r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d4e95d0d8982bcd07804baf6fc88231c
5027abda0875bd2529dd4d6691784c74da71a9ee
373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7099
Expires: Sat, 04 Feb 2023 04:21:51 GMT
Date: Sat, 04 Feb 2023 02:23:32 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ec47f9eed203ae063b9c210009de54a9
19ff156471b9cffbc2432c5b65543bdd18e36271
3974208ce1840f6c9467287b7e220379ed881d76db64939f411dbc500c103d48
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3974208CE1840F6C9467287B7E220379ED881D76DB64939F411DBC500C103D48"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13773
Expires: Sat, 04 Feb 2023 06:13:05 GMT
Date: Sat, 04 Feb 2023 02:23:32 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7d2222d41721947297aaeb5a6e3d0714
04cc1ee417c8bf6338657fd4c2e4e1c1ddfd3065
de0e45969a2ad95e52f7e2fbd0d021d9075dd7b14666c929346efe111f648f7c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE0E45969A2AD95E52F7E2FBD0D021D9075DD7B14666C929346EFE111F648F7C"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9708
Expires: Sat, 04 Feb 2023 05:05:20 GMT
Date: Sat, 04 Feb 2023 02:23:32 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 01:36:12 GMT
content-type: application/json
age: 2840
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 3MGeKjXWoCuB/JLQrUMClMjPkw7YsMYKwB1AOHdG6QWCbKRX3SFdeoEQ8LjfIfBphZMzuvgdilI=
x-amz-request-id: SMQDSGRP4XX6R3W3
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 01:52:39 GMT
age: 1853
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
harshvardhans.com/dhlexp2m/dhl/info.php
192.185.187.212302 Moved Temporarily 20 B URL HTTP/1.1 harshvardhans.com/dhlexp2m/dhl/info.php
IP 192.185.187.212:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
Analyzer Verdict Alert fortinet Malware
GET /dhlexp2m/dhl/info.php HTTP/1.1
Host: harshvardhans.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Date: Sat, 04 Feb 2023 02:23:32 GMT
Server: nginx/1.23.2
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip
Vary: Accept-Encoding
Location: index.php
X-Server-Cache: false
Set-Cookie: PHPSESSID=29c3cc3c8597b1125dcaa2afd35d0fdb; path=/
Transfer-Encoding: chunked
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 02:23:32 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 01:49:07 GMT
age: 2065
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12102
Expires: Sat, 04 Feb 2023 05:45:15 GMT
Date: Sat, 04 Feb 2023 02:23:33 GMT
Connection: keep-alive
push.services.mozilla.com/
54.149.117.124101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.117.124:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: zJBzA/oH3f18CGHzOQK6Rw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: fL+6gS+rQHbaB4XhOcG0xK+82tQ=
harshvardhans.com/dhlexp2m/dhl/index.php
192.185.187.212302 Moved Temporarily 29 B URL HTTP/1.1 harshvardhans.com/dhlexp2m/dhl/index.php
IP 192.185.187.212:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 text, with very long lines (479), with no line terminators
Hash 23dc13ecfc8cf338ffc0c27723526d8c
61da2a1efb23a4c04271e49f6685d9b71f415ece
a7d74fbbd7dc4371f5dc1dc9e7b7b97b14a62214ded1e95f1bdc8a7fbdc03179
Analyzer Verdict Alert fortinet Malware
GET /dhlexp2m/dhl/index.php HTTP/1.1
Host: harshvardhans.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=29c3cc3c8597b1125dcaa2afd35d0fdb
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Date: Sat, 04 Feb 2023 02:23:33 GMT
Server: nginx/1.23.2
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip
Vary: Accept-Encoding
Location: info.php
X-Server-Cache: false
Transfer-Encoding: chunked
harshvardhans.com/dhlexp2m/dhl/info.php
192.185.187.212200 OK 6.7 kB URL HTTP/1.1 harshvardhans.com/dhlexp2m/dhl/info.php
IP 192.185.187.212:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4940)
Hash e572488ccbae2ba71f04519aa649314b
3f53fa38f834a90db380fa4c87d5277283daee83
c69d7de8ef756ca2762abd9cca61238cfb37992834fbc0b555fd3c5fb38b93ed
Analyzer Verdict Alert fortinet Malware
GET /dhlexp2m/dhl/info.php HTTP/1.1
Host: harshvardhans.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=29c3cc3c8597b1125dcaa2afd35d0fdb
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 02:23:34 GMT
Server: nginx/1.23.2
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server-Cache: false
Transfer-Encoding: chunked
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6229
Expires: Sat, 04 Feb 2023 04:07:23 GMT
Date: Sat, 04 Feb 2023 02:23:34 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6229
Expires: Sat, 04 Feb 2023 04:07:23 GMT
Date: Sat, 04 Feb 2023 02:23:34 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6229
Expires: Sat, 04 Feb 2023 04:07:23 GMT
Date: Sat, 04 Feb 2023 02:23:34 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe387e59d-188b-44a0-b94c-033d7d635117.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe387e59d-188b-44a0-b94c-033d7d635117.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 45c6a062f8637e689819f505b019dc0e
61665688f1039c4fad848853a68e28d057718ad1
c9b14113eba535a2e1a6cbbf121a818ad0204fc6dd7b2ea9b592830ab927d6d1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe387e59d-188b-44a0-b94c-033d7d635117.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6718
x-amzn-requestid: 662f889b-4c25-4dec-85d4-ea9dfa8b8974
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7DE5boAMF_cA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-33ca99fc7b6eac8d5486d6c1;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: WvNs1hPPXHBJs5rTIBqH3DbqLLX6si9jHF46KrsuT9BFB2N2V3zeUA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:06:20 GMT
age: 15434
etag: "61665688f1039c4fad848853a68e28d057718ad1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6661b7263315f5eb3cd2465f671e1fcd
b7b5831c6b3ccc41d7a980b6088adc10ff8785f1
eb25507950d81db4b54a1af7fadaceee1bcff780eb28b6a04dbfb3886785f5b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 8527
x-amzn-requestid: f95a2821-ae89-4ea9-93b2-43e570285df3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEC3FyboAMFe0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8078-7e2177f11d5715d4092cad2c;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dcFgY5x3Ef0J__7wGn3llTjZ9as5nX1H4HErIT3VlKfeQaQTjymW2g==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:33 GMT
etag: "b7b5831c6b3ccc41d7a980b6088adc10ff8785f1"
content-type: image/jpeg
age: 15181
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0567732b-c9d0-4bac-89d8-3dc6a16e522c.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0567732b-c9d0-4bac-89d8-3dc6a16e522c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 99bf0073acf75f9e04b52a96bf47797b
fa68da2c92fa89ed3dafe9915e064fca022af21f
961b77616486483e5767f214d2417275b9c995614128acab3521b6cd2f8866e2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0567732b-c9d0-4bac-89d8-3dc6a16e522c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8267
x-amzn-requestid: 8bf1f9c3-4508-489e-9f45-3ce50df74b0b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEW0HM6IAMFXog=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd80f8-2e7c768d54981cf1634830db;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:47:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: slDJVVNZDwjopU0kXbAvAJw4A0I_hGKXbRf9O15sXxmvu0JXe8yuPA==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:17:59 GMT
etag: "fa68da2c92fa89ed3dafe9915e064fca022af21f"
content-type: image/jpeg
age: 14735
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5300360-6063-4d18-8dd2-28dbcf47d371.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5300360-6063-4d18-8dd2-28dbcf47d371.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9ab97f766ee1ed6ebbb2b3889a9157b4
f87f165404dec4d65531e6e25146cb77601f3616
f3d0f76f956371b1733a526f10a8253fc3396a459d7af59380d8e8db7dee8ec2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5300360-6063-4d18-8dd2-28dbcf47d371.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14071
x-amzn-requestid: 40cb363f-2c4d-4361-9fe1-10e4c8b2fe29
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fiTo4Ek2oAMFs6g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d73305-6cb63d3c49f9f84e639467f6;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 03:01:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: b7r7phj8i49RMSuWufxF1L34K9udWa0mJ4dY12izM9ofwAuCFBGEZQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:48:05 GMT
age: 16529
etag: "f87f165404dec4d65531e6e25146cb77601f3616"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F584e2763-154a-41f5-94f4-afe59c3b0984.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F584e2763-154a-41f5-94f4-afe59c3b0984.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a1356818f64ee520358098b40ccb11e6
234448cd9f2c28ee12a3499a17b45f0b8a2e5487
3035ce56cfd2ec24b2ce90f8f7c616a4a289827204750809bcf0c999d5de1dc9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F584e2763-154a-41f5-94f4-afe59c3b0984.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6038
x-amzn-requestid: 81a0fa01-9084-4f65-bded-7e134b706247
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEmzHJYIAMFkkQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd815e-252b7647390dab683134a0db;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:49:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: VV-IUD-KkEQ4JEceNG7UC9j_QzdxDiTOywUvvlFslrEuRy7Oku6gkg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:01:05 GMT
age: 15749
etag: "234448cd9f2c28ee12a3499a17b45f0b8a2e5487"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F043bf414-ba77-4973-9779-d0c124ae0baf.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F043bf414-ba77-4973-9779-d0c124ae0baf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 28099f5ad8a27e5a49a0d1c842486329
d47caba75b363a4c008e5a9a9d0b8e39d9fa4abd
1d798d35ceae594d86fa43aa0ef47b962c52bb1557e17dda9b294bd01f374b3a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F043bf414-ba77-4973-9779-d0c124ae0baf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8352
x-amzn-requestid: 80032cef-14cd-4f56-9830-8c74891ed00f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEqQFDJIAMFspQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8174-6d3310287fc74bb27e9b038a;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:49:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: fAgrJvhZVkG4PsCQPTpyr3pzjFm0KzcoiP6BmcGmecYdamwIMjHMng==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:01 GMT
age: 15213
etag: "d47caba75b363a4c008e5a9a9d0b8e39d9fa4abd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
harshvardhans.com/dhlexp2m/dhl/files/js/jquery.js
192.185.187.212200 OK 40 kB URL HTTP/1.1 harshvardhans.com/dhlexp2m/dhl/files/js/jquery.js
IP 192.185.187.212:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (65536), with no line terminators
Hash d127868428786f4e324867c0b3f13edd
e1187e2ee6bf3975b1c54d5f84e15109e8344a87
d30932a821c9ed14d8eedba3bdd811e642fd0d3c6dcc9024c503928319ce68b5
Analyzer Verdict Alert fortinet Malware
GET /dhlexp2m/dhl/files/js/jquery.js HTTP/1.1
Host: harshvardhans.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://harshvardhans.com/dhlexp2m/dhl/info.php
Cookie: PHPSESSID=29c3cc3c8597b1125dcaa2afd35d0fdb
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 02:23:34 GMT
Server: Apache
Last-Modified: Sat, 19 Nov 2022 18:37:55 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: application/javascript
harshvardhans.com/dhlexp2m/dhl/files/css/main.css
192.185.187.212200 OK 159 kB URL HTTP/1.1 harshvardhans.com/dhlexp2m/dhl/files/css/main.css
IP 192.185.187.212:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1142), with CRLF line terminators
Size 159 kB (158837 bytes)
Hash 0561089dd10e77b1d660f32013bdee42
06e335e9faf2db1311f075249f8037491fb126ef
b6d4facb55fb14b9654f126b8bc5e228efa5ca2aa9612a5f1c3852a9caa86aff
GET /dhlexp2m/dhl/files/css/main.css HTTP/1.1
Host: harshvardhans.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://harshvardhans.com/dhlexp2m/dhl/info.php
Cookie: PHPSESSID=29c3cc3c8597b1125dcaa2afd35d0fdb
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 02:23:34 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Wed, 25 Nov 2020 21:27:30 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: text/css
harshvardhans.com/dhlexp2m/dhl/files/img/glo-footer-logo.svg
192.185.187.212200 OK 12 kB URL HTTP/1.1 harshvardhans.com/dhlexp2m/dhl/files/img/glo-footer-logo.svg
IP 192.185.187.212:0
ASN #46606 UNIFIEDLAYER-AS-1
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (656)
Hash d1b0e043744fd642282117a03d308b17
d8abe7a0887b804e516c45a344c542e291a1a84b
5162de2ee844a80d76b7d7514c02ab7d5de72a5966113323d80eb56bf6ded038
Analyzer Verdict Alert fortinet Malware
GET /dhlexp2m/dhl/files/img/glo-footer-logo.svg HTTP/1.1
Host: harshvardhans.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://harshvardhans.com/dhlexp2m/dhl/info.php
Cookie: PHPSESSID=29c3cc3c8597b1125dcaa2afd35d0fdb
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 02:23:35 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Tue, 20 Oct 2020 03:47:04 GMT
Accept-Ranges: bytes
Content-Length: 11968
Content-Type: image/svg+xml
harshvardhans.com/dhlexp2m/dhl/files/img/dhl-logo.svg
192.185.187.212200 OK 1.6 kB URL HTTP/1.1 harshvardhans.com/dhlexp2m/dhl/files/img/dhl-logo.svg
IP 192.185.187.212:0
ASN #46606 UNIFIEDLAYER-AS-1
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 3fecc9db35d5d2a9e6e71ab4b02d22e5
628ba2f505b480097445aaf08649a08242bd6847
362bcaa42090e36611031bec6bdaa0600375ef847092cca195c58d3bae9b4419
Analyzer Verdict Alert fortinet Malware
GET /dhlexp2m/dhl/files/img/dhl-logo.svg HTTP/1.1
Host: harshvardhans.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://harshvardhans.com/dhlexp2m/dhl/info.php
Cookie: PHPSESSID=29c3cc3c8597b1125dcaa2afd35d0fdb
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 02:23:35 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Tue, 20 Oct 2020 03:47:02 GMT
Accept-Ranges: bytes
Content-Length: 1603
Content-Type: image/svg+xml
harshvardhans.com/dhlexp2m/dhl/files/img/glo.svg
192.185.187.212200 OK 1.1 kB URL HTTP/1.1 harshvardhans.com/dhlexp2m/dhl/files/img/glo.svg
IP 192.185.187.212:0
ASN #46606 UNIFIEDLAYER-AS-1
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 2675cbe725f294695cebc4a0aaa74505
79f51edb2edae65bc9247438206c09b13512c2db
7b7e4adb65aa53b1bc731f15511c53d5beb73f187d5c5f35f19ebbfaf0decbbd
Analyzer Verdict Alert fortinet Malware
GET /dhlexp2m/dhl/files/img/glo.svg HTTP/1.1
Host: harshvardhans.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://harshvardhans.com/dhlexp2m/dhl/info.php
Cookie: PHPSESSID=29c3cc3c8597b1125dcaa2afd35d0fdb
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 02:23:35 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Tue, 17 Nov 2020 22:21:58 GMT
Accept-Ranges: bytes
Content-Length: 1104
Content-Type: image/svg+xml
harshvardhans.com/dhlexp2m/dhl/files/img/lod.gif
192.185.187.212200 OK 18 kB URL HTTP/1.1 harshvardhans.com/dhlexp2m/dhl/files/img/lod.gif
IP 192.185.187.212:0
ASN #46606 UNIFIEDLAYER-AS-1
File type GIF image data, version 89a, 200 x 103\012- data
Hash f3ffb13cf88b13ec557e6149371b361d
3c72f0855b4bd6e3b45675a5e8b08c8fb7a98f49
ce6a239fde88d8fb01c7a10d6f7b27d1bc23f5462d02f5ebb4927479fa32a302
GET /dhlexp2m/dhl/files/img/lod.gif HTTP/1.1
Host: harshvardhans.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://harshvardhans.com/dhlexp2m/dhl/info.php
Cookie: PHPSESSID=29c3cc3c8597b1125dcaa2afd35d0fdb
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 02:23:35 GMT
Server: Apache
Last-Modified: Wed, 21 Oct 2020 02:45:00 GMT
Accept-Ranges: bytes
Content-Length: 17585
Content-Type: image/gif
harshvardhans.com/dhlexp2m/dhl/files/img/arrow.svg
192.185.187.212200 OK 311 B URL HTTP/1.1 harshvardhans.com/dhlexp2m/dhl/files/img/arrow.svg
IP 192.185.187.212:0
ASN #46606 UNIFIEDLAYER-AS-1
File type SVG Scalable Vector Graphics image\012- , ASCII text, with CRLF line terminators
Hash bf74c2d1662a63c8d94a749fc1a43de1
ee52ec790106e30c1ebb94dd04d672436a38ec08
d8748acb2eead2bb284ccec7029faaa404c1f2bda9cbeae2d777b9033e473a9d
Analyzer Verdict Alert fortinet Malware
GET /dhlexp2m/dhl/files/img/arrow.svg HTTP/1.1
Host: harshvardhans.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://harshvardhans.com/dhlexp2m/dhl/files/css/main.css
Cookie: PHPSESSID=29c3cc3c8597b1125dcaa2afd35d0fdb
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 02:23:35 GMT
Server: Apache
Last-Modified: Sun, 22 Nov 2020 21:49:48 GMT
Accept-Ranges: bytes
Content-Length: 311
Content-Type: image/svg+xml
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ad9c2fedaf3c757f79a4f9f32e0a7106
78b209a9638329f386245de54f64665c0b199eed
db31dd19f06144b1f541c6167426818b52ecb22c48fcc8174298fcafa950b152
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DB31DD19F06144B1F541C6167426818B52ECB22C48FCC8174298FCAFA950B152"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5826
Expires: Sat, 04 Feb 2023 04:00:41 GMT
Date: Sat, 04 Feb 2023 02:23:35 GMT
Connection: keep-alive
record.findtrustclicks.com/sort.js?v=7.2.2
89.22.228.250200 OK 689 B URL HTTP/1.1 record.findtrustclicks.com/sort.js?v=7.2.2
IP 89.22.228.250:0
File type ASCII text, with very long lines (1529), with no line terminators
Hash dd71632de7845e3913ff146fe71b1c99
0ab332ad88b2458767ea0ef4be3ddce3d23990f9
07907ca98937d69fe3751f600a2511e91498536731ebf1b28c3c85eb9ba06b05
GET /sort.js?v=7.2.2 HTTP/1.1
Host: record.findtrustclicks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://harshvardhans.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 02:23:35 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
Last-Modified: Fri, 03 Feb 2023 15:30:57 GMT
ETag: W/"5f9-5f3cd5e35a1c8"
Content-Encoding: gzip
harshvardhans.com/dhlexp2m/dhl/files/assets/fonts/c2d3739d2debffea340a58b7b8ab3c61.woff
192.185.187.212301 Moved Permanently 0 B URL HTTP/1.1 harshvardhans.com/dhlexp2m/dhl/files/assets/fonts/c2d3739d2debffea340a58b7b8ab3c61.woff
IP 192.185.187.212:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /dhlexp2m/dhl/files/assets/fonts/c2d3739d2debffea340a58b7b8ab3c61.woff HTTP/1.1
Host: harshvardhans.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://harshvardhans.com/dhlexp2m/dhl/files/css/main.css
Cookie: PHPSESSID=29c3cc3c8597b1125dcaa2afd35d0fdb
HTTP/1.1 301 Moved Permanently
Date: Sat, 04 Feb 2023 02:23:35 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: http://www.harshvardhans.com/dhlexp2m/dhl/files/assets/fonts/c2d3739d2debffea340a58b7b8ab3c61.woff
Content-Length: 0
Content-Type: text/html; charset=UTF-8
harshvardhans.com/dhlexp2m/dhl/files/assets/fonts/d2c082a9f78e61ea7ccefecaca4da8a3.woff
192.185.187.212301 Moved Permanently 0 B URL HTTP/1.1 harshvardhans.com/dhlexp2m/dhl/files/assets/fonts/d2c082a9f78e61ea7ccefecaca4da8a3.woff
IP 192.185.187.212:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /dhlexp2m/dhl/files/assets/fonts/d2c082a9f78e61ea7ccefecaca4da8a3.woff HTTP/1.1
Host: harshvardhans.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://harshvardhans.com/dhlexp2m/dhl/files/css/main.css
Cookie: PHPSESSID=29c3cc3c8597b1125dcaa2afd35d0fdb
HTTP/1.1 301 Moved Permanently
Date: Sat, 04 Feb 2023 02:23:35 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: http://www.harshvardhans.com/dhlexp2m/dhl/files/assets/fonts/d2c082a9f78e61ea7ccefecaca4da8a3.woff
Content-Length: 0
Content-Type: text/html; charset=UTF-8
harshvardhans.com/dhlexp2m/dhl/files/img/favicon.ico
192.185.187.212200 OK 1.2 kB URL HTTP/1.1 harshvardhans.com/dhlexp2m/dhl/files/img/favicon.ico
IP 192.185.187.212:0
ASN #46606 UNIFIEDLAYER-AS-1
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash d8106bf3a1d00ab43b01e6e3c92500eb
202b5e8654ab1b28351378293bca3b9d844cc29b
9ada5709e264c31b04a05bd85448a9bd5e91925e8d83df5cef0762ec97cc283e
GET /dhlexp2m/dhl/files/img/favicon.ico HTTP/1.1
Host: harshvardhans.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://harshvardhans.com/dhlexp2m/dhl/info.php
Cookie: PHPSESSID=29c3cc3c8597b1125dcaa2afd35d0fdb
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 02:23:36 GMT
Server: nginx/1.23.2
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Fri, 23 Oct 2020 17:46:12 GMT
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Sat, 11 Feb 2023 02:23:36 GMT
X-Server-Cache: false
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 9b19a342554888b6578e9dc59c23437a
8a0652b7e141edbbb684c491d1800ab5e8f8e48a
ae0c7cdebf91c6a828be2b58007acb1c5d52ea7295b304cb004fc85a099daafe
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AE0C7CDEBF91C6A828BE2B58007ACB1C5D52EA7295B304CB004FC85A099DAAFE"
Last-Modified: Fri, 03 Feb 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20810
Expires: Sat, 04 Feb 2023 08:10:26 GMT
Date: Sat, 04 Feb 2023 02:23:36 GMT
Connection: keep-alive
back.firstblackphase.com/mbRB96
194.135.30.210200 OK 1.2 kB URL HTTP/1.1 back.firstblackphase.com/mbRB96
IP 194.135.30.210:0
ASN #2856 British Telecommunications PLC
File type ASCII text, with very long lines (3022), with no line terminators
Hash eb02d53f0152c5c871ed775e2caf9250
ebd44170acd88dc736ea779f6ab8f8ff7caa5c6d
2a005b344967b5d077e8c2fa6f3290cd3c97442b58ef79cc8050df763f448683
GET /mbRB96 HTTP/1.1
Host: back.firstblackphase.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://harshvardhans.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 02:23:36 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 1176
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Expires: 0
Pragma: no-cache
Set-Cookie: _subid=s8hnpa39i6u;Expires=Tuesday, 07-Mar-2023 02:23:36 GMT;Max-Age=2678400;Path=/
3936f=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjdcIjoxNjc1NDc3NDE2fSxcImNhbXBhaWduc1wiOntcIjNcIjoxNjc1NDc3NDE2fSxcInRpbWVcIjoxNjc1NDc3NDE2fSJ9.Z-kDu7fC1Olli5J5GdSMkg4xXM0xOh6R5Rz6gIyXGbc;Expires=Tuesday, 10-Mar-2076 04:47:12 GMT;Max-Age=1675563816;Path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
harshvardhans.com/dhlexp2m/dhl/files/assets/fonts/03f859bf58e4d37841070de34be7d978.woff
192.185.187.212301 Moved Permanently 0 B URL HTTP/1.1 harshvardhans.com/dhlexp2m/dhl/files/assets/fonts/03f859bf58e4d37841070de34be7d978.woff
IP 192.185.187.212:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /dhlexp2m/dhl/files/assets/fonts/03f859bf58e4d37841070de34be7d978.woff HTTP/1.1
Host: harshvardhans.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://harshvardhans.com/dhlexp2m/dhl/files/css/main.css
Cookie: PHPSESSID=29c3cc3c8597b1125dcaa2afd35d0fdb; simpleuuu=1
HTTP/1.1 301 Moved Permanently
Date: Sat, 04 Feb 2023 02:23:36 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: http://www.harshvardhans.com/dhlexp2m/dhl/files/assets/fonts/03f859bf58e4d37841070de34be7d978.woff
Content-Length: 0
Content-Type: text/html; charset=UTF-8
harshvardhans.com/dhlexp2m/dhl/files/assets/fonts/e39bd2e2657ce5dd6f9c33df18529233.woff
192.185.187.212301 Moved Permanently 0 B URL HTTP/1.1 harshvardhans.com/dhlexp2m/dhl/files/assets/fonts/e39bd2e2657ce5dd6f9c33df18529233.woff
IP 192.185.187.212:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /dhlexp2m/dhl/files/assets/fonts/e39bd2e2657ce5dd6f9c33df18529233.woff HTTP/1.1
Host: harshvardhans.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://harshvardhans.com/dhlexp2m/dhl/files/css/main.css
Cookie: PHPSESSID=29c3cc3c8597b1125dcaa2afd35d0fdb; simpleuuu=1
HTTP/1.1 301 Moved Permanently
Date: Sat, 04 Feb 2023 02:23:36 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: http://www.harshvardhans.com/dhlexp2m/dhl/files/assets/fonts/e39bd2e2657ce5dd6f9c33df18529233.woff
Content-Length: 0
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 75fdf1ab46b25bf7bd16fc45a005e6cd
bddcdbc67c845f98ba16871087496002bfba419f
e92fa082d7341dd18e87a96a2af09db92d4112d8f9b076af100f44daca82112c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E92FA082D7341DD18E87A96A2AF09DB92D4112D8F9B076AF100F44DACA82112C"
Last-Modified: Wed, 01 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19078
Expires: Sat, 04 Feb 2023 07:41:34 GMT
Date: Sat, 04 Feb 2023 02:23:36 GMT
Connection: keep-alive
goaway.dofollowgreenline.com/follow/finish.php?pid=658745-22-658734323
194.135.30.210302 Found 0 B URL HTTP/1.1 goaway.dofollowgreenline.com/follow/finish.php?pid=658745-22-658734323
IP 194.135.30.210:0
ASN #2856 British Telecommunications PLC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /follow/finish.php?pid=658745-22-658734323 HTTP/1.1
Host: goaway.dofollowgreenline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://harshvardhans.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 04 Feb 2023 02:23:36 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://goaway.dofollowgreenline.com/follow/finish.php?mid=8678670756767
Access-Control-Allow-Origin: *
goaway.dofollowgreenline.com/follow/finish.php?mid=8678670756767
194.135.30.210200 OK 468 B URL HTTP/1.1 goaway.dofollowgreenline.com/follow/finish.php?mid=8678670756767
IP 194.135.30.210:0
ASN #2856 British Telecommunications PLC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 08e8234eb4f242db487b6e2e7dd8c982
67b6e4405501881c9c019068e123050e61fdf89a
ace45fbb63550554ab79503ae6b48e7abdc05c3a295e4f688aa9afb3c62a3f9e
GET /follow/finish.php?mid=8678670756767 HTTP/1.1
Host: goaway.dofollowgreenline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://harshvardhans.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 02:23:36 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 869409410a4e0e0a5adcc8f49aded8b5
4bfb31852bcf3b918ab6e20a5e42adb2f16d759c
2b8533f053e1e8710e1d5f6c153a00215bfaa8288e9c57bc388c9aef79fad9c9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 02:23:36 GMT
Etag: "63dd203d-118"
Server: ECS (amb/6B81)
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 869409410a4e0e0a5adcc8f49aded8b5
4bfb31852bcf3b918ab6e20a5e42adb2f16d759c
2b8533f053e1e8710e1d5f6c153a00215bfaa8288e9c57bc388c9aef79fad9c9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 02:23:37 GMT
Last-Modified: Sat, 04 Feb 2023 02:23:37 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 280
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 43a46ef1d84d2b0a48f6400a18113704
ffc3e40271e31abd273a36fd4533d70162f999e4
2aa004357ddddbb20b28790212d1ec637e65e3d5a0f49026d81772ebde5c6950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2AA004357DDDDBB20B28790212D1EC637E65E3D5A0F49026D81772EBDE5C6950"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11491
Expires: Sat, 04 Feb 2023 05:35:08 GMT
Date: Sat, 04 Feb 2023 02:23:37 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2a940f35107e1bfd7492251970af04c8
bcbf6624714d1ddc1cd5bf01687601c60849f273
c775cde993696408ff466f5e46521c6b083419fa7544fcd0726e10f97ce6fe96
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1405
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 02:23:37 GMT
Etag: "63dd058c-117"
Last-Modified: Sat, 04 Feb 2023 02:00:12 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2a940f35107e1bfd7492251970af04c8
bcbf6624714d1ddc1cd5bf01687601c60849f273
c775cde993696408ff466f5e46521c6b083419fa7544fcd0726e10f97ce6fe96
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1405
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 02:23:37 GMT
Etag: "63dd058c-117"
Last-Modified: Sat, 04 Feb 2023 02:00:12 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 279
rme3j.haxbyq.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTMsInNyYyI6Mn0=eyJ&si1=sandy1&i=3
185.56.234.205200 OK 22 kB URL HTTP/2 rme3j.haxbyq.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTMsInNyYyI6Mn0=eyJ&si1=sandy1&i=3
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
Hash 4ab8dc52287e453d291e103602c3928a
5a649ad75939c7fbf5bdc6eaa35f3e20cc1c3e8e
5155e4280bfa480a0781c845017bbdecdb3b5d5073ac3b2057c9305f328fa3c9
GET /great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTMsInNyYyI6Mn0=eyJ&si1=sandy1&i=3 HTTP/1.1
Host: rme3j.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://zvhpd.haxbyq.com/
Cookie: truniq=1; ufp2=af763e626a78fcad50200e4546e45d9ff8c75d8e
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sat, 04 Feb 2023 02:23:38 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu4
content-encoding: gzip
X-Firefox-Spdy: h2
azkcqs.com/rpe?a=1&s=1&act=7&src=2&p=1054030&st=1184602&wd=422613&d=haxbyq.com&tpl=32&rnd=0.5060981734003671&sbid=sandy1&sbid2=
185.162.85.4200 OK 0 B URL HTTP/2 azkcqs.com/rpe?a=1&s=1&act=7&src=2&p=1054030&st=1184602&wd=422613&d=haxbyq.com&tpl=32&rnd=0.5060981734003671&sbid=sandy1&sbid2=
IP 185.162.85.4:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rpe?a=1&s=1&act=7&src=2&p=1054030&st=1184602&wd=422613&d=haxbyq.com&tpl=32&rnd=0.5060981734003671&sbid=sandy1&sbid2= HTTP/1.1
Host: azkcqs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://x43sk.haxbyq.com
Connection: keep-alive
Referer: https://x43sk.haxbyq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 04 Feb 2023 02:23:40 GMT
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash e3661244f083d52fd33f984ff56b9df7
41471293b775714a81169e15b91325ec12917488
6772b0d0845f581a05dbe586499283cc3e043c8d76ec6f667c535e21e3529484
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6772B0D0845F581A05DBE586499283CC3E043C8D76EC6F667C535E21E3529484"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4645
Expires: Sat, 04 Feb 2023 03:41:05 GMT
Date: Sat, 04 Feb 2023 02:23:40 GMT
Connection: keep-alive
tratbc.com/tb?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTMsInNyYyI6Mn0=eyJ&si1=sandy1&i=9
138.68.123.185302 Found 0 B URL HTTP/1.1 tratbc.com/tb?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTMsInNyYyI6Mn0=eyJ&si1=sandy1&i=9
IP 138.68.123.185:0
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tb?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTMsInNyYyI6Mn0=eyJ&si1=sandy1&i=9 HTTP/1.1
Host: tratbc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://x43sk.haxbyq.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.15.0
Date: Sat, 04 Feb 2023 02:23:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://track.wbdpnz.com/0f72aceb-1686-4bca-a918-ff82f889bf8f?source_id=a422613&campaign_id=&country=&browser=&zone_id=&creative_id=&format=&os=&partner_id=1054030&sub_period=&cost=&click_id=qlMa3zkexygIdFbh
X-Zone: eu
track.wbdpnz.com/0f72aceb-1686-4bca-a918-ff82f889bf8f?source_id=a422613&campaign_id=&country=&browser=&zone_id=&creative_id=&format=&os=&partner_id=1054030&sub_period=&cost=&click_id=qlMa3zkexygIdFbh
18.158.88.249302 Found 0 B URL HTTP/2 track.wbdpnz.com/0f72aceb-1686-4bca-a918-ff82f889bf8f?source_id=a422613&campaign_id=&country=&browser=&zone_id=&creative_id=&format=&os=&partner_id=1054030&sub_period=&cost=&click_id=qlMa3zkexygIdFbh
IP 18.158.88.249:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /0f72aceb-1686-4bca-a918-ff82f889bf8f?source_id=a422613&campaign_id=&country=&browser=&zone_id=&creative_id=&format=&os=&partner_id=1054030&sub_period=&cost=&click_id=qlMa3zkexygIdFbh HTTP/1.1
Host: track.wbdpnz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://x43sk.haxbyq.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Sat, 04 Feb 2023 02:23:40 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://noomigoomini.com/redirect?tid=863970&subid=ADa422613DK&puid=w1bp8njh7glu2icm23mckhfo
pragma: no-cache
set-cookie: 0f72aceb-1686-4bca-a918-ff82f889bf8f-v4=O8b2RfW6UdWetTFXBFMAGOrNXYmhHOy30SpCY4naz3w; Max-Age=86400; Expires=Sun, 05-Feb-2023 02:23:40 GMT; Domain=track.wbdpnz.com; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=xMf4UDcEjMcxPNVtMRpkHfKz12yUgIuipbguNhIYzi9cqXuBfj2NDzTMti4atl%2FqYbuL6XKfemgmXPE5CyUirW4AJspCjc9oCd%2BQzhVOUhy8FGMklqednz%2BQcAzd2e%2BDmltW%2FSnAuthO9o0xsL06oQ%3D%3D; Max-Age=31536000; Expires=Sun, 04-Feb-2024 02:23:40 GMT; Domain=track.wbdpnz.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 6e2e5285b5608e0bfa8ab229ffff6179
389a3a7e6157177e2df432853e78bc7fa6d46276
88bb8611bc4b2b73c2c6a610e09643cdd37ca51003de49eff06dcc952153779f
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=120091
Date: Sat, 04 Feb 2023 02:23:40 GMT
Etag: "63dcec57-1d7"
Expires: Sun, 05 Feb 2023 11:45:11 GMT
Last-Modified: Fri, 03 Feb 2023 11:13:27 GMT
Server: ECS (nyb/1D31)
X-Cache: Miss from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: jJ06qJAKg_-SMNThchQnCH2iME-OqHGuA5AOgYJkaXTZoq4Hrgg27A==
Age: 1904
noomigoomini.com/redirect?tid=863970&subid=ADa422613DK&puid=w1bp8njh7glu2icm23mckhfo
65.9.44.10302 Found 0 B URL HTTP/2 noomigoomini.com/redirect?tid=863970&subid=ADa422613DK&puid=w1bp8njh7glu2icm23mckhfo
IP 65.9.44.10:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=863970&subid=ADa422613DK&puid=w1bp8njh7glu2icm23mckhfo HTTP/1.1
Host: noomigoomini.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://x43sk.haxbyq.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://ojqya.heparlorne.com/LHTKLD?tag_id=863970&sub_id1=ADa422613DK&sub_id2=53772849218193874&cookie_id=084bbf7e-11da-4f31-944a-26c2f6510548&lp=oct_11&tb=redirect&allb=redirect&ob=redirect&href=https%3A%2F%2Fnoomigoomini.com%2F%3Ftid%3D863973%26noocp%3D1%26subid%3DADa422613DK&geo=NO
date: Sat, 04 Feb 2023 02:23:41 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=084bbf7e-11da-4f31-944a-26c2f6510548
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 1a8662d51ed58f0336021036df8bf88a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: UpDFqndY3jGGUeZ-0HW0hqL7Vfd6VpveofqO9g9TLUH5PPQJAseNXg==
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a517af0-06bb-4ad2-b66e-3627ca6b60a3.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a517af0-06bb-4ad2-b66e-3627ca6b60a3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 518bba9a8770e8ff15229a68be5bddc3
139f944b3f4279e640901f7a6b993f1a49b51a22
0591e73dec2190752677f06525bc993dc8c7a5aa20984a5eda64c323188e2b1d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a517af0-06bb-4ad2-b66e-3627ca6b60a3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9743
x-amzn-requestid: b6c1caa9-72e4-476f-9c3d-4a746c410ba3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7EHLJoAMF_TA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-1289ef383fbad59621eda6d0;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nIp2nUVnamnoTpFwrN1L4K1dqjYvcDGuV2yFqYskkXb14k72AZsjMg==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:08:41 GMT
age: 15300
etag: "139f944b3f4279e640901f7a6b993f1a49b51a22"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash ae7a3866456aef32d3fff4a6dfa71e23
08516e02e51c67da614dd10d647c0f1b5b20ac98
48c182365c3d7db4c241f3ac36a35fe530d81d96beb71ae7a5f6908c258d3551
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48C182365C3D7DB4C241F3AC36A35FE530D81D96BEB71AE7A5F6908C258D3551"
Last-Modified: Thu, 02 Feb 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14590
Expires: Sat, 04 Feb 2023 06:26:51 GMT
Date: Sat, 04 Feb 2023 02:23:41 GMT
Connection: keep-alive
cqwajn.com/gosl/InNpZCI6MTE4NDYwMiwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=sandy1
172.67.199.124302 Found 0 B URL HTTP/2 cqwajn.com/gosl/InNpZCI6MTE4NDYwMiwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=sandy1
IP 172.67.199.124:0
GET /gosl/InNpZCI6MTE4NDYwMiwic21hcnRsaW5rIjp0cnVlfQ==eyJwaWQiOjEwNTQwMzAs?si1=sandy1 HTTP/1.1
Host: cqwajn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goaway.dofollowgreenline.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 04 Feb 2023 02:23:37 GMT
content-type: text/html; charset=UTF-8
location: https://haxbyq.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTMsInNyYyI6Mn0=eyJ&si1=sandy1&si2=
cache-control: no-cache
max-age: 0
x-zone: eu
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pXlFJpXS2UGCHALCwOjQRvMrdBuvoTdE8La1H9YaN0flX%2FpGu4LyUdA3eWiS5kxD7Zm0WdKynSWBCxatOEL871eX2q0gy0ob1lUY95oXT3d%2BhbIylK01NG%2F7fuD2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793ff2008c490b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
haxbyq.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTMsInNyYyI6Mn0=eyJ&si1=sandy1&si2=
185.56.234.205200 OK 0 B URL HTTP/2 haxbyq.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTMsInNyYyI6Mn0=eyJ&si1=sandy1&si2=
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTMsInNyYyI6Mn0=eyJ&si1=sandy1&si2= HTTP/1.1
Host: haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://goaway.dofollowgreenline.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.21.1
date: Sat, 04 Feb 2023 02:23:37 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: truniq=1; expires=Sun, 05-Feb-2023 02:23:37 GMT; Max-Age=86400; path=/; domain=haxbyq.com
x-zone: eu4
content-encoding: gzip
X-Firefox-Spdy: h2
fsnzh.haxbyq.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTMsInNyYyI6Mn0=eyJ&si1=sandy1&i=6
185.56.234.205200 OK 0 B URL HTTP/2 fsnzh.haxbyq.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTMsInNyYyI6Mn0=eyJ&si1=sandy1&i=6
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTMsInNyYyI6Mn0=eyJ&si1=sandy1&i=6 HTTP/1.1
Host: fsnzh.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://6cf94.haxbyq.com/
Cookie: truniq=1; ufp2=af763e626a78fcad50200e4546e45d9ff8c75d8e
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sat, 04 Feb 2023 02:23:38 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu
content-encoding: gzip
X-Firefox-Spdy: h2
xy1ld.haxbyq.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTMsInNyYyI6Mn0=eyJ&si1=sandy1&i=4
185.56.234.205200 OK 0 B URL HTTP/2 xy1ld.haxbyq.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTMsInNyYyI6Mn0=eyJ&si1=sandy1&i=4
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTMsInNyYyI6Mn0=eyJ&si1=sandy1&i=4 HTTP/1.1
Host: xy1ld.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://rme3j.haxbyq.com/
Cookie: truniq=1; ufp2=af763e626a78fcad50200e4546e45d9ff8c75d8e
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sat, 04 Feb 2023 02:23:38 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu4
content-encoding: gzip
X-Firefox-Spdy: h2
x43sk.haxbyq.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTMsInNyYyI6Mn0=eyJ&si1=sandy1&i=9
185.56.234.205200 OK 0 B URL HTTP/2 x43sk.haxbyq.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTMsInNyYyI6Mn0=eyJ&si1=sandy1&i=9
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTMsInNyYyI6Mn0=eyJ&si1=sandy1&i=9 HTTP/1.1
Host: x43sk.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2v5sn.haxbyq.com/
Cookie: truniq=1; ufp2=af763e626a78fcad50200e4546e45d9ff8c75d8e
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sat, 04 Feb 2023 02:23:39 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu3
content-encoding: gzip
X-Firefox-Spdy: h2
static.dl.mail.ru/WW3_launcher.exe
188.93.63.180200 OK 0 B URL HTTP/1.1 static.dl.mail.ru/WW3_launcher.exe
IP 188.93.63.180:0
NIDS Severity Alert suricata high ET POLICY PE EXE or DLL Windows file download HTTP
GET /WW3_launcher.exe HTTP/1.1
Host: static.dl.mail.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 04 Feb 2023 02:23:33 GMT
Content-Type: application/octet-stream
Content-Length: 38685328
Last-Modified: Thu, 06 Oct 2022 13:10:22 GMT
Connection: keep-alive
Keep-Alive: timeout=20
ETag: "633ed3be-24e4a90"
Accept-Ranges: bytes
7g8rz.haxbyq.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTMsInNyYyI6Mn0=eyJ&si1=sandy1&i=1
185.56.234.205200 OK 0 B URL HTTP/2 7g8rz.haxbyq.com/great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTMsInNyYyI6Mn0=eyJ&si1=sandy1&i=1
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /great?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTMsInNyYyI6Mn0=eyJ&si1=sandy1&i=1 HTTP/1.1
Host: 7g8rz.haxbyq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://haxbyq.com/
Cookie: truniq=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sat, 04 Feb 2023 02:23:37 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu4
content-encoding: gzip
X-Firefox-Spdy: h2
ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTMsInNyYyI6MiwicG0iOjJ9eyJ&d=haxbyq.com&tpl=32&pbd=iOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTMsInNpMSI6InNhbmR5MSIsImkiOiIxIn0=eyJwaWQ
172.67.197.128200 OK 0 B URL HTTP/2 ulmoyc.com/v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTMsInNyYyI6MiwicG0iOjJ9eyJ&d=haxbyq.com&tpl=32&pbd=iOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTMsInNpMSI6InNhbmR5MSIsImkiOiIxIn0=eyJwaWQ
IP 172.67.197.128:0
GET /v1/sdk.js?h=waWQiOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTMsInNyYyI6MiwicG0iOjJ9eyJ&d=haxbyq.com&tpl=32&pbd=iOjEwNTQwMzAsInNpZCI6MTE4NDYwMiwid2lkIjo0MjI2MTMsInNpMSI6InNhbmR5MSIsImkiOiIxIn0=eyJwaWQ HTTP/1.1
Host: ulmoyc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://7g8rz.haxbyq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 04 Feb 2023 02:23:37 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=14400
access-control-allow-origin: https://haxbyq.com
etag: W/"vKMQRkBOTSx4LlLDguHnpy8sjXY"
x-zone: eu
cf-cache-status: HIT
age: 2757
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7x5RjxI1x8HaFxxv%2F9JH%2F0vSUogPMMNH7jQV6CVPwbBZXWFnQgApfoqL1z1iLm0LO%2FpVtxfwdKWjus%2FObwCP1NdzNXDkHqbnkDRQ5LDLMSH1vXRaMAYi4Vy0vw8g"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 793ff2042d1ab527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2