5f4d19f3547a3bb2d5df57 Sha1: 3ee076bab4da3416c2c5808f730cb316c28baef7 Sha256: 763e2dadfdd286a51327cd2000ca335e30cd0b9b7267875d22ca33f7556ba200
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: content-signature-2.cdn.mozilla.net/chains/remote-setti (...) FQDN: content-signature-2.cdn.mozilla.net IP: 108.156.28.95 HASH: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770 108.156.28.95 HTTP/2 200 OK content-type: binary/octet-stream content-length: 5348 last-modified: Sat, 10 Sep 2022 18:47:45 GMT content-disposition: attachment accept-ranges: bytes server: AmazonS3 date: Sat, 01 Oct 2022 03:39:03 GMT etag: "6113f8408c59aebe188d6af273b90743" x-cache: Hit from cloudfront via: 1.1 905eac6c91c9858bd0f20b56e9c842d4.cloudfront.net (CloudFront) x-amz-cf-pop: LHR50-P1 x-amz-cf-id: cdIBXHKmFypx2SCwCOiJfp9nC-s0sRuuuVUOSpc6eHj808He72FDlA== age: 70981 X-Firefox-Spdy: h2 --- Additional Info --- Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: 6113f8408c59aebe188d6af273b90743 Sha1: 7398873bf00f99944eaa77ad3ebc0d43c23dba6b Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: contile.services.mozilla.com/v1/tiles FQDN: contile.services.mozilla.com IP: 34.117.237.239 HASH: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3 34.117.237.239 HTTP/2 200 OK content-type: application/json server: nginx date: Sat, 01 Oct 2022 23:16:17 GMT content-length: 12 strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6 Sha1: a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /vendor/sebastian/diff/bana/cca1aace666b4c6999ae3136c854c50c/execution.html?validation=e1s1 HTTP/1.1 Host: gzybl13.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1	URL: gzybl13.com/vendor/sebastian/diff/bana/cca1aace666b4c69 (...) FQDN: gzybl13.com IP: 121.42.94.163 HASH: b33e199645f50f4a637971e4a59746df19a8b9abf44e731f24d7e78bb9048d5d 121.42.94.163 HTTP/1.1 200 OK Content-Type: text/html Date: Sat, 01 Oct 2022 23:16:18 GMT Server: Apache Last-Modified: Wed, 21 Sep 2022 20:01:29 GMT ETag: "28c0034-1f52-5e9356916c4e9" Accept-Ranges: bytes Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Content-Length: 1782 Keep-Alive: timeout=15, max=300 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators Size: 1782 Md5: 6b93961fcf4afedb697680d1abf1cf33 Sha1: 025249a0f6d1fc3192abec4f8f4c089a121534cd Sha256: b33e199645f50f4a637971e4a59746df19a8b9abf44e731f24d7e78bb9048d5d Alerts: urlquery: - Phishing - DHL
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/buckets/main/c (...) FQDN: firefox.settings.services.mozilla.com IP: 18.165.201.80 HASH: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300 18.165.201.80 HTTP/1.1 200 OK Content-Type: application/json Content-Length: 329 Connection: keep-alive Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT X-Content-Type-Options: nosniff Date: Sat, 01 Oct 2022 22:33:03 GMT Cache-Control: max-age=3600, max-age=3600 Expires: Sat, 01 Oct 2022 23:25:48 GMT ETag: "1648230346554" X-Cache: Hit from cloudfront Via: 1.1 90927d233f1a615dc244e8b198aa1f04.cloudfront.net (CloudFront) X-Amz-Cf-Pop: LHR50-P3 X-Amz-Cf-Id: XzwPJWo0ct0uYI8CAfWAAnveJ6FWhAiJ8sAogk9UWtqOpAVbUuO91Q== Age: 2604 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size: 329 Md5: 0333b0655111aa68de771adfcc4db243 Sha1: 63f295a144ac87a7c8e23417626724eeca68a7eb Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /ajax/libs/jquery/1.10.2/jquery.min.js HTTP/1.1 Host: ajax.googleapis.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://gzybl13.com/	URL: ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js FQDN: ajax.googleapis.com IP: 172.217.21.170 HASH: 65a0917567cb7037612cf420629873f2f3594d2e741aaadf90d893d07d8f5fdd 172.217.21.170 HTTP/1.1 200 OK Content-Type: text/javascript; charset=UTF-8 Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Access-Control-Allow-Origin: * Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers" Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} Timing-Allow-Origin: * Content-Length: 32954 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Sat, 01 Oct 2022 12:17:57 GMT Expires: Sun, 01 Oct 2023 12:17:57 GMT Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000 Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT Age: 39500 --- Additional Info --- Magic: ASCII text, with very long lines (32072) Size: 32954 Md5: d38e2944bbc9ae54b8947a2bd0b9a932 Sha1: 782a825679b248d38979c2d7ecae257873344437 Sha256: 65a0917567cb7037612cf420629873f2f3594d2e741aaadf90d893d07d8f5fdd
GET /jquery-3.5.1.min.js HTTP/1.1 Host: code.jquery.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: http://gzybl13.com Connection: keep-alive Referer: http://gzybl13.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: code.jquery.com/jquery-3.5.1.min.js FQDN: code.jquery.com IP: 69.16.175.10 HASH: fda7541f8e4cf921d20bcd0dc1d0efe69644c79bd18a0be4ce2f34246c83603e 69.16.175.10 HTTP/2 200 OK content-type: application/javascript; charset=utf-8 date: Sat, 01 Oct 2022 23:16:17 GMT content-encoding: gzip content-length: 30879 last-modified: Fri, 20 Aug 2021 17:47:53 GMT accept-ranges: bytes server: nginx etag: W/"611feac9-15d84" cache-control: max-age=315360000, public access-control-allow-origin: * vary: Accept-Encoding x-hw: 1664666177.dop067.sk1.t,1664666177.cds222.sk1.hn,1664666177.cds208.sk1.c X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text, with very long lines (65451) Size: 30879 Md5: 3700d0b271343804b9b9aa1c13efa521 Sha1: 3d6b03dbd74872ca3dfbb0529f6c80943788f918 Sha256: fda7541f8e4cf921d20bcd0dc1d0efe69644c79bd18a0be4ce2f34246c83603e
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.digicert.com/ FQDN: ocsp.digicert.com IP: 93.184.220.29 HASH: 36282e09bb25caf3d7350c4bee485cb87947aabc7d7409169caf15c2e75d8b7d 93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 4030 Cache-Control: 'max-age=158059' Date: Sat, 01 Oct 2022 23:16:17 GMT Last-Modified: Sat, 01 Oct 2022 22:09:07 GMT Server: ECS (ska/F715) X-Cache: HIT Content-Length: 471 --- Additional Info --- Magic: data Size: 471 Md5: 829e839c217bf861b8cf90c8d636f510 Sha1: 459714fcf0d374bdc078ef59d122d59bf9312c5f Sha256: 36282e09bb25caf3d7350c4bee485cb87947aabc7d7409169caf15c2e75d8b7d
GET /vendor/sebastian/diff/bana/dist/js.cookie.js HTTP/1.1 Host: gzybl13.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://gzybl13.com/vendor/sebastian/diff/bana/cca1aace666b4c6999ae3136c854c50c/execution.html?validation=e1s1	URL: gzybl13.com/vendor/sebastian/diff/bana/dist/js.cookie.js FQDN: gzybl13.com IP: 121.42.94.163 HASH: d234097e1e7a6e22fa09f7684577c07c861c77485105a1d74daa90646c1d47a7 121.42.94.163 HTTP/1.1 200 OK Content-Type: application/javascript Date: Sat, 01 Oct 2022 23:16:18 GMT Server: Apache Last-Modified: Wed, 07 Sep 2022 22:05:59 GMT ETag: "2421066-d60-5e81d8492cc0d" Accept-Ranges: bytes Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Content-Length: 1387 Keep-Alive: timeout=15, max=299 Connection: Keep-Alive --- Additional Info --- Magic: ASCII text Size: 1387 Md5: bc8cc9c688c4d556936a7fa6ec6fbe12 Sha1: 7c3a045a0256e758345d82062b9d08c6a4d97d2a Sha256: d234097e1e7a6e22fa09f7684577c07c861c77485105a1d74daa90646c1d47a7 Alerts: urlquery: - Phishing - DHL Blocklists: - fortinet: Phishing
GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: kyMdAq5ZjK3cKGq2Tf50Hw== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket	URL: push.services.mozilla.com/ FQDN: push.services.mozilla.com IP: 54.148.242.254 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 54.148.242.254 HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: yI8BTnpyPlVlT4pJ8hhXwWGTX3s= --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /vendor/sebastian/diff/bana/dist/jquery-lang.js HTTP/1.1 Host: gzybl13.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://gzybl13.com/vendor/sebastian/diff/bana/cca1aace666b4c6999ae3136c854c50c/execution.html?validation=e1s1	URL: gzybl13.com/vendor/sebastian/diff/bana/dist/jquery-lang.js FQDN: gzybl13.com IP: 121.42.94.163 HASH: 50b74f02b7f4852ea8afdf518a07bb264480821da537d26d5fe7dffd5c62ca2f 121.42.94.163 HTTP/1.1 200 OK Content-Type: application/javascript Date: Sat, 01 Oct 2022 23:16:18 GMT Server: Apache Last-Modified: Wed, 07 Sep 2022 22:05:59 GMT ETag: "2421061-6c2d-5e81d8492c825" Accept-Ranges: bytes Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Content-Length: 7000 Keep-Alive: timeout=15, max=300 Connection: Keep-Alive --- Additional Info --- Magic: ASCII text Size: 7000 Md5: 1c1917fafff89489f105f5d8427e6ef5 Sha1: f6fb0efe5340fb45aeeb5550c1811e8c46cf79fa Sha256: 50b74f02b7f4852ea8afdf518a07bb264480821da537d26d5fe7dffd5c62ca2f Alerts: urlquery: - Phishing - DHL Blocklists: - fortinet: Phishing
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 61bf2bddece68c7876ab5481c14ed1b1879343e55c86ee013b4f3a8d3353e6b4 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "61BF2BDDECE68C7876AB5481C14ED1B1879343E55C86EE013B4F3A8D3353E6B4" Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=5027 Expires: Sun, 02 Oct 2022 00:40:06 GMT Date: Sat, 01 Oct 2022 23:16:19 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: f5e503471cc78b95c0a3e75785615e5f Sha1: 145b1e4d850c145a78577b5d7d4fadae9658d7a4 Sha256: 61bf2bddece68c7876ab5481c14ed1b1879343e55c86ee013b4f3a8d3353e6b4
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 61bf2bddece68c7876ab5481c14ed1b1879343e55c86ee013b4f3a8d3353e6b4 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "61BF2BDDECE68C7876AB5481C14ED1B1879343E55C86EE013B4F3A8D3353E6B4" Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=5027 Expires: Sun, 02 Oct 2022 00:40:06 GMT Date: Sat, 01 Oct 2022 23:16:19 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: f5e503471cc78b95c0a3e75785615e5f Sha1: 145b1e4d850c145a78577b5d7d4fadae9658d7a4 Sha256: 61bf2bddece68c7876ab5481c14ed1b1879343e55c86ee013b4f3a8d3353e6b4
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 61bf2bddece68c7876ab5481c14ed1b1879343e55c86ee013b4f3a8d3353e6b4 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "61BF2BDDECE68C7876AB5481C14ED1B1879343E55C86EE013B4F3A8D3353E6B4" Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=5027 Expires: Sun, 02 Oct 2022 00:40:06 GMT Date: Sat, 01 Oct 2022 23:16:19 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: f5e503471cc78b95c0a3e75785615e5f Sha1: 145b1e4d850c145a78577b5d7d4fadae9658d7a4 Sha256: 61bf2bddece68c7876ab5481c14ed1b1879343e55c86ee013b4f3a8d3353e6b4
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.77.32 HASH: 61bf2bddece68c7876ab5481c14ed1b1879343e55c86ee013b4f3a8d3353e6b4 23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "61BF2BDDECE68C7876AB5481C14ED1B1879343E55C86EE013B4F3A8D3353E6B4" Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=5027 Expires: Sun, 02 Oct 2022 00:40:06 GMT Date: Sat, 01 Oct 2022 23:16:19 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: f5e503471cc78b95c0a3e75785615e5f Sha1: 145b1e4d850c145a78577b5d7d4fadae9658d7a4 Sha256: 61bf2bddece68c7876ab5481c14ed1b1879343e55c86ee013b4f3a8d3353e6b4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3739433a-586b-4806-9e89-5a2f86fcfa94.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 734bc62139fee1b31c84f56de3d5e95c6d6982170db376dab09ef9b65f816d54 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 9608 x-amzn-requestid: 48e458f4-06b9-4860-9b5d-f029d1980d0c x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: ZWEHnFCNIAMFTsA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6338b3ca-0f75015e046622da1c785ce9;Sampled=0 x-amzn-remapped-date: Sat, 01 Oct 2022 21:40:26 GMT x-amz-cf-pop: YVR50-C1, SEA73-P1 x-cache: Miss from cloudfront x-amz-cf-id: ORd8X5LMwzSwE3J3nGk_CL3T-8CIvktiZ0yGJIsDDaK3g93LXPx1ZQ== via: 1.1 9c335c5f85533b11cbfd38dc7cc60c16.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google date: Sat, 01 Oct 2022 21:52:32 GMT age: 5027 etag: "501fbebf706d5cf59e396af4f256f72afbd943d9" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 9608 Md5: d43dc29ff0419bb1930b15f5e8a875ba Sha1: 501fbebf706d5cf59e396af4f256f72afbd943d9 Sha256: 734bc62139fee1b31c84f56de3d5e95c6d6982170db376dab09ef9b65f816d54
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d657f8a-70bc-42c6-9aae-1127c4403047.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: ad495dc0ede3bfcbaebfd3bf2eb55fc5596cd7643a539e030ccce0b8a3bcf8dd 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 8602 x-amzn-requestid: 89329169-bc7a-46b1-85fc-20383a85cae8 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: ZWDf9GxzoAMFg0A= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6338b2cc-27952f8357fa25c956b1cd72;Sampled=0 x-amzn-remapped-date: Sat, 01 Oct 2022 21:36:12 GMT x-amz-cf-pop: HIO50-C1, SEA73-P1 x-cache: Miss from cloudfront x-amz-cf-id: YDfn3Xd8m6jaBrj_M9hs4dePku_eEhJbYv3NJSHjCdAWifhBkiKUhw== via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google date: Sat, 01 Oct 2022 21:53:38 GMT age: 4961 etag: "5d3389a965cfa45dab2202d89b40264368674e8a" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 8602 Md5: 94d82ad8d70761f6ee1384b4183335f3 Sha1: 5d3389a965cfa45dab2202d89b40264368674e8a Sha256: ad495dc0ede3bfcbaebfd3bf2eb55fc5596cd7643a539e030ccce0b8a3bcf8dd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 6315 x-amzn-requestid: f0791b53-3c5f-4d94-954d-992a529ebb60 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: ZPnunF35oAMFYbg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63361ff6-2adb303349153ced73ccecf6;Sampled=0 x-amzn-remapped-date: Thu, 29 Sep 2022 22:45:10 GMT x-amz-cf-pop: SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: F3fk5JnJ9ZFNPan-8DuLb4kuTiYKfniBar3qNlsuqd8a0saW3sEGvQ== via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google date: Sat, 01 Oct 2022 04:41:31 GMT age: 66888 etag: "58ff0bf8ce7528b303d28bab01a80ad721705569" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 6315 Md5: 206fb65e75dbadf119512f71e0b78402 Sha1: 58ff0bf8ce7528b303d28bab01a80ad721705569 Sha256: 56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F589e050c-3794-45f2-a218-269b944ae739.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: c7811cb947483a033f31ff1e93b813f1bbc49b03ed78fcedab2090c71e5c4d1f 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 9600 x-amzn-requestid: e83a86d3-f5ab-4645-92df-4b2da3d4afa3 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: ZWDgmFdlIAMFzQA= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6338b2d0-48c3fa150800475c790b95bd;Sampled=0 x-amzn-remapped-date: Sat, 01 Oct 2022 21:36:16 GMT x-amz-cf-pop: HIO50-C1, SEA73-P1 x-cache: Miss from cloudfront x-amz-cf-id: f1aqkuvCub_vq9gBDgA4VL8hNf16FXzXhQjSHC1yDLISm85uOqJF9w== via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google date: Sat, 01 Oct 2022 21:54:50 GMT etag: "fa7e61b4f2864b8e51acb2cc887c15d5cb41ef38" age: 4889 cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 9600 Md5: 11f2e40823827b62bca89d18ee279cb2 Sha1: fa7e61b4f2864b8e51acb2cc887c15d5cb41ef38 Sha256: c7811cb947483a033f31ff1e93b813f1bbc49b03ed78fcedab2090c71e5c4d1f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F91d14136-4e81-4e18-80ca-f688f18110b7.png HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 81d98f635686a13e149a86149db28f794097b35fc0b7af82beb0199edfc82a38 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 9073 x-amzn-requestid: 6337e85e-904c-4346-b11d-1cf213eba1a8 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: ZWDf8EyIIAMF_Vw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6338b2cc-05c231ba25850508201eda0d;Sampled=0 x-amzn-remapped-date: Sat, 01 Oct 2022 21:36:12 GMT x-amz-cf-pop: HIO50-C1, SEA73-P1 x-cache: Miss from cloudfront x-amz-cf-id: 2WCasBR9fFvqGZ61uURK1W4vhzCBO81FTvpSCs6eKH8HBClVUFybpQ== via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google date: Sat, 01 Oct 2022 21:53:37 GMT age: 4962 etag: "377251ce16059a304e1ada7e7bdade2eee86bfdb" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 9073 Md5: 91c43e8f8caa27091b10fc006c309e96 Sha1: 377251ce16059a304e1ada7e7bdade2eee86bfdb Sha256: 81d98f635686a13e149a86149db28f794097b35fc0b7af82beb0199edfc82a38
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4043a1cb-a427-407b-90c2-59adcca462c8.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: b316b4db642e349e452b09cf49767c8b05ebd2db05f217e927065a571c9aa1fe 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 7725 x-amzn-requestid: 2b15132c-03f8-4b9a-b3a9-2217fbfd89c4 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: ZWEIQHviIAMFtYg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6338b3ce-749367997b2e5c9c106d8380;Sampled=0 x-amzn-remapped-date: Sat, 01 Oct 2022 21:40:30 GMT x-amz-cf-pop: HIO50-C1, SEA73-P1 x-cache: Miss from cloudfront x-amz-cf-id: oeNrrQppxcZdBnySqbiuB_G2yqlJWBwvzqlc-pCOxk_zK6z8ILaHEQ== via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google date: Sat, 01 Oct 2022 21:54:50 GMT etag: "b5122a1c700e68a2322300a1e9d38453a1c3eb3a" age: 4889 cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 7725 Md5: d8342b284a0d5383fff1aae9375ef009 Sha1: b5122a1c700e68a2322300a1e9d38453a1c3eb3a Sha256: b316b4db642e349e452b09cf49767c8b05ebd2db05f217e927065a571c9aa1fe
GET /vendor/sebastian/diff/bana/dist/dhl.css HTTP/1.1 Host: gzybl13.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://gzybl13.com/vendor/sebastian/diff/bana/cca1aace666b4c6999ae3136c854c50c/execution.html?validation=e1s1	URL: gzybl13.com/vendor/sebastian/diff/bana/dist/dhl.css FQDN: gzybl13.com IP: 121.42.94.163 HASH: 4ebc8985f17f3baf5683617c7854fd2132e952ca17ca83312685c7eb0e5d7c54 121.42.94.163 HTTP/1.1 200 OK Content-Type: text/css Date: Sat, 01 Oct 2022 23:16:18 GMT Server: Apache Last-Modified: Wed, 07 Sep 2022 22:05:59 GMT ETag: "2421056-15b189-5e81d8492b0b5" Accept-Ranges: bytes Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Keep-Alive: timeout=15, max=300 Connection: Keep-Alive Transfer-Encoding: chunked --- Additional Info --- Magic: Unicode text, UTF-8 text, with very long lines (1148), with CRLF line terminators Size: 314756 Md5: 91bb51af984823aa997a73805a14c17a Sha1: 3e466647149a7c376f7df1fc9d921571eac24c9d Sha256: 4ebc8985f17f3baf5683617c7854fd2132e952ca17ca83312685c7eb0e5d7c54
GET /vendor/sebastian/diff/bana/dist/favicon.ico HTTP/1.1 Host: gzybl13.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://gzybl13.com/vendor/sebastian/diff/bana/cca1aace666b4c6999ae3136c854c50c/execution.html?validation=e1s1	URL: gzybl13.com/vendor/sebastian/diff/bana/dist/favicon.ico FQDN: gzybl13.com IP: 121.42.94.163 HASH: 9ada5709e264c31b04a05bd85448a9bd5e91925e8d83df5cef0762ec97cc283e 121.42.94.163 HTTP/1.1 200 OK Content-Type: image/x-icon Date: Sat, 01 Oct 2022 23:16:22 GMT Server: Apache Last-Modified: Wed, 07 Sep 2022 22:05:59 GMT ETag: "242105c-47e-5e81d8492b49d" Accept-Ranges: bytes Content-Length: 1150 Vary: User-Agent Keep-Alive: timeout=15, max=299 Connection: Keep-Alive --- Additional Info --- Magic: MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data Size: 1150 Md5: d8106bf3a1d00ab43b01e6e3c92500eb Sha1: 202b5e8654ab1b28351378293bca3b9d844cc29b Sha256: 9ada5709e264c31b04a05bd85448a9bd5e91925e8d83df5cef0762ec97cc283e
GET /vendor/sebastian/diff/bana/dist/fonts/default-274a65bae9742377aaf010bb1a7de971.woff HTTP/1.1 Host: gzybl13.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Connection: keep-alive Referer: http://gzybl13.com/vendor/sebastian/diff/bana/dist/dhl.css	URL: gzybl13.com/vendor/sebastian/diff/bana/dist/fonts/defau (...) FQDN: gzybl13.com IP: 121.42.94.163 HASH: 5af5c3746b03792640b9cafdabddfb2c5407f72988e128541a88fa439607d940 121.42.94.163 HTTP/1.1 200 OK Content-Type: text/plain Date: Sat, 01 Oct 2022 23:16:22 GMT Server: Apache Last-Modified: Wed, 07 Sep 2022 22:05:59 GMT ETag: "2443059-a07c-5e81d8492bc6d" Accept-Ranges: bytes Content-Length: 41084 Vary: User-Agent Keep-Alive: timeout=15, max=299 Connection: Keep-Alive --- Additional Info --- Magic: Web Open Font Format, TrueType, length 41084, version 1.66\012- data Size: 41084 Md5: 03f859bf58e4d37841070de34be7d978 Sha1: 3436d4fa17e7ee470c3d62b08787cfa7de408408 Sha256: 5af5c3746b03792640b9cafdabddfb2c5407f72988e128541a88fa439607d940 Alerts: Blocklists: - fortinet: Phishing
GET /vendor/sebastian/diff/bana/dist/load.php HTTP/1.1 Host: gzybl13.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html, /; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Connection: keep-alive Referer: http://gzybl13.com/vendor/sebastian/diff/bana/cca1aace666b4c6999ae3136c854c50c/execution.html?validation=e1s1	URL: gzybl13.com/vendor/sebastian/diff/bana/dist/load.php FQDN: gzybl13.com IP: 121.42.94.163 HASH: 0d2d38ee6854230889d7e258fff29e7878cd1407ca222fb4b859863579ab9507 121.42.94.163 HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Date: Sat, 01 Oct 2022 23:16:22 GMT Server: Apache Vary: User-Agent,Accept-Encoding Content-Encoding: gzip Content-Length: 1096 Keep-Alive: timeout=15, max=298 Connection: Keep-Alive --- Additional Info --- Magic: HTML document, ASCII text, with CRLF line terminators Size: 1096 Md5: 443278ad17f9fe35fcaf6044308d9762 Sha1: 0b1b47ec66fff41259da13c19283b366c6f39e29 Sha256: 0d2d38ee6854230889d7e258fff29e7878cd1407ca222fb4b859863579ab9507 Alerts: Blocklists: - fortinet: Phishing
GET /vendor/sebastian/diff/bana/dist/DHL_head.html HTTP/1.1 Host: gzybl13.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html, /; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Connection: keep-alive Referer: http://gzybl13.com/vendor/sebastian/diff/bana/cca1aace666b4c6999ae3136c854c50c/execution.html?validation=e1s1	URL: gzybl13.com/vendor/sebastian/diff/bana/dist/DHL_head.html FQDN: gzybl13.com IP: 121.42.94.163 HASH: 3e87d6aac316578b0c3ee6a1e4dcb51a03cf97146896e94a421c36da027f797f 121.42.94.163 HTTP/1.1 200 OK Content-Type: text/html Date: Sat, 01 Oct 2022 23:16:22 GMT Server: Apache Last-Modified: Wed, 07 Sep 2022 22:05:59 GMT ETag: "2421058-2cb7-5e81d8492b0b5" Accept-Ranges: bytes Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Content-Length: 3110 Keep-Alive: timeout=15, max=298 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (1836) Size: 3110 Md5: 0f20c23d9a6f196d80806ed8f45a1034 Sha1: d3ffb719f856333ac01886c8f9dacb2467c7df78 Sha256: 3e87d6aac316578b0c3ee6a1e4dcb51a03cf97146896e94a421c36da027f797f Alerts: Blocklists: - fortinet: Phishing
GET /vendor/sebastian/diff/bana/dist/DHL_footer.html HTTP/1.1 Host: gzybl13.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html, /; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Connection: keep-alive Referer: http://gzybl13.com/vendor/sebastian/diff/bana/cca1aace666b4c6999ae3136c854c50c/execution.html?validation=e1s1	URL: gzybl13.com/vendor/sebastian/diff/bana/dist/DHL_footer.html FQDN: gzybl13.com IP: 121.42.94.163 HASH: aebdf87856c1666bd33d7b4135380b7a3593d11cada6d62682f5bf27790c04d8 121.42.94.163 HTTP/1.1 200 OK Content-Type: text/html Date: Sat, 01 Oct 2022 23:16:22 GMT Server: Apache Last-Modified: Wed, 07 Sep 2022 22:05:59 GMT ETag: "2421057-3c2f-5e81d8492b0b5" Accept-Ranges: bytes Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Content-Length: 6053 Keep-Alive: timeout=15, max=298 Connection: Keep-Alive --- Additional Info --- Magic: exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (2591) Size: 6053 Md5: e45471c894fc4dac290da5a886d216b7 Sha1: f064f191fd83000073053213acb364d0600b52aa Sha256: aebdf87856c1666bd33d7b4135380b7a3593d11cada6d62682f5bf27790c04d8 Alerts: Blocklists: - fortinet: Phishing
GET /country HTTP/1.1 Host: ipinfo.io User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://gzybl13.com/ Origin: http://gzybl13.com Connection: keep-alive	URL: ipinfo.io/country FQDN: ipinfo.io IP: 34.117.59.81 HASH: 76d7f55bf215f2132f41391f47b4efd048f7c3b61db2b650e2a0a9b4a02d79f0 34.117.59.81 HTTP/1.1 302 Found content-type: text/plain; charset=utf-8 access-control-allow-origin: * location: https://ipinfo.io/country vary: Accept, Accept-Encoding date: Sat, 01 Oct 2022 23:16:22 GMT x-envoy-upstream-service-time: 1 strict-transport-security: max-age=2592000; includeSubDomains content-encoding: gzip transfer-encoding: chunked Via: 1.1 google --- Additional Info --- Magic: ASCII text, with no line terminators Size: 72 Md5: b79f12127b13f3298b65130f55033eea Sha1: 0c5df3d4734c5d754f78df4dd08f329ce38ab901 Sha256: 76d7f55bf215f2132f41391f47b4efd048f7c3b61db2b650e2a0a9b4a02d79f0
POST /s/gts1d4/5QlTZKzjgCw HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/s/gts1d4/5QlTZKzjgCw FQDN: ocsp.pki.goog IP: 142.250.74.3 HASH: f1d812f00bef48ee18f7f9a53f976ca0c8ccab6bab6f84e23d4acacf457acc08 142.250.74.3 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sat, 01 Oct 2022 23:16:22 GMT Cache-Control: public, max-age=14400 Server: scaffolding on HTTPServer2 Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: 292ce37b593ce3c3ec7c0af26bfba179 Sha1: 96394b63a1af6edd4087a423e0a16b54fc23597b Sha256: f1d812f00bef48ee18f7f9a53f976ca0c8ccab6bab6f84e23d4acacf457acc08
GET /vendor/sebastian/diff/bana/dist/fonts/iconfont-e7bece496cd0e6d60e456bc2b48c9446.woff HTTP/1.1 Host: gzybl13.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Connection: keep-alive Referer: http://gzybl13.com/vendor/sebastian/diff/bana/dist/dhl.css	URL: gzybl13.com/vendor/sebastian/diff/bana/dist/fonts/iconf (...) FQDN: gzybl13.com IP: 121.42.94.163 HASH: 6d051536af97fbd33fae0683a1b6ce3749757ab43c8ee8c89295755fd4595807 121.42.94.163 HTTP/1.1 200 OK Content-Type: text/plain Date: Sat, 01 Oct 2022 23:16:22 GMT Server: Apache Last-Modified: Wed, 07 Sep 2022 22:05:59 GMT ETag: "2443064-2464-5e81d8492c43d" Accept-Ranges: bytes Content-Length: 9316 Vary: User-Agent Keep-Alive: timeout=15, max=297 Connection: Keep-Alive --- Additional Info --- Magic: Web Open Font Format, TrueType, length 9316, version 1.0\012- data Size: 9316 Md5: 9355df62a665ef9249036bbccad8c54c Sha1: 6b7779a10187a1a7473f604fbe3db96350868c6a Sha256: 6d051536af97fbd33fae0683a1b6ce3749757ab43c8ee8c89295755fd4595807 Alerts: urlquery: - Phishing - DHL Blocklists: - fortinet: Phishing
POST /s/gts1d4/5QlTZKzjgCw HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/s/gts1d4/5QlTZKzjgCw FQDN: ocsp.pki.goog IP: 142.250.74.3 HASH: 61d9af0dc0d96a772bb4120d423e8f6d8d795391fd4e47e0dd8b50b44049a148 142.250.74.3 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sat, 01 Oct 2022 23:16:22 GMT Cache-Control: public, max-age=14400 Server: scaffolding on HTTPServer2 Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: c4392c66c1c7186165b64a5f3aa4af42 Sha1: b5e6b0d77fe3cad61103bd7f528e0cab142c8c65 Sha256: 61d9af0dc0d96a772bb4120d423e8f6d8d795391fd4e47e0dd8b50b44049a148
GET /vendor/sebastian/diff/bana/dist/fonts/default-3e828e80f6e985c352eba4474518978d.woff HTTP/1.1 Host: gzybl13.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Connection: keep-alive Referer: http://gzybl13.com/vendor/sebastian/diff/bana/dist/dhl.css	URL: gzybl13.com/vendor/sebastian/diff/bana/dist/fonts/defau (...) FQDN: gzybl13.com IP: 121.42.94.163 HASH: 87c40e3961e21f759770615ae67568a3de3ec6e0735f1238a6aae062f4ea15d5 121.42.94.163 HTTP/1.1 200 OK Content-Type: text/plain Date: Sat, 01 Oct 2022 23:16:22 GMT Server: Apache Last-Modified: Wed, 07 Sep 2022 22:05:59 GMT ETag: "2443061-ace4-5e81d8492c055" Accept-Ranges: bytes Content-Length: 44260 Vary: User-Agent Keep-Alive: timeout=15, max=297 Connection: Keep-Alive --- Additional Info --- Magic: Web Open Font Format, TrueType, length 44260, version 1.66\012- data Size: 44260 Md5: 4a350e02a03ac62e72e9ea575b31ce84 Sha1: d47b03b96b6e7034a1473a293bb594e597a41dc2 Sha256: 87c40e3961e21f759770615ae67568a3de3ec6e0735f1238a6aae062f4ea15d5 Alerts: Blocklists: - fortinet: Phishing
GET /vendor/sebastian/diff/bana/dist/fonts/default-815fcbb4d2c57901701125d768f09d67.woff HTTP/1.1 Host: gzybl13.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Connection: keep-alive Referer: http://gzybl13.com/vendor/sebastian/diff/bana/dist/dhl.css	URL: gzybl13.com/vendor/sebastian/diff/bana/dist/fonts/defau (...) FQDN: gzybl13.com IP: 121.42.94.163 HASH: 19d0bda83ecbc986620468801adf000c77c3c38398650903c63fac8dcbac4383 121.42.94.163 HTTP/1.1 200 OK Content-Type: text/plain Date: Sat, 01 Oct 2022 23:16:22 GMT Server: Apache Last-Modified: Wed, 07 Sep 2022 22:05:59 GMT ETag: "2443063-a170-5e81d8492c055" Accept-Ranges: bytes Content-Length: 41328 Vary: User-Agent Keep-Alive: timeout=15, max=300 Connection: Keep-Alive --- Additional Info --- Magic: Web Open Font Format, TrueType, length 41328, version 1.66\012- data Size: 41328 Md5: e39bd2e2657ce5dd6f9c33df18529233 Sha1: 6db81ebb91bfa67cef8f2f870f03046150568799 Sha256: 19d0bda83ecbc986620468801adf000c77c3c38398650903c63fac8dcbac4383 Alerts: Blocklists: - fortinet: Phishing
GET /vendor/sebastian/diff/bana/dist/DHL_track.html HTTP/1.1 Host: gzybl13.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html, /; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Connection: keep-alive Referer: http://gzybl13.com/vendor/sebastian/diff/bana/cca1aace666b4c6999ae3136c854c50c/execution.html?validation=e1s1	URL: gzybl13.com/vendor/sebastian/diff/bana/dist/DHL_track.html FQDN: gzybl13.com IP: 121.42.94.163 HASH: 809a2807c641ba62a321e81b256bd9b3f7cb89793c3a579f5c2f8388c3c61f7e 121.42.94.163 HTTP/1.1 200 OK Content-Type: text/html Date: Sat, 01 Oct 2022 23:16:24 GMT Server: Apache Last-Modified: Wed, 07 Sep 2022 22:05:59 GMT ETag: "242105b-1952-5e81d8492b49d" Accept-Ranges: bytes Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Content-Length: 2376 Keep-Alive: timeout=15, max=296 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (356) Size: 2376 Md5: c53f5d4aa2db91c1ed65876d9abbafd8 Sha1: 5a9a36799ec58afb17711e9fcfbe61e8bbf8757a Sha256: 809a2807c641ba62a321e81b256bd9b3f7cb89793c3a579f5c2f8388c3c61f7e Alerts: Blocklists: - fortinet: Phishing
GET /vendor/sebastian/diff/bana/dist/jquery.validate.min.js HTTP/1.1 Host: gzybl13.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, /; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Connection: keep-alive Referer: http://gzybl13.com/vendor/sebastian/diff/bana/cca1aace666b4c6999ae3136c854c50c/execution.html?validation=e1s1	URL: gzybl13.com/vendor/sebastian/diff/bana/dist/jquery.vali (...) FQDN: gzybl13.com IP: 121.42.94.163 HASH: d88829113f706278062864700f82a7b55756af1c0ba4be724122c78fe3fc37fe 121.42.94.163 HTTP/1.1 200 OK Content-Type: application/javascript Date: Sat, 01 Oct 2022 23:16:24 GMT Server: Apache Last-Modified: Wed, 07 Sep 2022 22:05:59 GMT ETag: "2421065-5f38-5e81d8492cc0d" Accept-Ranges: bytes Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Content-Length: 7815 Keep-Alive: timeout=15, max=295 Connection: Keep-Alive --- Additional Info --- Magic: Unicode text, UTF-8 text, with very long lines (24237) Size: 7815 Md5: 733b253cf585468481e2a1d19b517fc2 Sha1: bd1c201faf6ff53a44b19e2ef8f6a18b6a36141b Sha256: d88829113f706278062864700f82a7b55756af1c0ba4be724122c78fe3fc37fe Alerts: Blocklists: - fortinet: Phishing
GET /npm/popper.js@1.16.1/dist/umd/popper.min.js HTTP/1.1 Host: cdn.jsdelivr.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://gzybl13.com/	URL: cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js FQDN: cdn.jsdelivr.net IP: 151.101.85.229 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 151.101.85.229 HTTP/1.1 301 Moved Permanently Connection: close Content-Length: 0 Server: Varnish Retry-After: 0 Location: https://cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js Accept-Ranges: bytes Date: Sat, 01 Oct 2022 23:16:24 GMT X-Served-By: cache-bma1678-BMA X-Cache: HIT alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npm/popper.js@1.16.1/dist/umd/popper.min.js HTTP/1.1 Host: cdn.jsdelivr.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: http://gzybl13.com/ Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js FQDN: cdn.jsdelivr.net IP: 151.101.85.229 HASH: fe78a2c604b4757dd5d114e0efb7e74c8f4acfe840bf6b6c01517205744a7648 151.101.85.229 HTTP/2 200 OK content-type: application/javascript; charset=utf-8 access-control-allow-origin: * access-control-expose-headers: * timing-allow-origin: * cache-control: public, max-age=31536000, s-maxage=31536000, immutable cross-origin-resource-policy: cross-origin x-content-type-options: nosniff strict-transport-security: max-age=31536000; includeSubDomains; preload x-jsd-version: 1.16.1 x-jsd-version-type: version etag: W/"52f1-MTeJyg4xtlR4TbuosPg/Nk+Gg7Q" content-encoding: gzip accept-ranges: bytes date: Sat, 01 Oct 2022 23:16:24 GMT age: 10956389 x-served-by: cache-fra19126-FRA, cache-bma1651-BMA x-cache: HIT, HIT vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length: 7503 X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text, with very long lines (21060) Size: 7503 Md5: 1f61c1b15b25ba046056238766ff3a43 Sha1: 2b8db740e4e913e9dc87a6060dea2a6b17ad0ec8 Sha256: fe78a2c604b4757dd5d114e0efb7e74c8f4acfe840bf6b6c01517205744a7648
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1 Host: ocsp.globalsign.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1 FQDN: ocsp.globalsign.com IP: 104.18.21.226 HASH: b982516e3bbdcf31e56563c779999b0d73721c6c058e261f54b74a731e20061d 104.18.21.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sat, 01 Oct 2022 23:16:24 GMT Transfer-Encoding: chunked Connection: keep-alive Etag: "E10B14C79837764178C1FF5C69413AE263DA3958" Expires: Sun, 02 Oct 2022 10:00:00 GMT Last-Modified: Sat, 01 Oct 2022 22:00:00 UTC Cache-Control: s-maxage=3600, public, no-transform, must-revalidate CF-Cache-Status: HIT Age: 1555 Vary: Accept-Encoding Server: cloudflare CF-RAY: 7538e7e2dcc4b4ee-OSL --- Additional Info --- Magic: data Size: 1462 Md5: 710d58e57cac9a0f22ceee6f394db62e Sha1: 009a3ac438b458a4a5e0c5edd11f13fe0840e4c3 Sha256: b982516e3bbdcf31e56563c779999b0d73721c6c058e261f54b74a731e20061d
GET /country HTTP/1.1 Host: ipinfo.io User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Referer: http://gzybl13.com/ Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: ipinfo.io/country FQDN: ipinfo.io IP: 34.117.59.81 HASH: a7f6136142d1d64355c678eb555bd9c312aada2b50a0b3c157d874fab0609053 34.117.59.81 HTTP/2 429 Too Many Requests content-type: application/json; charset=utf-8 access-control-allow-origin: * x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff referrer-policy: strict-origin-when-cross-origin date: Sat, 01 Oct 2022 23:16:22 GMT x-envoy-upstream-service-time: 1 strict-transport-security: max-age=2592000; includeSubDomains vary: Accept-Encoding content-encoding: gzip via: 1.1 google alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2 --- Additional Info --- Magic: data Size: 698 Md5: f1d14080ca13d13c540bb074f7877003 Sha1: 41f8c6fed8ea87ec3470980c5c74290fb677f4e0 Sha256: a7f6136142d1d64355c678eb555bd9c312aada2b50a0b3c157d874fab0609053
GET /vendor/sebastian/diff/bana/dist/langpack/en.json HTTP/1.1 Host: gzybl13.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Connection: keep-alive Referer: http://gzybl13.com/vendor/sebastian/diff/bana/cca1aace666b4c6999ae3136c854c50c/execution.html?validation=e1s1	URL: gzybl13.com/vendor/sebastian/diff/bana/dist/langpack/en.json FQDN: gzybl13.com IP: 121.42.94.163 HASH: 86f9abd216bc64ead1404975e2b6132aebc42ebd106e5be0f660b7e5852051a3 121.42.94.163 HTTP/1.1 200 OK Content-Type: application/json Date: Sat, 01 Oct 2022 23:16:24 GMT Server: Apache Last-Modified: Wed, 07 Sep 2022 22:05:59 GMT ETag: "24600f3-202-5e81d8492dbad" Accept-Ranges: bytes Content-Length: 514 Vary: User-Agent Keep-Alive: timeout=15, max=294 Connection: Keep-Alive --- Additional Info --- Magic: JSON data\012- , ASCII text Size: 514 Md5: e5111c3d242107acc93f71f9c9182079 Sha1: c648da6b0a6c4f9b89dbee1027cf9a7be36217ca Sha256: 86f9abd216bc64ead1404975e2b6132aebc42ebd106e5be0f660b7e5852051a3 Alerts: urlquery: - Phishing - DHL Blocklists: - fortinet: Phishing
GET /vendor/sebastian/diff/bana/dist/fonts/default-5a6dd86f272b304a8b83f7df61f11c2f.woff HTTP/1.1 Host: gzybl13.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Connection: keep-alive Referer: http://gzybl13.com/vendor/sebastian/diff/bana/dist/dhl.css	URL: gzybl13.com/vendor/sebastian/diff/bana/dist/fonts/defau (...) FQDN: gzybl13.com IP: 121.42.94.163 HASH: b033eff45e6e8ecd5c5bccd8ef9a96c4dc37325adc64c5aed8b1d909b24c4eb4 121.42.94.163 HTTP/1.1 200 OK Content-Type: text/plain Date: Sat, 01 Oct 2022 23:16:24 GMT Server: Apache Last-Modified: Wed, 07 Sep 2022 22:05:59 GMT ETag: "2443062-a188-5e81d8492c055" Accept-Ranges: bytes Content-Length: 41352 Vary: User-Agent Keep-Alive: timeout=15, max=299 Connection: Keep-Alive --- Additional Info --- Magic: Web Open Font Format, TrueType, length 41352, version 1.66\012- data Size: 41352 Md5: 4e23ecf085132857bdb54b4da7373151 Sha1: a50215c22a591536b21e509100d1707c6886ffd6 Sha256: b033eff45e6e8ecd5c5bccd8ef9a96c4dc37325adc64c5aed8b1d909b24c4eb4 Alerts: Blocklists: - fortinet: Phishing

URL	gzybl13.com/vendor/sebastian/diff/bana/cca1aace666b4c6999ae3136c854c50c/execution.html?validation=e1s1
IP	121.42.94.163 (China)
ASN	#37963 Hangzhou Alibaba Advertising Co.,Ltd.
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed	2022-10-01 23:16:28 UTC
Status	Loading report..
IDS alerts	0
Blocklist alert	13
urlquery alerts	6 Phishing - DHL
Tags	None

Overview

Domain Summary (14)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 121.42.94.163

Last 5 reports on ASN: Hangzhou Alibaba Advertising Co.,Ltd.

Last 5 reports on domain: gzybl13.com

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (14)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (42)

Overview

Domain Summary (14)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 121.42.94.163

Last 5 reports on ASN: Hangzhou Alibaba Advertising Co.,Ltd.

Last 5 reports on domain: gzybl13.com

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (14)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (42)

Network Intrusion Detection Systems