Report - tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/

Report Overview

Submitted URL
tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/
IP
149.62.169.16
ASN
#50926 Axarnet Comunicaciones, S.l.
Submitted
2022-12-06 10:03:05
Access
Website Title
Final URL
Tags
None
urlquery detections
Phishing - DHL

Detections

urlquery
27
Network Intrusion Detection
0
Threat Detection Systems
30

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.6 kB	93.184.220.29
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	35.164.183.116
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	71 kB	34.120.237.76
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	746 B	142.250.74.106
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	7.1 kB	23.36.77.32
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
tamarafreitas.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	10 kB	530 kB	149.62.169.16
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	2.8 kB	142.250.74.131
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.5 kB	128 kB	216.58.207.227
ajax.googleapis.com	12905	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	387 B	6.5 kB	216.58.207.234

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-12-05	medium	tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/	DHL Airways, Inc.

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-06	medium	tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/	Phishing
2022-12-06	medium	tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/cc.js	Phishing
2022-12-06	medium	tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/css	Phishing
2022-12-06	medium	tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/css(1)	Phishing
2022-12-06	medium	tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/webfont.js	Phishing
2022-12-06	medium	tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/moment.min.js	Phishing
2022-12-06	medium	tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/components_notifications.min.js	Phishing
2022-12-06	medium	tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/login_page.min.js	Phishing
2022-12-06	medium	tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/altair_admin_common.min.js	Phishing
2022-12-06	medium	tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/uikit_custom.min.js	Phishing
2022-12-06	medium	tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/Raleway-Medium.ttf	Phishing
2022-12-06	medium	tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/files/fonts/Delivery_W_Rg.woff	Phishing
2022-12-06	medium	tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/files/fonts/Delivery_W_Rg.woff	Phishing
2022-12-06	medium	tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/common.min.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (10)

	URL	Size	First Seen	Last Seen
	tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/common.min.js	261 kB	2023-03-07	2024-04-04
Pretty URL tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/common.min.js IP 149.62.169.16 ASN #50926 Axarnet Comunicaciones, S.l. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:02:36 Last Seen2024-04-04 07:02:14 Times Seen46 Hash 836a446f4b1173eeffc3f441dc3a145a 6ae3d53166f94dd1114522267a47e1287d1b67f5 1e359301246090b9c8e8a9b451d81eb83e04d04d2f98140cb216d3c3acd84cde Loading...

	ajax.googleapis.com/ajax/libs/webfont/1/webfont.js	13 kB	2023-03-07	2024-04-24
Pretty URL ajax.googleapis.com/ajax/libs/webfont/1/webfont.js IP 216.58.207.234 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:17 Last Seen2024-04-24 19:47:55 Times Seen22380 Hash 7c96a5f11d9741541d5e3c42ff6380d7 d3fa2564c021cf730e58ffddb138cf6b57ed126e 81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee Loading...

	tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/cc.js	3.9 kB	2023-03-07	2024-04-07
Pretty URL tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/cc.js IP 149.62.169.16 ASN #50926 Axarnet Comunicaciones, S.l. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:22:53 Last Seen2024-04-07 11:22:32 Times Seen123 Hash f151640942f16124b2b040bcf7e228b6 87f0b3819767c61841bc2a1d6fadfb42ae41266a 3024cc41e53a08d72f6ee4f45c3bb5819ff88e71b948ed57475518edd2489626 Loading...

	tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/altair_admin_common.min.js	23 kB	2023-03-07	2024-04-07
Pretty URL tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/altair_admin_common.min.js IP 149.62.169.16 ASN #50926 Axarnet Comunicaciones, S.l. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:20:14 Last Seen2024-04-07 11:22:32 Times Seen171 Hash 834d2ecce9a8cc7dba36d273de52b28a a605a1843810a676f6018c8a0072de08b05b7ef5 523eb9b6af99c2488af8dcd1a5cd648902c24b4981195b0d0b9f3cdaa2fd3b7f Loading...

	tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/	627 B	2023-03-07	2024-04-04
Pretty URL tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/ IP 149.62.169.16 ASN #50926 Axarnet Comunicaciones, S.l. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:20:14 Last Seen2024-04-04 07:02:14 Times Seen57 Hash b201513c0278ec41ea7c5ef6a9e8d49b 01f1e02e4a0c5af5508af3ffc0123e4e5fb70b88 d9a6b10b1adfe406ab10beb680272365118f84d0db848ece0cc31a281f279402 Loading...

	tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/components_notifications.min.js	1.1 kB	2023-03-07	2024-04-07
Pretty URL tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/components_notifications.min.js IP 149.62.169.16 ASN #50926 Axarnet Comunicaciones, S.l. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:20:14 Last Seen2024-04-07 11:22:32 Times Seen151 Hash b627c2a2eb3ed44bdaa291d0fc898316 03e1542cffbd078f0a21ad83ad589ce1679009cc d136e8ae0ac9b54bac28578861fac37ad93bd89b14d253e7d9f4a51609858537 Loading...

	tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/	76 B	2023-03-07	2024-04-04
Pretty URL tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/ IP 149.62.169.16 ASN #50926 Axarnet Comunicaciones, S.l. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:22:53 Last Seen2024-04-04 07:02:14 Times Seen54 Hash 55b6e3a81dc265a6e8287b7a683d1a91 cbeb4f0a89ea5ca00c938230bbe65b636c2fe56d 0324c0205dc1fe44ebeb36a1fe9dfa8d6e13930d617a6141d6fa7f99d6e3ffdc Loading...

	tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/login_page.min.js	845 B	2023-03-07	2024-04-07
Pretty URL tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/login_page.min.js IP 149.62.169.16 ASN #50926 Axarnet Comunicaciones, S.l. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:22:53 Last Seen2024-04-07 11:22:32 Times Seen149 Hash 8f26c1984eb6fc31f58d073788de4157 ed87fa78deed844a0837f9694be0ae253f90c818 558619a267691a460b410d2f703296b87a44e2fe994b3483740c6e74c8ee8d1b Loading...

	tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/moment.min.js	34 kB	2023-03-07	2024-04-04
Pretty URL tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/moment.min.js IP 149.62.169.16 ASN #50926 Axarnet Comunicaciones, S.l. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:02:36 Last Seen2024-04-04 07:02:14 Times Seen81 Hash 9c58a34f02796276b7e7109af74070cd a895868d27f57e0c1ef4ddf4e50c1055ff66eb15 a076b936e9383ed6f90c614cfd4e9ce57f95481e19fe1d84450926954d268856 Loading...

	tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/uikit_custom.min.js	102 kB	2023-03-07	2024-04-04
Pretty URL tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/uikit_custom.min.js IP 149.62.169.16 ASN #50926 Axarnet Comunicaciones, S.l. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:02:36 Last Seen2024-04-04 07:02:14 Times Seen61 Hash 660d070837ba7b53c5dcec99f7f94b9b b6fae86591af6f1260f49f52b45256a824096351 bc865ff931d1d97a468a025905eed3bde7282bd45450abfb759da9ac3ae9546f Loading...

HTTP Transactions (56)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13620
Expires: Tue, 06 Dec 2022 13:49:21 GMT
Date: Tue, 06 Dec 2022 10:02:21 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13714
Expires: Tue, 06 Dec 2022 13:50:55 GMT
Date: Tue, 06 Dec 2022 10:02:21 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
ee088fab9b287e174cfd1f2c735a909f
25c3335b514a36ad1a24d00413d60c3d394f5161
494e96358ff12366213d7cc0f9197648c6c62ec14fa0d2c78732a683fa26b192

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4220
Cache-Control: max-age=92358
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 10:02:21 GMT
Etag: "638dc877-1d7"
Expires: Wed, 07 Dec 2022 11:41:39 GMT
Last-Modified: Mon, 05 Dec 2022 10:31:19 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: L1r3i+kpj5ii/lHOZu/kBhtKs3ttm6C0KEJ8jPPK8RHqNUglBk7Avz+7iyDLAU4S+Ttr9n+K4aA=
x-amz-request-id: AM6TVNZCG7765H4A
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 06 Dec 2022 09:48:53 GMT
age: 808
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 06 Dec 2022 09:20:23 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2518
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
84fba032013c18001cc18fefcc82af8b
872b1d193cdecda6a665f0702c1d353d82e4c7d3
6ccb1acfa36b85214c996ca3887eb726b6f510ee61ba2038a33574a2ebe36b86

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6CCB1ACFA36B85214C996CA3887EB726B6F510EE61BA2038A33574A2EBE36B86"
Last-Modified: Mon, 05 Dec 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 06 Dec 2022 16:02:21 GMT
Date: Tue, 06 Dec 2022 10:02:21 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 10:02:21 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/

149.62.169.16

200 OK

3.0 kB

URL HTTP/1.1
tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (752)
Size
3.0 kB (2999 bytes)
Hash
6468325dbe3260b7f7e524bb46d61478
f25d71fed055949e58b7f06873f6231e1d9b3a6e
4dca48bc1c2bea1255984612afe79e12e2e19da25f39faf4f3c9e27cfc021a94

Detections

Analyzer	Verdict	Alert
openphish	DHL Airways, Inc.
fortinet	Phishing

HTTP Headers

GET /LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/ HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:02:21 GMT
Server: Apache
Last-Modified: Thu, 24 Nov 2022 15:47:32 GMT
ETag: "28ed-5ee3952b9ad00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 2999
Keep-Alive: timeout=3, max=300
Connection: Keep-Alive
Content-Type: text/html

tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/cc.js

149.62.169.16

200 OK

1.2 kB

URL HTTP/1.1
tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/cc.js
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
ASCII text, with CRLF line terminators
Size
1.2 kB (1216 bytes)
Hash
4599269e9d202c5a42a47c7ddd36066c
ce02c0ebc1df333475d09050d4722dfe80f8a5d9
f38f69ec7cc832f79116aa958ac63a4a78df1378e81759553a3749fba43ffc7d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

GET /LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/cc.js HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:02:22 GMT
Server: Apache
Last-Modified: Sun, 13 Nov 2022 02:49:41 GMT
ETag: "f0d-5ed512ca99b40-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 1216
Keep-Alive: timeout=3, max=299
Connection: Keep-Alive
Content-Type: application/javascript

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c10bc583c46449dc192a809398b4e814
ff0f7ad905d32d7f3d01e4054552d0ad551503a5
defd2b2559e55c9c6c0f8be9b23c53c4e781a736feae3dd73b4d203b69cfcc57

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 10:02:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/uikit.almost-flat.min.css

149.62.169.16

200 OK

18 kB

URL HTTP/1.1
tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/uikit.almost-flat.min.css
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
ASCII text, with very long lines (64978)
Size
18 kB (18075 bytes)
Hash
ad31a5c62af1cb439f34577d6ada9e93
23d39a7c41b7ac32204e71f5c987ff81d189501e
d5ff43e31f7b27f4c0f8efaee7f908f2fdc586fcfa6a2f8be39d4b9449ccba15

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/uikit.almost-flat.min.css HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:02:22 GMT
Server: Apache
Last-Modified: Sun, 13 Nov 2022 02:50:19 GMT
ETag: "18280-5ed512eed70c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 18075
Keep-Alive: timeout=3, max=298
Connection: Keep-Alive
Content-Type: text/css

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 06 Dec 2022 09:08:58 GMT
cache-control: public,max-age=3600
age: 3204
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/css

149.62.169.16

404 Not Found

1.8 kB

URL HTTP/1.1
tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/css
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
1.8 kB (1817 bytes)
Hash
9f3e4c2e5bca00e0d1a5667ec3876881
769ed6d0b884bf25025ed37ee437e6ee21601d64
082c5eba49fccc8b9d7bb3594c72ffb1e741eb051a806af3daf126a294e5da2f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/css HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 10:02:22 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2022 17:25:01 GMT
ETag: "719-5e80579f03efb"
Accept-Ranges: bytes
Content-Length: 1817
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=300
Connection: Keep-Alive
Content-Type: text/html

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
2b9d6a686aa3c4ea24568425e43a5221
d53bb4c9579bd1db78a0520619e888aec79f750f
c38734a8dbe51217d73896c0bf7f5c38c107fd79e0dee24b717f130377e9b5f7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4208
Cache-Control: max-age=87278
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 10:02:22 GMT
Etag: "638db4ac-1d7"
Expires: Wed, 07 Dec 2022 10:17:00 GMT
Last-Modified: Mon, 05 Dec 2022 09:06:52 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471

tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/css(1)

149.62.169.16

200 OK

1.0 kB

URL HTTP/1.1
tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/css(1)
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
ASCII text
Size
1.0 kB (1031 bytes)
Hash
9b6b9acae314fd9750512da3a591d94c
838c1535ac2739445a1e8f75958466c158f3c86b
67e458e826fe6f34d800099c556733b4ebdc2d2494b182524ef6ea3085547bb6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

GET /LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/css(1) HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:02:22 GMT
Server: Apache
Last-Modified: Sun, 13 Nov 2022 02:49:47 GMT
ETag: "3f8b-5ed512d0528c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 1031
Keep-Alive: timeout=3, max=300
Connection: Keep-Alive
Content-Type: text/plain

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c10bc583c46449dc192a809398b4e814
ff0f7ad905d32d7f3d01e4054552d0ad551503a5
defd2b2559e55c9c6c0f8be9b23c53c4e781a736feae3dd73b4d203b69cfcc57

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 10:02:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/webfont.js

149.62.169.16

404 Not Found

1.8 kB

URL HTTP/1.1
tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/webfont.js
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
1.8 kB (1817 bytes)
Hash
9f3e4c2e5bca00e0d1a5667ec3876881
769ed6d0b884bf25025ed37ee437e6ee21601d64
082c5eba49fccc8b9d7bb3594c72ffb1e741eb051a806af3daf126a294e5da2f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/webfont.js HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 10:02:22 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2022 17:25:01 GMT
ETag: "719-5e80579f03efb"
Accept-Ranges: bytes
Content-Length: 1817
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=297
Connection: Keep-Alive
Content-Type: text/html

tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/uikit.almost-flat.min(1).css

149.62.169.16

200 OK

18 kB

URL HTTP/1.1
tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/uikit.almost-flat.min(1).css
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
ASCII text, with very long lines (65456)
Size
18 kB (17932 bytes)
Hash
9bd9946cbda0fb8f57af1d018a45c581
37af83ef4dd8f7778300ca5537b9ce8582ce29b4
23d96a492be1d5b062a6fbd2a95996fc1ef7ed6606188b86c9b95e131ea7fb8f

HTTP Headers

GET /LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/uikit.almost-flat.min(1).css HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:02:22 GMT
Server: Apache
Last-Modified: Sun, 13 Nov 2022 02:50:17 GMT
ETag: "180d9-5ed512eceec40-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 17932
Keep-Alive: timeout=3, max=300
Connection: Keep-Alive
Content-Type: text/css

tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/moment.min.js

149.62.169.16

200 OK

12 kB

URL HTTP/1.1
tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/moment.min.js
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
ASCII text, with very long lines (32005), with CRLF line terminators
Size
12 kB (12425 bytes)
Hash
815f3d10d6b62aa1f66fb8ea61de2820
3be35cdcbefea4319599803e428a27877277521d
a4d565146a83e74cd183e63d9737ea723115e57175aebddd44eae6b5ce04c04a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

GET /LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/moment.min.js HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:02:22 GMT
Server: Apache
Last-Modified: Sun, 13 Nov 2022 02:50:09 GMT
ETag: "868a-5ed512e54da40-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 12425
Keep-Alive: timeout=3, max=299
Connection: Keep-Alive
Content-Type: application/javascript

tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/login_page.min.css

149.62.169.16

200 OK

13 kB

URL HTTP/1.1
tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/login_page.min.css
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
ASCII text, with very long lines (65010)
Size
13 kB (13156 bytes)
Hash
0e7fe6f5171baaebe4d0095dffee7862
fd962b214432608e3ae7275b7546c903c319870c
d5b6a0dd287ef8d4d0346f9032732105317890ffcb09680e2a250ea8192bfe07

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/login_page.min.css HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:02:22 GMT
Server: Apache
Last-Modified: Sun, 13 Nov 2022 02:49:58 GMT
ETag: "13040-5ed512dad0180-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 13156
Keep-Alive: timeout=3, max=300
Connection: Keep-Alive
Content-Type: text/css

tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/components_notifications.min.js

149.62.169.16

200 OK

489 B

URL HTTP/1.1
tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/components_notifications.min.js
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
ASCII text, with very long lines (1137), with no line terminators
Size
489 B (489 bytes)
Hash
57f6b729a55ad563d22c8c8f5d0f5cc7
05b3ae9c717f180226bf0c994d80bb80eb170548
a8f2f205118834e92b80f1eec7aeaab8ce81286bb7bd126425f9e9d7a9583ffc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

GET /LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/components_notifications.min.js HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:02:22 GMT
Server: Apache
Last-Modified: Sun, 13 Nov 2022 02:49:46 GMT
ETag: "471-5ed512cf5e680-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 489
Keep-Alive: timeout=3, max=298
Connection: Keep-Alive
Content-Type: application/javascript

tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/login_page.min.js

149.62.169.16

200 OK

292 B

URL HTTP/1.1
tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/login_page.min.js
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
ASCII text, with very long lines (845), with no line terminators
Size
292 B (292 bytes)
Hash
55cd7b45df5b66687d910e158edf8638
4efb4c9861f2241ef5e86d74c86fb4a2d9c883d1
df985f30cb887bc12e915281a1279fa6820db52b9da6ea5610129a429e19cd65

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

GET /LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/login_page.min.js HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:02:22 GMT
Server: Apache
Last-Modified: Sun, 13 Nov 2022 02:49:59 GMT
ETag: "34d-5ed512dbc43c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 292
Keep-Alive: timeout=3, max=299
Connection: Keep-Alive
Content-Type: application/javascript

tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/altair_admin_common.min.js

149.62.169.16

200 OK

6.1 kB

URL HTTP/1.1
tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/altair_admin_common.min.js
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
ASCII text, with very long lines (23095), with no line terminators
Size
6.1 kB (6118 bytes)
Hash
736f2982d27a8eba601b036a11a040d4
d8e399610247d06cf52549056cc4b056b13fdda9
fb65e394526b549c90c9f8b3f16ad7efc2b9fe32859c238f1fae092ac429e8b3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

GET /LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/altair_admin_common.min.js HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:02:22 GMT
Server: Apache
Last-Modified: Sun, 13 Nov 2022 02:49:36 GMT
ETag: "5a37-5ed512c5d5000-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 6118
Keep-Alive: timeout=3, max=299
Connection: Keep-Alive
Content-Type: application/javascript

tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/uikit_custom.min.js

149.62.169.16

200 OK

28 kB

URL HTTP/1.1
tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/uikit_custom.min.js
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
ASCII text, with very long lines (32010), with CRLF line terminators
Size
28 kB (27657 bytes)
Hash
ed002e00c09fccc6b9059062e728ae23
695a97c4ff8aab7a54d95ebbb0f82d93b2814712
dc47154ae0eebb038b06a48a968781f9aa21f6de16684a7a447b13b335173c71

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/uikit_custom.min.js HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:02:22 GMT
Server: Apache
Last-Modified: Sun, 13 Nov 2022 02:50:20 GMT
ETag: "18d79-5ed512efcb300-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Content-Length: 27657
Keep-Alive: timeout=3, max=296
Connection: Keep-Alive
Content-Type: application/javascript

tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/Raleway-Medium.ttf

149.62.169.16

200 OK

174 kB

URL HTTP/1.1
tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/Raleway-Medium.ttf
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
TrueType Font data, 16 tables, 1st "GPOS", 17 names, Microsoft, language 0x409, Copyright (c) 2010 - 2013, Matt McInerney (matt@pixelspread.com), Pablo Impallari (impallari@gma\012- data
Size
174 kB (174028 bytes)
Hash
bb5ae98e4ce1a64042093dc235c305ed
0c8681407d5de2de363187e7911e790d34d808c1
67544b051079d750900856631013bb2c59da3b92ef45a8eeacb04ffa03ca48a8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL
fortinet	Phishing

HTTP Headers

GET /LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/Raleway-Medium.ttf HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:02:22 GMT
Server: Apache
Last-Modified: Sun, 13 Nov 2022 02:50:12 GMT
ETag: "2a7cc-5ed512e82a100"
Accept-Ranges: bytes
Content-Length: 174028
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=300
Connection: Keep-Alive
Content-Type: application/font-sfnt

tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/logo.png

149.62.169.16

200 OK

11 kB

URL HTTP/1.1
tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/logo.png
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
PNG image data, 1181 x 167, 8-bit/color RGBA, non-interlaced\012- data
Size
11 kB (10607 bytes)
Hash
6ca57abf5741a5ac9ae8100ff5469b6e
f596e4f8f725b5281768b38ef561573c268648a8
4971fe9d28caa4bb569fa335ab2949528d97d76a97938b0ece6c86b6d306adfb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/logo.png HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:02:22 GMT
Server: Apache
Last-Modified: Sun, 13 Nov 2022 02:50:05 GMT
ETag: "296f-5ed512e17d140"
Accept-Ranges: bytes
Content-Length: 10607
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=295
Connection: Keep-Alive
Content-Type: image/png

tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/delivery-truck.png

149.62.169.16

200 OK

23 kB

URL HTTP/1.1
tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/delivery-truck.png
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size
23 kB (22690 bytes)
Hash
b070532cf610c869e09c5baa9bebbed5
d898221fb3cb6316d9c67d06bcf8bfef815f426e
5281f4abe208b59fdcf316414d641b3481df0229719a2bad5a4d279a538d3fe2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/delivery-truck.png HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:02:22 GMT
Server: Apache
Last-Modified: Sun, 13 Nov 2022 02:49:49 GMT
ETag: "58a2-5ed512d23ad40"
Accept-Ranges: bytes
Content-Length: 22690
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=298
Connection: Keep-Alive
Content-Type: image/png

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e24f2da4ed2e3cd07b0999a67550d634
6e2277e734fd0015849c3554dd2cf2ae289c2cf2
74dc14d7d9ba8bba4a162680e59801af1d7c2995639df51f32ff2f3d4d0b0051

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 10:02:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/DHL2.jpg

149.62.169.16

200 OK

122 kB

URL HTTP/1.1
tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/DHL2.jpg
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=2], baseline, precision 8, 1596x1015, components 3\012- data
Size
122 kB (121940 bytes)
Hash
c3f30f1d4ce45418f16babbed16a4cbb
82282946f848239b87309a6f36f2e666cc45a083
5649257954bde15b3ab14b15b2bc636edd661c803047605cb08c70f2f7619409

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/DHL2.jpg HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:02:22 GMT
Server: Apache
Last-Modified: Sun, 13 Nov 2022 02:49:52 GMT
ETag: "1dc54-5ed512d517400"
Accept-Ranges: bytes
Content-Length: 121940
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=299
Connection: Keep-Alive
Content-Type: image/jpeg

tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/files/fonts/Delivery_W_Rg.woff

149.62.169.16

404 Not Found

1.8 kB

URL HTTP/1.1
tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/files/fonts/Delivery_W_Rg.woff
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
1.8 kB (1817 bytes)
Hash
9f3e4c2e5bca00e0d1a5667ec3876881
769ed6d0b884bf25025ed37ee437e6ee21601d64
082c5eba49fccc8b9d7bb3594c72ffb1e741eb051a806af3daf126a294e5da2f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/files/fonts/Delivery_W_Rg.woff HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/login_page.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 10:02:22 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2022 17:25:01 GMT
ETag: "719-5e80579f03efb"
Accept-Ranges: bytes
Content-Length: 1817
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=298
Connection: Keep-Alive
Content-Type: text/html

fonts.gstatic.com/s/raleway/v28/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvoorCIPrE.woff2

216.58.207.227

200 OK

21 kB

URL HTTP/2
fonts.gstatic.com/s/raleway/v28/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvoorCIPrE.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 20704, version 1.0\012- data
Size
21 kB (20704 bytes)
Hash
bf05fdfc64ff2a262aa33b8b3a8e9bef
6000fd9fc8021257e32c3bbb9d31582beeb4e3a8
263105b83da311cd76db478c2d958dfded7cc73be6233045a3d3a2b57b86882f

HTTP Headers

GET /s/raleway/v28/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvoorCIPrE.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tamarafreitas.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20704
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 08:27:25 GMT
expires: Fri, 01 Dec 2023 08:27:25 GMT
cache-control: public, max-age=31536000
age: 437697
last-modified: Mon, 18 Jul 2022 19:57:58 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

push.services.mozilla.com/

35.164.183.116

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.164.183.116:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: QP1ubvGWtqcTaSm4HN/y9g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: eqmRCD+Qiv9pnYqllypM/YfI/qk=

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e24f2da4ed2e3cd07b0999a67550d634
6e2277e734fd0015849c3554dd2cf2ae289c2cf2
74dc14d7d9ba8bba4a162680e59801af1d7c2995639df51f32ff2f3d4d0b0051

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 10:02:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/files/fonts/Delivery_W_Rg.woff

149.62.169.16

404 Not Found

1.8 kB

URL HTTP/1.1
tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/files/fonts/Delivery_W_Rg.woff
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
1.8 kB (1817 bytes)
Hash
9f3e4c2e5bca00e0d1a5667ec3876881
769ed6d0b884bf25025ed37ee437e6ee21601d64
082c5eba49fccc8b9d7bb3594c72ffb1e741eb051a806af3daf126a294e5da2f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/files/fonts/Delivery_W_Rg.woff HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/uikit.almost-flat.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Tue, 06 Dec 2022 10:02:22 GMT
Server: Apache
Last-Modified: Tue, 06 Sep 2022 17:25:01 GMT
ETag: "719-5e80579f03efb"
Accept-Ranges: bytes
Content-Length: 1817
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=298
Connection: Keep-Alive
Content-Type: text/html

tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/common.min.js

149.62.169.16

200 OK

84 kB

URL HTTP/1.1
tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/common.min.js
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
ASCII text, with very long lines (32023), with CRLF line terminators
Size
84 kB (84152 bytes)
Hash
1abc6fd502d1646d491decc578e5c601
9507d41c7d550ec00f03287aecfb55a9926c20d4
2034b53eceaf30e006a97fa347b26b5cce04c9280e476c29301e6c62d46acbf9

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/common.min.js HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:02:22 GMT
Server: Apache
Last-Modified: Sun, 13 Nov 2022 02:49:43 GMT
ETag: "3fb68-5ed512cc81fc0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=299
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript

ajax.googleapis.com/ajax/libs/webfont/1/webfont.js

216.58.207.234

200 OK

5.4 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/webfont/1/webfont.js
IP
216.58.207.234:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2134)
Size
5.4 kB (5437 bytes)
Hash
30ca3165d143baf2835023bfcf463450
62c662c0873b79a314c040fef28dcd29abb14480
4f405d00e8ced09d5826e3e070b7e4d3f3556f856ca790b0b4a2c2eaaf58d33b

HTTP Headers

GET /ajax/libs/webfont/1/webfont.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 5437
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 18:34:16 GMT
expires: Wed, 29 Nov 2023 18:34:16 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 574087
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/dhl.gif

149.62.169.16

200 OK

1.3 kB

URL HTTP/1.1
tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/dhl.gif
IP
149.62.169.16:0
ASN
#50926 Axarnet Comunicaciones, S.l.

File type
GIF image data, version 89a, 150 x 150\012- data
Size
1.3 kB (1327 bytes)
Hash
0de70b2167051e74b14db28ae0b784bb
7d7ca8ea7ed4da4381b5407074765ca04d6b33f1
084e13e7b201dedca34c9a41c4cdd9f0b020c9237eb25c26eba6338e4a386b62

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - DHL
urlquery	phishing	Phishing - DHL

HTTP Headers

GET /LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/dhl.gif HTTP/1.1
Host: tamarafreitas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/LESS9382JS/ESATEESF433BVSEDKA/3428433WAQ5889/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 10:02:22 GMT
Server: Apache
Last-Modified: Sun, 13 Nov 2022 02:49:50 GMT
ETag: "52f-5ed512d32ef80"
Accept-Ranges: bytes
Content-Length: 1327
X-Powered-By: PleskLin
Keep-Alive: timeout=3, max=297
Connection: Keep-Alive
Content-Type: image/gif

fonts.gstatic.com/s/sourcecodepro/v22/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2

216.58.207.227

200 OK

20 kB

URL HTTP/2
fonts.gstatic.com/s/sourcecodepro/v22/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 19680, version 1.0\012- data
Size
20 kB (19680 bytes)
Hash
0628e64d7cdd00a4c6c41b7554ecf8b1
0dee04b143193572e8421021f5fe03b006fa4530
1c2e64053b56afdcc933af75555920cf89c08b8ca04961f4815abdbd0bdcdbc3

HTTP Headers

GET /s/sourcecodepro/v22/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tamarafreitas.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 19680
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 22:22:33 GMT
expires: Wed, 29 Nov 2023 22:22:33 GMT
cache-control: public, max-age=31536000
age: 560390
last-modified: Tue, 23 Aug 2022 18:25:36 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tamarafreitas.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:54 GMT
expires: Thu, 30 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 484109
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Size
16 kB (15740 bytes)
Hash
b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tamarafreitas.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:34:15 GMT
expires: Thu, 30 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 484088
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tamarafreitas.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:56 GMT
expires: Thu, 30 Nov 2023 19:33:56 GMT
cache-control: public, max-age=31536000
age: 484107
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tamarafreitas.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:34:15 GMT
expires: Thu, 30 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 484088
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2

216.58.207.227

200 OK

17 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 17368, version 1.0\012- data
Size
17 kB (17368 bytes)
Hash
abe083d96b58eb02ada8b7c30d7b09f2
61447d66d13a8c8f4335696777a85c438c46f749
db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9

HTTP Headers

GET /s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tamarafreitas.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17368
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 07:01:24 GMT
expires: Wed, 06 Dec 2023 07:01:24 GMT
cache-control: public, max-age=31536000
age: 10859
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10800
Expires: Tue, 06 Dec 2022 13:02:24 GMT
Date: Tue, 06 Dec 2022 10:02:24 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10800
Expires: Tue, 06 Dec 2022 13:02:24 GMT
Date: Tue, 06 Dec 2022 10:02:24 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10800
Expires: Tue, 06 Dec 2022 13:02:24 GMT
Date: Tue, 06 Dec 2022 10:02:24 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10800
Expires: Tue, 06 Dec 2022 13:02:24 GMT
Date: Tue, 06 Dec 2022 10:02:24 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10800
Expires: Tue, 06 Dec 2022 13:02:24 GMT
Date: Tue, 06 Dec 2022 10:02:24 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10183 bytes)
Hash
99d1ff8fa2e095dcf2bda3d1e1af1221
f914f04a0e1fb45a221d31d2105bfc73015b03e6
90325d4299a44dbd213857ada6f6880db8c33ad61685cfcb60c4a2455a84cf87

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10183
x-amzn-requestid: 557e6b38-7be9-4953-968b-2e5bd3491ef4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUDYEQbIAMFwRg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e66e2-1fcd8fc4719bc0bc7d11abd2;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: z1_zJTJMuk724WMOmIc660b54AyZK8ffNVF5N7ehZ00W2kaL3Lcd1A==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:47:14 GMT
age: 44110
etag: "f914f04a0e1fb45a221d31d2105bfc73015b03e6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcfc1e29-0017-4346-aacf-66d3875076ce.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.8 kB (5790 bytes)
Hash
18bbcbf84b00d3bc602830478ff1bd7f
1f25392db4cf3693259202b24e898f21093b8bf9
cb2b44e1f74a9bb43fab48536f6146e273c728b34e4889ff3f18a411d14d2282

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcfc1e29-0017-4346-aacf-66d3875076ce.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5790
x-amzn-requestid: 2e409a5f-ce04-4b9b-b3a2-74e5bbd256d3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSvoEoUoAMFsxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64ca-72e1bb13187b18aa26c8566f;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WBNaNTgYQaDVlJqu2u341xYy_6zmr5LqmCD2BPjGPGgmAG20WNHyKw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:46:52 GMT
age: 44132
etag: "1f25392db4cf3693259202b24e898f21093b8bf9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb60ffdb0-9abd-43ed-ba00-442492cc7b45.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8287 bytes)
Hash
4c0e37b32bf91d9877ad7cb9f4f875a5
cec2ccf17ae08fe009c09563d214564c3499ad4c
4cec4e669ba4b149573de59df16d8cae06a6d4393092d7e06150596f38dc6856

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb60ffdb0-9abd-43ed-ba00-442492cc7b45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8287
x-amzn-requestid: f434241a-bf89-44a4-8320-37083f11ae0c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSuYHxOIAMFYuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64c2-1a89a8d25044d96535ad8a36;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Ut9ZM7T05yaYKdk6GVUSnG7yIQ07QmG-jOy9mgE_K1AB9qUgx6L3LQ==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:30:52 GMT
age: 41492
etag: "cec2ccf17ae08fe009c09563d214564c3499ad4c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ba08976-65c4-4b8b-9ef1-92055a7b5235.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12293 bytes)
Hash
53afd826523f4c18bf968764818d7ca7
9a26884875abb0652c568c50438b65f801779f9a
4f9dfeda67a040fef9c6987a7c334a91c993c84f694fa91771fcf7fd1d2e4937

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ba08976-65c4-4b8b-9ef1-92055a7b5235.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12293
x-amzn-requestid: 49891ceb-3f74-4e83-8064-f54fc8b30961
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSyGHPOIAMFYqw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64da-651e4e0c55257bcc553cd176;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4f0QQ4-21m-DiP4oUtIG75_vremc835laqhfDerlqCuW-WyKClvc9Q==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:29:38 GMT
age: 41566
etag: "9a26884875abb0652c568c50438b65f801779f9a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70fb9d31-10e5-4323-9fbd-ed451a00e6b1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10594 bytes)
Hash
7e1b54923ba506fde6b21c5bfb51ccc8
366aa3ab0790c496ea51bc08d1f2ff3358530d9e
a993ca6dc9a1f854f4542f9221e4f90060825ea863974b5163a9d3e284dc4663

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70fb9d31-10e5-4323-9fbd-ed451a00e6b1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10594
x-amzn-requestid: eee9f193-eef5-44bf-997a-877fa206749e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSyIHpGoAMF1fw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64da-0a9190f7698dbf2f73bb1575;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: f-KQCOuDl461V8MBPsSOj1ILCU91Q0pCSENaldkMHR2oZdrEUnHeaA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:03:16 GMT
age: 43148
etag: "366aa3ab0790c496ea51bc08d1f2ff3358530d9e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11224 bytes)
Hash
b15136d60fd0a5e0f657a4f5c75d540f
36082b7329d473829178f280cb71a83b1531e486
79478269b1f5dcfd1e45ccd4264fa44805b37c5c8fec820bcbd2fa1689dfbbd8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11224
x-amzn-requestid: 938de0b8-1055-4416-9ad7-162ab5f4db9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUINEwdoAMFuOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6701-38b079ef341bb17e567de773;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:45 GMT
x-amz-cf-pop: YVR50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tGtiCE9C3j0BUruNaFN2j1mKxCSouLmocmTXpmLMBJaLNyVwkXu1gQ==
via: 1.1 f0ac467993db44dbfc36b778dfcaf73c.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:23:09 GMT
age: 41955
etag: "36082b7329d473829178f280cb71a83b1531e486"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ca09fa3-9c1c-4e27-b763-2de04564da9d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4827 bytes)
Hash
73b9f329cd3a39d0756de62dd5f190b7
0f1c7567b89cc3de60196e47e37879296359bc78
e15711efe27a3d302a9869cf01d27fd65bd0beca9d03a19d93bbf11e28f3e1d8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ca09fa3-9c1c-4e27-b763-2de04564da9d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 4827
x-amzn-requestid: 9091cc45-8fb1-4b07-8ef9-3f42b85fb81e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSuYH_KIAMFpMQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64c2-6bf3bf8659ef3feb27c1803f;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: fxdYE-ftBwC_0KcBJBQqvUbVXM54TmsKR8QXIfLIhdLYsqtaxdx9tg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:22:26 GMT
age: 42004
etag: "0f1c7567b89cc3de60196e47e37879296359bc78"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Raleway:wght@500&display=swap

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css2?family=Raleway:wght@500&display=swap
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css2?family=Raleway:wght@500&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tamarafreitas.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Dec 2022 10:02:22 GMT
date: Tue, 06 Dec 2022 10:02:22 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations