detectportal.firefox.com/success.txt?ipv4
34.107.221.82200 OK 8 B URL HTTP/1.1 detectportal.firefox.com/success.txt?ipv4
IP 34.107.221.82:0
Hash ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5
GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Sat, 18 Mar 2023 04:04:13 GMT
Age: 49951
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b354c5f59fe10cd1f45f9cafc34079b9
a2a299b47144801ea071eacdc1b07e5216d67220
a9ad1111cdfc96a157011a8282998472a9a3308aa4ddd7b0e3ab1829db4edc14
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A9AD1111CDFC96A157011A8282998472A9A3308AA4DDD7B0E3AB1829DB4EDC14"
Last-Modified: Sat, 18 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14593
Expires: Sat, 18 Mar 2023 21:59:57 GMT
Date: Sat, 18 Mar 2023 17:56:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2857be6f18459c7a4a7f00f6cd6076f1
570609086d72a9be57cde7bfefd25663c1035fba
bd8abb8f420d1e31462fca1d6a7caadf1e2bba6fc7db05684b5811e00e84107f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD8ABB8F420D1E31462FCA1D6A7CAADF1E2BBA6FC7DB05684B5811E00E84107F"
Last-Modified: Fri, 17 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10186
Expires: Sat, 18 Mar 2023 20:46:30 GMT
Date: Sat, 18 Mar 2023 17:56:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 12cdbcb1b0785dc0423386448ac68c9c
08cff6b76fd708f0cef3c5bdb8fc72570c4536bd
bb7622a85d32cbff40abd2995055e03dbac05dd841b9a84d9023a5510d89e534
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BB7622A85D32CBFF40ABD2995055E03DBAC05DD841B9A84D9023A5510D89E534"
Last-Modified: Fri, 17 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16686
Expires: Sat, 18 Mar 2023 22:34:50 GMT
Date: Sat, 18 Mar 2023 17:56:44 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ZJ/ED1h18rsLUeP3NXFFVb4gkXFJ/sL8mJ5XI4lEXxNkkO43+3nzNAbjjvVHkvA4m97PiOX8+74=
x-amz-request-id: N85X34YCEQ3PSZ9A
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 18 Mar 2023 17:40:55 GMT
age: 949
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
musag.live/35/9.html
147.182.255.121200 OK 22 kB IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (12764), with CRLF line terminators
Hash 24ce849afa93ecc55365bb57baabab72
8765b6d8497d9f544a08c1a7aea22549ca036597
c75f54cc6154a98467e076b4f0f7b92731d28baab8673f10cf0485c2551748f2
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
openphish Outlook
fortinet Phishing
GET /35/9.html HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:44 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 31 Oct 2022 10:09:17 GMT
ETag: W/"1d472-5ec51ccdd6225"
Content-Encoding: gzip
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 18 Mar 2023 17:56:44 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
musag.live/35/landings/209605/1618996856/css/style6b426b42.css?1618996856
147.182.255.121200 OK 2.8 kB URL HTTP/1.1 musag.live/35/landings/209605/1618996856/css/style6b426b42.css?1618996856
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
Hash 0b571ec6927317aa9b0193069af0b858
9d93e2751402b4d3f118429a7b3222919f68577d
af946d062967b8837cece40787a3a7fb2f51920f11b3d84286db48755e71d81e
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/landings/209605/1618996856/css/style6b426b42.css?1618996856 HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:44 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 31 Oct 2022 10:11:46 GMT
ETag: W/"427d-5ec51d5c6c490"
Content-Encoding: gzip
img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4DRie?ver=3184&q=0&m=8&h=472&w=1259&b=%23FFFFFFFF&l=f&x=0&y=0&s=1898&d=712&aim=true
95.101.11.49200 OK 45 kB URL HTTP/2 img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4DRie?ver=3184&q=0&m=8&h=472&w=1259&b=%23FFFFFFFF&l=f&x=0&y=0&s=1898&d=712&aim=true
IP 95.101.11.49:0
ASN #20940 Akamai International B.V.
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1259x472, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c004c555cb5523b6bbd4cb40520e09c8
4af19a79502e0eb01af55a23a911d485c63ea888
9addf3fe2d777ad1500361db3b373f9e76fb3fa5b18c18a258af82aff0997f80
GET /cms/api/am/imageFileData/RE4DRie?ver=3184&q=0&m=8&h=472&w=1259&b=%23FFFFFFFF&l=f&x=0&y=0&s=1898&d=712&aim=true HTTP/1.1
Host: img-prod-cms-rt-microsoft-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://musag.live/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
last-modified: Thu, 16 Mar 2023 16:02:25 GMT
x-frame-options: DENY
server: Akamai Image Manager
x-serial: 302
x-check-cacheable: YES
content-length: 44646
content-type: image/webp
cache-control: private, no-transform, max-age=252363
expires: Tue, 21 Mar 2023 16:02:47 GMT
date: Sat, 18 Mar 2023 17:56:44 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 443a700f85619f4fd8a548421c5c23e2
a58764a07feafb2bb4b340c020b5104c55b35195
0bc80613f3d493ea081bf5672ab76f6f33a1dcc0710fe1431de83c46d7e8d31d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0BC80613F3D493EA081BF5672AB76F6F33A1DCC0710FE1431DE83C46D7E8D31D"
Last-Modified: Fri, 17 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2496
Expires: Sat, 18 Mar 2023 18:38:20 GMT
Date: Sat, 18 Mar 2023 17:56:44 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bc86ef2a0cee04915bc360f5821adc8f
3658f9028cce204d38f7f48fcfaa2a8e4f54383a
aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 18 Mar 2023 17:14:36 GMT
content-type: application/json
age: 2528
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
musag.live/35/fonts/mwfmdl2-v3.54.woff2
147.182.255.121200 OK 23 kB URL HTTP/1.1 musag.live/35/fonts/mwfmdl2-v3.54.woff2
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type Web Open Font Format (Version 2), TrueType, length 22904, version 0.0\012- data
Hash c654a623ad90bb3dcd769dbbac34d863
8719de38f17d8e4d73e2a5e4e867d63dd3965baa
deec787cca1b9436e080478742a0299e0db1a9712543a72d2cdc8373fc45a432
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
fortinet Phishing
GET /35/fonts/mwfmdl2-v3.54.woff2 HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:44 GMT
Content-Type: font/woff2
Content-Length: 22904
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:10:48 GMT
ETag: "5978-5ec51d24a96a2"
Accept-Ranges: bytes
musag.live/35/landings/209605/1618996856/js/main6b42.js
147.182.255.121200 OK 455 B URL HTTP/1.1 musag.live/35/landings/209605/1618996856/js/main6b42.js
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
Hash 8525af4f58ad5b5001b9c74aa746fc70
d7254d331edde32800c3428e9c563c2c560a17da
ea4c9d43661daecd12c010fb702d26c691a6674e5ba67a660daedb8fe259ec61
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
fortinet Phishing
GET /35/landings/209605/1618996856/js/main6b42.js HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 31 Oct 2022 10:11:49 GMT
ETag: W/"366-5ec51d5ebe0de"
Content-Encoding: gzip
musag.live/35/landings/209605/1618996856/js/interactive6b42.js
147.182.255.121200 OK 2.0 kB URL HTTP/1.1 musag.live/35/landings/209605/1618996856/js/interactive6b42.js
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (6801), with no line terminators
Hash d4360874005e9f25004f1f59b4d246cf
1dd583dc5f496875ddc8f5ab9fec3992d8d155a2
4d746254d37ab604a2e282c352322d0093848e3c0cca086611f45dd884c2269e
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
fortinet Phishing
GET /35/landings/209605/1618996856/js/interactive6b42.js HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 31 Oct 2022 10:11:48 GMT
ETag: W/"1a91-5ec51d5e3842d"
Content-Encoding: gzip
musag.live/35/landings/209605/1618996856/js/translate6b42.js
147.182.255.121200 OK 544 B URL HTTP/1.1 musag.live/35/landings/209605/1618996856/js/translate6b42.js
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
Hash 70c6773f9266737772527accf03c1e84
04e2528f0317316f2cc6fc436580b06fa1b050c3
7109ffebc8a20b34d1d187eb5ce62cb23f61bc9e867ab8bcf99a59b913e44eb1
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
fortinet Phishing
GET /35/landings/209605/1618996856/js/translate6b42.js HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 31 Oct 2022 10:11:49 GMT
ETag: W/"485-5ec51d5f49b50"
Content-Encoding: gzip
musag.live/35/landings/209605/1618996856/js/site-protect6b42.js
147.182.255.121200 OK 0 B URL HTTP/1.1 musag.live/35/landings/209605/1618996856/js/site-protect6b42.js
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
fortinet Phishing
GET /35/landings/209605/1618996856/js/site-protect6b42.js HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:45 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:11:49 GMT
ETag: "0-5ec51d5ec001e"
Accept-Ranges: bytes
musag.live/35/landings/209605/1618996856/js/second_back_multi6b42.js
147.182.255.121200 OK 0 B URL HTTP/1.1 musag.live/35/landings/209605/1618996856/js/second_back_multi6b42.js
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
fortinet Phishing
GET /35/landings/209605/1618996856/js/second_back_multi6b42.js HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:45 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:11:49 GMT
ETag: "0-5ec51d5ebe0de"
Accept-Ranges: bytes
musag.live/35/css/style2.css
147.182.255.121200 OK 14 kB URL HTTP/1.1 musag.live/35/css/style2.css
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type Unicode text, UTF-8 text, with very long lines (65520), with no line terminators
Hash 8bdb5bcfda7bf7096d314b58a1f1f120
781c035e8ec2f7400f0fb30ad08a8628e2ca043d
35dc6dde6c949d7cb27d92be8ee95f71752ace515ec715bca9005ced763ac1e9
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/css/style2.css HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:45 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 31 Oct 2022 10:10:47 GMT
ETag: W/"17b58-5ec51d24779bb"
Content-Encoding: gzip
musag.live/35/landings/209605/1618996856/js/js.cockie.min6b42.js
147.182.255.121200 OK 912 B URL HTTP/1.1 musag.live/35/landings/209605/1618996856/js/js.cockie.min6b42.js
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
Hash 9f47639e2e2f8cf12520056fdb427504
09b5c73229615bc6b5483dfc9795770b0256a39f
648d70b51cf48543e1f53afa4ab546633c380f7a5aafd8835144e3de8c27291f
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
fortinet Phishing
GET /35/landings/209605/1618996856/js/js.cockie.min6b42.js HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 31 Oct 2022 10:11:48 GMT
ETag: W/"896-5ec51d5e95099"
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Pragma, Content-Type, Content-Length, Cache-Control, Expires, Backoff, Alert, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 18 Mar 2023 17:14:32 GMT
age: 2533
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
musag.live/35/css/style1.css
147.182.255.121200 OK 42 kB URL HTTP/1.1 musag.live/35/css/style1.css
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type Unicode text, UTF-8 text, with very long lines (64176), with CRLF line terminators
Hash bc79bf30e6f4bf2357d943653d8ae182
003752fb151cf77d768ba2ad4bc1eca4723659e2
5926f86e2378f6e0a45960c6b0c08caa54963a8e4018d638f7902ad7c255d8ad
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/css/style1.css HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:45 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 31 Oct 2022 10:10:48 GMT
ETag: W/"61928-5ec51d2498d00"
Content-Encoding: gzip
musag.live/35/landings/209605/1618996856/js/jquery.min6b42.js
147.182.255.121200 OK 30 kB URL HTTP/1.1 musag.live/35/landings/209605/1618996856/js/jquery.min6b42.js
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (65451)
Hash e713186118b655f653a2076385d83dab
827db9205bbbfe60c03fdee56429e69ad24e8a95
9e4dd4a79aa648dd171a65f4b492955c47a0078c5d0b21b61a1343493a2be450
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
fortinet Phishing
GET /35/landings/209605/1618996856/js/jquery.min6b42.js HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 31 Oct 2022 10:11:48 GMT
ETag: W/"1538f-5ec51d5e96039"
Content-Encoding: gzip
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 79a1c70afad312a35ee4497e29491ea6
963f47dab0fe1dc884f6eea52af47ba81e196997
6a6ac0abc924cbb6482303eaddc35a6bcdd8a37f8feac3f3a50206a72a83d56a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4001
Cache-Control: max-age=169519
Content-Type: application/ocsp-response
Date: Sat, 18 Mar 2023 17:56:45 GMT
Etag: "6415deeb-1d7"
Expires: Mon, 20 Mar 2023 17:02:04 GMT
Last-Modified: Sat, 18 Mar 2023 15:55:23 GMT
Server: ECAcc (ska/F6AF)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 70f795f7a73fb087a4b08eebe6e2a970
faaa9283e766256900f3c3e00dee00973e7da2a6
4f7e4813f82f60ebf9c536d9342726307686931df7309a4c367f3b658602efde
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4F7E4813F82F60EBF9C536D9342726307686931DF7309A4C367F3B658602EFDE"
Last-Modified: Fri, 17 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3499
Expires: Sat, 18 Mar 2023 18:55:04 GMT
Date: Sat, 18 Mar 2023 17:56:45 GMT
Connection: keep-alive
c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2
2.18.173.151301 Moved Permanently 0 B URL HTTP/1.1 c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2
IP 2.18.173.151:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /static/fonts/segoe-ui/west-european/normal/latest.woff2 HTTP/1.1
Host: c.s-microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://musag.live
Connection: keep-alive
Referer: http://musag.live/
HTTP/1.1 301 Moved Permanently
Content-Length: 0
Location: https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2
Cache-Control: max-age=315616
Expires: Wed, 22 Mar 2023 09:37:01 GMT
Date: Sat, 18 Mar 2023 17:56:45 GMT
Connection: keep-alive
Access-Control-Allow-Methods: GET,POST
Access-Control-Allow-Origin: *
musag.live/35/img/icon3.png
147.182.255.121200 OK 2.4 kB URL HTTP/1.1 musag.live/35/img/icon3.png
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 58 x 53, 8-bit/color RGB, non-interlaced\012- data
Hash d4361123a64cf4bc60848234e4e4970e
5e28ee691e86831467dae5f9edfed54d8412083b
8180bbaf156d47ed58c08ca328003d8900715e96c142cca89199c624b3b13317
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/img/icon3.png HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:45 GMT
Content-Type: image/png
Content-Length: 2448
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:10:50 GMT
ETag: "990-5ec51d272b096"
Accept-Ranges: bytes
musag.live/35/landings/209605/1618996856/images/ico_tray1.gif
147.182.255.121200 OK 69 B URL HTTP/1.1 musag.live/35/landings/209605/1618996856/images/ico_tray1.gif
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type GIF image data, version 89a, 16 x 16\012- data
Hash 3ae573d079dcd1d2da4086f2c0c72c45
e7c9dabec81379373476ed23168dcecb9b8c56aa
9cce08ab28e94790cf78c87e37f8690acbc6c535e4b43ae7b38506b94538e107
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/landings/209605/1618996856/images/ico_tray1.gif HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:45 GMT
Content-Type: image/gif
Content-Length: 69
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:11:47 GMT
ETag: "45-5ec51d5d7faf4"
Accept-Ranges: bytes
musag.live/35/img/for.png
147.182.255.121200 OK 1.0 kB URL HTTP/1.1 musag.live/35/img/for.png
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 47 x 46, 8-bit/color RGBA, non-interlaced\012- data
Hash f7779b7ed4eb03bf08c8e015e6a88214
3a0211397a067f6de27929c2a06d451994974852
57456bb7416c547fbd70dea18ebd21bff2e81adaa3dec49d6327b3f1b75445d5
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/img/for.png HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:45 GMT
Content-Type: image/png
Content-Length: 1049
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:10:49 GMT
ETag: "419-5ec51d2662d5c"
Accept-Ranges: bytes
musag.live/35/landings/209605/1618996856/images/cross.gif
147.182.255.121200 OK 211 B URL HTTP/1.1 musag.live/35/landings/209605/1618996856/images/cross.gif
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type GIF image data, version 89a, 29 x 29\012- data
Hash 45b0c8a1e52d91e8cf84eaf75ebca9a9
0e358b8571f9062dedfacd0c31d54179270153cd
4e635bdab7a300d0ccb5aac26b4610a07ee1b33643578c1a4308e677d7eb595d
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/landings/209605/1618996856/images/cross.gif HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:45 GMT
Content-Type: image/gif
Content-Length: 211
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:11:46 GMT
ETag: "d3-5ec51d5c983b6"
Accept-Ranges: bytes
musag.live/35/img/icon4.png
147.182.255.121200 OK 1.6 kB URL HTTP/1.1 musag.live/35/img/icon4.png
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 58 x 54, 8-bit/color RGB, non-interlaced\012- data
Hash e7da517e1cf55bea45e54f3096d7b046
fd60223a6e365d0cbc616366259e81afe676ca71
116bcb8bef5cc9fbfe5045c726b07ef61105597660256ee65218dca2a5b4545b
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/img/icon4.png HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:45 GMT
Content-Type: image/png
Content-Length: 1626
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:10:50 GMT
ETag: "65a-5ec51d274c3da"
Accept-Ranges: bytes
musag.live/35/img/RE1Mu3b.png
147.182.255.121200 OK 4.1 kB URL HTTP/1.1 musag.live/35/img/RE1Mu3b.png
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced\012- data
Hash 9f14c20150a003d7ce4de57c298f0fba
daa53cf17cc45878a1b153f3c3bf47dc9669d78f
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/img/RE1Mu3b.png HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:45 GMT
Content-Type: image/png
Content-Length: 4054
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:10:53 GMT
ETag: "fd6-5ec51d29db890"
Accept-Ranges: bytes
www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff2
23.38.201.156200 OK 23 kB URL HTTP/2 www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff2
IP 23.38.201.156:0
File type Web Open Font Format (Version 2), TrueType, length 22904, version 0.0\012- data
Hash c654a623ad90bb3dcd769dbbac34d863
8719de38f17d8e4d73e2a5e4e867d63dd3965baa
deec787cca1b9436e080478742a0299e0db1a9712543a72d2cdc8373fc45a432
GET /mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff2 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://musag.live
Connection: keep-alive
Referer: http://musag.live/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/font-woff2
last-modified: Mon, 13 Jun 2022 17:52:17 GMT
x-activity-id: b9cb954a-d8ac-484c-ab42-ef4ffe3a3960
x-appversion: 1.0.8167.41521
x-az: {did:92e7dc58ca2143cfb2c818b047cc5cd1, rid: OneDeployContainer, sn: marketingsites-prod-odnortheurope, dt: 2018-05-03T20:14:23.4188992Z, bt: 2022-05-13T07:04:02.0000000Z}
ms-operation-id: f7b57f9024812e40a3e04930f1dd0d57
p3p: CP="CAO CONi OTR OUR DEM ONL"
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PATCH,PUT,OPTIONS
x-xss-protection: 1; mode=block
content-length: 22904
cache-control: public, max-age=7516544
expires: Tue, 13 Jun 2023 17:52:29 GMT
date: Sat, 18 Mar 2023 17:56:45 GMT
tls_version: tls1.3
strict-transport-security: max-age=31536000
ms-cv: CASMicrosoftCVb0963a1a.0
ms-cv-esi: CASMicrosoftCVb0963a1a.0
x-rtag: RT
X-Firefox-Spdy: h2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Bold/latest.woff2
2.18.173.151301 Moved Permanently 0 B URL HTTP/1.1 c.s-microsoft.com/static/fonts/segoe-ui/west-european/Bold/latest.woff2
IP 2.18.173.151:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /static/fonts/segoe-ui/west-european/Bold/latest.woff2 HTTP/1.1
Host: c.s-microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://musag.live
Connection: keep-alive
Referer: http://musag.live/
HTTP/1.1 301 Moved Permanently
Content-Length: 0
Location: https://c.s-microsoft.com/static/fonts/segoe-ui/west-european/Bold/latest.woff2
Cache-Control: max-age=375990
Expires: Thu, 23 Mar 2023 02:23:15 GMT
Date: Sat, 18 Mar 2023 17:56:45 GMT
Connection: keep-alive
Access-Control-Allow-Methods: GET,POST
Access-Control-Allow-Origin: *
c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2
2.18.173.151200 OK 34 kB URL HTTP/2 c.s-microsoft.com/static/fonts/segoe-ui/west-european/normal/latest.woff2
IP 2.18.173.151:0
File type Web Open Font Format (Version 2), TrueType, length 34052, version 0.0\012- data
Hash 36397a3bc139c6e9f81d383f060f080a
3f4f86c10920d4ed345f4858b6cde9f93e1aeb81
4f7f4afe26e71fa9ca1dac4a43b557a554a46f53251d849f07ed08a04829d74b
GET /static/fonts/segoe-ui/west-european/normal/latest.woff2 HTTP/1.1
Host: c.s-microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: http://musag.live/
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 34052
content-type: font/woff2
last-modified: Fri, 10 Jan 2020 19:09:43 GMT
accept-ranges: bytes
etag: "588d483e9c7d51:0"
cache-control: public, max-age=155413
expires: Mon, 20 Mar 2023 13:06:58 GMT
date: Sat, 18 Mar 2023 17:56:45 GMT
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2
c.s-microsoft.com/static/fonts/segoe-ui/west-european/Bold/latest.woff2
2.18.173.151200 OK 30 kB URL HTTP/2 c.s-microsoft.com/static/fonts/segoe-ui/west-european/Bold/latest.woff2
IP 2.18.173.151:0
File type Web Open Font Format (Version 2), TrueType, length 30132, version 0.0\012- data
Hash 4c38c2a78502af8dfbfe0f71cc49a1ae
4b8c845263b3696e28cf3f313e0214e22688a750
1232bbdbc5d205f3c5a40efa5ed92839c79e7879d5168445cc47645bb93f7d1b
GET /static/fonts/segoe-ui/west-european/Bold/latest.woff2 HTTP/1.1
Host: c.s-microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: http://musag.live/
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 30132
content-type: font/woff2
last-modified: Fri, 10 Jan 2020 19:09:42 GMT
accept-ranges: bytes
etag: "83cce83e9c7d51:0"
cache-control: public, max-age=218180
expires: Tue, 21 Mar 2023 06:33:05 GMT
date: Sat, 18 Mar 2023 17:56:45 GMT
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2
musag.live/35/img/1x1clear.gif
147.182.255.121200 OK 43 B URL HTTP/1.1 musag.live/35/img/1x1clear.gif
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type GIF image data, version 89a, 1 x 1\012- data
Hash f8614595fba50d96389708a4135776e4
d456164972b508172cee9d1cc06d1ea35ca15c21
7122de322879a654121ea250aeac94bd9993f914909f786c98988adbd0a25d5d
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/img/1x1clear.gif HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:45 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:10:48 GMT
ETag: "2b-5ec51d24f884c"
Accept-Ranges: bytes
musag.live/35/landings/209605/1618996856/images/win_cls.png
147.182.255.121200 OK 293 B URL HTTP/1.1 musag.live/35/landings/209605/1618996856/images/win_cls.png
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced\012- data
Hash 9eb68d2ce05c151bda542a7a6356e22c
baeeefe4a7ac657c10a5f081841015de1bcf90dd
2d2b7040bc32b397c3c60d800de9aa7d86404f1874862eba61bdaa21f1523eb7
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/landings/209605/1618996856/images/win_cls.png HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:45 GMT
Content-Type: image/png
Content-Length: 293
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:11:48 GMT
ETag: "125-5ec51d5e076e6"
Accept-Ranges: bytes
musag.live/35/landings/209605/1618996856/images/win_min.png
147.182.255.121200 OK 128 B URL HTTP/1.1 musag.live/35/landings/209605/1618996856/images/win_min.png
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced\012- data
Hash 0bb86caf792dd7d24731c18cd37bb68e
dda1e433a0eaf785b2aa2c6214d5e48cb82a3a25
2ac27821ba64d645f36e2ad197492d30c11b10a032cc474554679555f4604622
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/landings/209605/1618996856/images/win_min.png HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:45 GMT
Content-Type: image/png
Content-Length: 128
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:11:48 GMT
ETag: "80-5ec51d5e345ac"
Accept-Ranges: bytes
musag.live/35/landings/209605/1618996856/images/ico_gray1.png
147.182.255.121200 OK 1.3 kB URL HTTP/1.1 musag.live/35/landings/209605/1618996856/images/ico_gray1.png
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced\012- data
Hash 2c244ea4ed2c41c810f718e54845dedf
856de993860ea63fd12d4ebb9ac1b4f8023a0dae
18863a48ee6a4c44faa9f80c02132d8f3434b24757643eb9a42f9f7810de3a54
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/landings/209605/1618996856/images/ico_gray1.png HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:45 GMT
Content-Type: image/png
Content-Length: 1317
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:11:47 GMT
ETag: "525-5ec51d5d4fd4e"
Accept-Ranges: bytes
musag.live/35/landings/209605/1618996856/images/ico_gray2.png
147.182.255.121200 OK 349 B URL HTTP/1.1 musag.live/35/landings/209605/1618996856/images/ico_gray2.png
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 13 x 13, 8-bit/color RGB, non-interlaced\012- data
Hash 7454c652e0733d92de6c920c2d646ae0
34a5bd8c7401f95e346895b0e5ccffbf0e9ad638
44f752b0bd2e48052d538bc6aca5379f3630ca64da945f794690ddf47e8eaef7
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/landings/209605/1618996856/images/ico_gray2.png HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:45 GMT
Content-Type: image/png
Content-Length: 349
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:11:47 GMT
ETag: "15d-5ec51d5d7dbb4"
Accept-Ranges: bytes
shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
44.238.157.127200 OK 8 B URL HTTP/1.1 shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
IP 44.238.157.127:0
Hash 29fc57841962e407cb50c1be60284bf7
ce968a77e2996da5eee8925182318f171ccdce47
ae7e7075247dcfad763f1e131aeac3d2e756bb03d48b0d315a50c69636e5dc8b
POST /downloads?client=Firefox&appver=96.0a&pver=2.2 HTTP/1.1
Host: shavar.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 773
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Sat, 18 Mar 2023 17:56:45 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 8
Connection: Close
push.services.mozilla.com/
54.200.117.177101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.200.117.177:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Pg9bhAtoEe78YGBtixY2dA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: aHG7MfD/kf7WXKqMHO6XuuMK1dM=
musag.live/35/beep.mp3
147.182.255.121404 Not Found 371 B IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 0eb11ecac6c00563e9511d7de396623e
2d5c9ac8704f0ed2749b06c773095c0a204c0ba5
35c07c7ddde722dc024a6ee7775398f42f509d00aeda26feedca69b9a77f80c0
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
fortinet Phishing
GET /35/beep.mp3 HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://musag.live/35/9.html
Cookie: GoogleAccountsLocale_session=en; googtrans=/en/en
HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 18 Mar 2023 17:56:45 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 371
Connection: keep-alive
Vary: Accept-Encoding
musag.live/35/img/icon1.png
147.182.255.121200 OK 2.0 kB URL HTTP/1.1 musag.live/35/img/icon1.png
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 53 x 55, 8-bit/color RGB, non-interlaced\012- data
Hash a3f706de235e54af96c690bc0b1c1b88
5fcd63d6c850adc649227272c22c1f3be5ca40f1
f07afe275b1b0091dd8376e90caca30500c5280e6a1d6ea5edf2c1173226490c
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/img/icon1.png HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:45 GMT
Content-Type: image/png
Content-Length: 1995
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:10:50 GMT
ETag: "7cb-5ec51d26f070e"
Accept-Ranges: bytes
musag.live/35/img/icon2.png
147.182.255.121200 OK 2.1 kB URL HTTP/1.1 musag.live/35/img/icon2.png
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 56 x 56, 8-bit/color RGBA, non-interlaced\012- data
Hash 7baef39996eff223622f2aca23068c10
653c3f569b3346da4181d0a9363e09e3eaa94607
a506c6c657d311fcd1b5a795ebdba3cf469aadba206581561467e2e0b3bab74a
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/img/icon2.png HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:45 GMT
Content-Type: image/png
Content-Length: 2073
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:10:50 GMT
ETag: "819-5ec51d26fc290"
Accept-Ranges: bytes
musag.live/35/landings/209605/1618996856/images/ico_tray2.gif
147.182.255.121200 OK 377 B URL HTTP/1.1 musag.live/35/landings/209605/1618996856/images/ico_tray2.gif
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type GIF image data, version 89a, 16 x 16\012- data
Hash c10bdec858cb0cf9e6cc5865d5925746
697c095ed5509e5a5af0c5ebf2380662aeffc531
b65b47a79e32335d9ca35ff59c6975d2b5808f84da0db88d11ce777b33e72ad9
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/landings/209605/1618996856/images/ico_tray2.gif HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:45 GMT
Content-Type: image/gif
Content-Length: 377
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:11:48 GMT
ETag: "179-5ec51d5dda820"
Accept-Ranges: bytes
musag.live/35/landings/209605/1618996856/images/ico_tray3.gif
147.182.255.121200 OK 234 B URL HTTP/1.1 musag.live/35/landings/209605/1618996856/images/ico_tray3.gif
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type GIF image data, version 89a, 16 x 16\012- data
Hash 9ce99ec458daf212f9812a90f3fadd13
9e3041bc91b79a17b52e0fbb6c2d0e2f905d98a1
b0d335401c9fd5fac9991ec92edaf7865ff3a491ebe390120936c69796c3b753
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/landings/209605/1618996856/images/ico_tray3.gif HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:45 GMT
Content-Type: image/gif
Content-Length: 234
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:11:48 GMT
ETag: "ea-5ec51d5dda820"
Accept-Ranges: bytes
firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221679151437591%22
35.241.9.150200 OK 22 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221679151437591%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (22067), with no line terminators
Hash 47a6ad8aef25a0c7f2df1d409d9fa9d4
a98785d71239be1818eac513d5fc29ef8ffa9f31
4dd29ab486141925a0b7d6c1800cd156f09477cda8d8d6e1a4b0db2e5f83ab60
GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221679151437591%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Content-Length, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 22067
via: 1.1 google
date: Sat, 18 Mar 2023 17:02:13 GMT
age: 3273
last-modified: Sat, 18 Mar 2023 14:57:17 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1679013443657&_since=%221666204638208%22
35.241.9.150200 OK 40 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1679013443657&_since=%221666204638208%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (40041), with no line terminators
Hash 698d46ecc1de32df2852df324d4b72d3
e41fdce23323d1f9227e8ebb11f012b07124dfc2
ae0e5e0bc68eaed69d1d5e8ba1d2c6dac4262abba683c1d13b3d870a6e2936a4
GET /v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1679013443657&_since=%221666204638208%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Content-Length, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 40041
via: 1.1 google
date: Sat, 18 Mar 2023 17:32:55 GMT
age: 1431
last-modified: Fri, 17 Mar 2023 00:37:23 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
musag.live/35/img/icon-white.png
147.182.255.121200 OK 8.9 kB URL HTTP/1.1 musag.live/35/img/icon-white.png
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 750 x 750, 8-bit colormap, non-interlaced\012- data
Hash 3b515e6bcec026fbe3a0a9fd579e4564
104687fd60a322cffc7fd015dbd093ef1c24e602
e219bc2bb5fa0e6e3509f2cc285ac85b86db2b1b6eac9107dac4484d82cf7466
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/img/icon-white.png HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:45 GMT
Content-Type: image/png
Content-Length: 8876
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:10:50 GMT
ETag: "22ac-5ec51d26cf3ca"
Accept-Ranges: bytes
getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30
34.120.5.221200 OK 129 kB URL HTTP/2 getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30
IP 34.120.5.221:0
Size 129 kB (129240 bytes)
Hash 3cccd692f092531316a6f88c84de0e6d
6532b1df3ba5c9084068f4e7859fb9d61b776b74
302c4a82f167f22390c456f7718cda1fc55d892eafbb1b4b04b3288ec9a43854
GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30 HTTP/1.1
Host: getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 18 Mar 2023 17:56:44 GMT
content-type: application/json
vary: Accept-Encoding
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Hit from cloudfront
x-amz-cf-pop: SEA73-P2
x-amz-cf-id: uffCn4EkpPzImdGc61D01YzIV8kxuN9Punl2eG56o5gQtlz02ohShQ==
age: 647
content-encoding: gzip
via: 1.1 f62c9ca47e35df5c65764381977823a6.cloudfront.net (CloudFront), 1.1 google
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 5vTF6/vbFZ6V72nwcudm1BdBT8p04MB9trUG5N0Gm3HcjCozVavR6YjbelWkgR4k1GvhbQnd7T9r3Uc3fQ04GQ==
x-amz-request-id: NPNM14WEYXED1D1J
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 18 Mar 2023 16:57:56 GMT
age: 3530
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
musag.live/35/img/img5.png
147.182.255.121200 OK 1.6 kB URL HTTP/1.1 musag.live/35/img/img5.png
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 7b3c6a49a7aa0518dce09249d56d48a2
8d095d264cf743efa145498f952570121517f034
6723e099967e3c964149c7a8fd6728126d9128839c7121239a99526d9acef7bb
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/img/img5.png HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
Cookie: GoogleAccountsLocale_session=en; googtrans=/en/en
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:46 GMT
Content-Type: image/png
Content-Length: 1643
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:10:51 GMT
ETag: "66b-5ec51d280ba73"
Accept-Ranges: bytes
musag.live/35/img/img4.png
147.182.255.121200 OK 1.2 kB URL HTTP/1.1 musag.live/35/img/img4.png
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash d81346a57f426547bdece740eca83874
ae3df10b5d8973f9cabfa4e160fb2b2f4c9540e7
6ca942757ee7123c0bdb0831c8d4a5ed151f25981aca59c18577dacc152d103a
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/img/img4.png HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
Cookie: GoogleAccountsLocale_session=en; googtrans=/en/en
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:46 GMT
Content-Type: image/png
Content-Length: 1151
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:10:51 GMT
ETag: "47f-5ec51d27f1490"
Accept-Ranges: bytes
musag.live/35/img/img6.png
147.182.255.121200 OK 718 B URL HTTP/1.1 musag.live/35/img/img6.png
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash a8b445a6809570b9a52a3fb284fc9a84
178a080008e068801f0db973fb3907dba848a3bf
f403d63b2af5b52c54cb847ccbd2649c4b1d61c22ce2d5d289529ba9b15a1b51
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/img/img6.png HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
Cookie: GoogleAccountsLocale_session=en; googtrans=/en/en
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:46 GMT
Content-Type: image/png
Content-Length: 718
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:10:52 GMT
ETag: "2ce-5ec51d28b788a"
Accept-Ranges: bytes
musag.live/35/img/img7.png
147.182.255.121200 OK 1.2 kB URL HTTP/1.1 musag.live/35/img/img7.png
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash d81346a57f426547bdece740eca83874
ae3df10b5d8973f9cabfa4e160fb2b2f4c9540e7
6ca942757ee7123c0bdb0831c8d4a5ed151f25981aca59c18577dacc152d103a
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/img/img7.png HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
Cookie: GoogleAccountsLocale_session=en; googtrans=/en/en
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:46 GMT
Content-Type: image/png
Content-Length: 1151
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:10:52 GMT
ETag: "47f-5ec51d28e4750"
Accept-Ranges: bytes
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bc86ef2a0cee04915bc360f5821adc8f
3658f9028cce204d38f7f48fcfaa2a8e4f54383a
aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 18 Mar 2023 17:14:36 GMT
content-type: application/json
age: 2530
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1c40c9a7bee1e7f83f546567e570c90e
bef63c749a995d3f300cc0a8939b5404daa596a2
567cb25bcb20d158de23e4b19ba5b48b32ac0687aa51e15423f6fe7ca0d2df4a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "567CB25BCB20D158DE23E4B19BA5B48B32AC0687AA51E15423F6FE7CA0D2DF4A"
Last-Modified: Fri, 17 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2280
Expires: Sat, 18 Mar 2023 18:34:46 GMT
Date: Sat, 18 Mar 2023 17:56:46 GMT
Connection: keep-alive
detectportal.firefox.com/success.txt?ipv4
34.107.221.82200 OK 8 B URL HTTP/1.1 detectportal.firefox.com/success.txt?ipv4
IP 34.107.221.82:0
Hash ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5
GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Sat, 18 Mar 2023 04:04:13 GMT
Age: 49953
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin
34.111.73.144200 OK 807 kB URL HTTP/2 firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin
IP 34.111.73.144:0
Size 807 kB (807180 bytes)
Hash 914be443bdfbe8a1c3ded61e1c114bd6
4fe7c5ff83f6a29e6699f4cebc17550891504661
41b036d0c889509d547296b238027a063c313261ad52d5f7bb81922011791857
GET /staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin HTTP/1.1
Host: firefox-settings-attachments.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: X2LaSgme1TY3IjnvMJVUYinzbrLLbOhIGdh7DeCKLJHq7P9pqZP0nrdQPFPGTQ24yUrsyW5QD8I=
x-amz-request-id: HX3FV0BTDM8VQ6TN
x-amz-version-id: K1ODzappZsD35qeu0OM5zvs_BP1eybj7
accept-ranges: bytes
server: AmazonS3
content-length: 807180
via: 1.1 google
date: Wed, 15 Mar 2023 12:56:23 GMT
age: 277223
last-modified: Tue, 10 Jan 2023 12:38:46 GMT
etag: "914be443bdfbe8a1c3ded61e1c114bd6"
content-type: application/octet-stream
cache-control: public,max-age=604800
alt-svc: clear
X-Firefox-Spdy: h2
musag.live/35/img/img8.png
147.182.255.121200 OK 1.3 kB URL HTTP/1.1 musag.live/35/img/img8.png
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 72d1a9eafd42e38a40cb2fcaaca10498
3d48e22ffcedbac6878a1a7f13bd2808fe99c3a3
5f8b8e2c81596696c2dbfcb9e266ba29af8b734ebfecd86b45dbc7465aa3dd3f
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/img/img8.png HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
Cookie: GoogleAccountsLocale_session=en; googtrans=/en/en
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:46 GMT
Content-Type: image/png
Content-Length: 1282
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:10:52 GMT
ETag: "502-5ec51d29173d6"
Accept-Ranges: bytes
musag.live/35/img/img9.png
147.182.255.121200 OK 1.5 kB URL HTTP/1.1 musag.live/35/img/img9.png
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 4542abbe033e9f2555f1ee2a24dcfe7c
cfbb827ba820d10b55d40638ecded6d3f394a64e
20ab9f282a5beb56d98e7e46231fe861fb8851dd983a0170f7f635dfa36fc315
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/img/img9.png HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
Cookie: GoogleAccountsLocale_session=en; googtrans=/en/en
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:46 GMT
Content-Type: image/png
Content-Length: 1538
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:10:53 GMT
ETag: "602-5ec51d294811d"
Accept-Ranges: bytes
firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/gfx/changeset?_expected=1677879347585&_since=%221643818378440%22
35.241.9.150200 OK 9.1 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/gfx/changeset?_expected=1677879347585&_since=%221643818378440%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (9105), with no line terminators
Hash 3bf8b222f5f31c3ab484dbb4bf3c90bd
3a90ff55f82f7136aca51508621ff791c1c270bc
f08329d6b4438dc9bbf89b29a5b8537881bbd081000a90a66e031cd575fb5d9d
GET /v1/buckets/blocklists/collections/gfx/changeset?_expected=1677879347585&_since=%221643818378440%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 9105
via: 1.1 google
date: Sat, 18 Mar 2023 17:13:42 GMT
last-modified: Sat, 18 Mar 2023 16:36:44 GMT
content-type: application/json
age: 2584
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1679097664832&_since=%221666483264567%22
35.241.9.150200 OK 52 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1679097664832&_since=%221666483264567%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (52370), with no line terminators
Hash aacb6d4a8405ffc2c797c5e93892326e
b0197171bb5759be88efe8e3274cb903264fae0b
2f1f38100cf5b23c4c6f091a45511f32b7de94370692b99aace7ee68b8ba435b
GET /v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1679097664832&_since=%221666483264567%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 52370
via: 1.1 google
date: Sat, 18 Mar 2023 17:32:56 GMT
age: 1430
last-modified: Sat, 18 Mar 2023 00:01:04 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
35.241.9.150200 OK 682 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (682), with no line terminators
Hash 01b690964dee95d05c2514fbd8e0ca10
7095b979dd9ac6675ae4d1cf0130826045e03266
254b3294433c758c9591b6cba0e31d8453a6eec372af315d0f39056d020a6acd
GET /v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Last-Modified, Content-Length, Pragma, Expires, ETag, Backoff, Alert, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 682
via: 1.1 google
date: Sat, 18 Mar 2023 17:37:18 GMT
age: 1168
last-modified: Fri, 17 Mar 2023 16:36:59 GMT
etag: "1679071019113"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
musag.live/35/img/80.jpg
147.182.255.121200 OK 68 kB IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC (Windows), datetime=2018:03:17 03:34:19], baseline, precision 8, 740x417, components 3\012- data
Hash 10fa15a1f2a7a90dc41311c363d76198
54bdce971f246bd7934a3278a94676aa3011cc97
58adc1e7db954a64d7eb744c974ada55cfc282cb6cfc275887954d95b50a66f8
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/img/80.jpg HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
Cookie: GoogleAccountsLocale_session=en; googtrans=/en/en
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:46 GMT
Content-Type: image/jpeg
Content-Length: 67677
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:10:49 GMT
ETag: "1085d-5ec51d2640a77"
Accept-Ranges: bytes
firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22
35.241.9.150200 OK 1.3 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (1250), with no line terminators
Hash 6e9207f14bc4e1dacd75ae700db68d24
83e39f11d653a520e625f85ee1bfc792dfcb0252
18dc7a0b3c12d96a4a26b31a47e0bdf22509ec2727eabbba9457dc9102c30044
GET /v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1250
via: 1.1 google
date: Sat, 18 Mar 2023 17:37:26 GMT
age: 1160
last-modified: Fri, 17 Mar 2023 16:36:48 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22
35.241.9.150200 OK 1.7 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (1742), with no line terminators
Hash 15fac2acaa5e46514ba26b94c9120bb3
84ad721feea570de94a40fec3d0e176937829f4e
fa5eb055710eff6d1f9a27b71a6424ee6213bb4b5243da7cc1b1470270ad95c8
GET /v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Content-Length, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1742
via: 1.1 google
date: Sat, 18 Mar 2023 17:55:45 GMT
age: 61
last-modified: Fri, 17 Mar 2023 16:36:47 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1675943045406&_since=%221657747510534%22
35.241.9.150200 OK 2.4 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1675943045406&_since=%221657747510534%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (2387), with no line terminators
Hash 8433183bfaa3cc12d07724843f7b08ac
8583ff32a05d04833f0c9f1e0ea8b95571a7367c
8fffd47f59b9894dd9703fefb151b4047d99bf8d6d844c1f7302633da2d9d1cf
GET /v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1675943045406&_since=%221657747510534%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 2387
via: 1.1 google
date: Sat, 18 Mar 2023 17:54:21 GMT
age: 145
last-modified: Fri, 17 Mar 2023 16:36:46 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
musag.live/35/img/60.png
147.182.255.121200 OK 381 kB IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 1668 x 940, 8-bit/color RGBA, non-interlaced\012- data
Size 381 kB (380761 bytes)
Hash e770bab23455862b3b99d29f84bdfc94
7d791bff7ddfbdc64ee5339111ac1e0e3bddc73e
51a7e0569abdc1c0d21b4c1994009251cf81e3b618e62b85c5f742d93826bbf7
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/img/60.png HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
Cookie: GoogleAccountsLocale_session=en; googtrans=/en/en
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:46 GMT
Content-Type: image/png
Content-Length: 380761
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:10:49 GMT
ETag: "5cf59-5ec51d25d4409"
Accept-Ranges: bytes
firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1678995079480&_since=%221666279968541%22
35.241.9.150200 OK 91 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1678995079480&_since=%221666279968541%22
IP 35.241.9.150:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 380c322f5e513af794f85091c761edce
f6058114c19e93f4e591b8b07e0bcfb6d379e001
779ec481a38a9d2d2cf9ad9da31a9b6836caf095ea7604814d0079e9df26303d
GET /v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1678995079480&_since=%221666279968541%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Content-Length, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 91429
via: 1.1 google
date: Sat, 18 Mar 2023 16:56:44 GMT
age: 3602
last-modified: Thu, 16 Mar 2023 19:31:19 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1678922485545&_since=%221661199949574%22
35.241.9.150200 OK 25 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1678922485545&_since=%221661199949574%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (25354), with no line terminators
Hash 350cfa5488b9cfce345b6410b04d5307
fc3ee8d31aa9ba9353beff9a42c93855da3bf5e9
103e8b0147854a1236e477dd5e951246463f098592a5549560c20fc98d8c1f35
GET /v1/buckets/main/collections/search-config/changeset?_expected=1678922485545&_since=%221661199949574%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Content-Length, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 25354
via: 1.1 google
date: Sat, 18 Mar 2023 17:14:26 GMT
age: 2540
last-modified: Wed, 15 Mar 2023 23:21:25 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22
35.241.9.150200 OK 1.5 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (1506), with no line terminators
Hash 2c6deb199b3a43e62e4423bde1127c13
3bdb809be246e6a226ab6af05e6cb7ecca621d7d
200bc6608eaa3cdb6d274d84655ac94f1d1d5f33249c2d33a0155629900ce507
GET /v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1506
via: 1.1 google
date: Sat, 18 Mar 2023 17:07:26 GMT
age: 2960
last-modified: Wed, 15 Mar 2023 16:36:49 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22
35.241.9.150200 OK 934 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (934), with no line terminators
Hash c88ba032388de9b5463fd8ee96221426
792e2a7e9bf312a80eb3799b807588aaae55ec42
c7b5a104191bcf5c6ea0b7fe78b2b71b5c438c14af5e3a38bab31b431371d556
GET /v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 934
via: 1.1 google
date: Sat, 18 Mar 2023 16:56:44 GMT
age: 3602
last-modified: Wed, 15 Mar 2023 16:36:48 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1678202119172&_since=%221662044085942%22
35.241.9.150200 OK 7.0 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1678202119172&_since=%221662044085942%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (6983), with no line terminators
Hash 8b0e25726c8d69725ce442720dcb9c73
368d1066618b7b58eef950678c049597dce1a684
675d5bc828861769400422bb578ff205e372ae256f6f99d8e2a044c3dced89a1
GET /v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1678202119172&_since=%221662044085942%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Content-Length, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 6983
via: 1.1 google
date: Sat, 18 Mar 2023 17:38:40 GMT
age: 1086
last-modified: Tue, 14 Mar 2023 16:36:43 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 10bb1da74cabb050bb1f1af5989d201a
a28a2ce1097c2bbbbd42869df64551a01d2c7de4
180b15454b4cd4d39194bee9ce00122c7cffb85decddb8083d3f1361ea01eb13
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 18 Mar 2023 17:56:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
musag.live/35/img/53.png
147.182.255.121200 OK 468 kB IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 1668 x 940, 8-bit/color RGB, non-interlaced\012- data
Size 468 kB (468408 bytes)
Hash a6efdf17234ca3e6e0fe12d799f5cc06
8fef48277cbd632a88c396d436983bd7cb0a3def
b639d032d9be46a2e7f6bba1b9262590d6511a4644db88b9cf06d8240c3e6c4d
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/img/53.png HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
Cookie: GoogleAccountsLocale_session=en; googtrans=/en/en
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:46 GMT
Content-Type: image/png
Content-Length: 468408
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:10:49 GMT
ETag: "725b8-5ec51d25b5fa5"
Accept-Ranges: bytes
musag.live/35/favicon.ico
147.182.255.121200 OK 17 kB URL HTTP/1.1 musag.live/35/favicon.ico
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors\012- data
Hash 12e3dac858061d088023b2bd48e2fa96
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/favicon.ico HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
Cookie: GoogleAccountsLocale_session=en; googtrans=/en/en
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:46 GMT
Content-Type: image/x-icon
Content-Length: 17174
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:09:17 GMT
ETag: "4316-5ec51ccdfe2ca"
Accept-Ranges: bytes
firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1678736907773&_since=%221656585893704%22
35.241.9.150200 OK 1.6 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1678736907773&_since=%221656585893704%22
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (1646), with no line terminators
Hash 5e0b2f2021b2915601109ecf465ca847
355f9134ceb911cb0da21eddf967d9edfd761944
a9228da80814729860b40ead593f5eabfbff0a23eb34ac5cff56c033fe67d484
GET /v1/buckets/main/collections/query-stripping/changeset?_expected=1678736907773&_since=%221656585893704%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1646
via: 1.1 google
date: Sat, 18 Mar 2023 17:54:23 GMT
age: 144
last-modified: Mon, 13 Mar 2023 19:48:27 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 84762efcb2e1535ae49fca6c1523df33
93e7f138a491d4276a793c2e5b947195ae69a88c
920778735cfb5f0395bbfa1391cb4e90c547d455cac77c8bb161a0c3b55a6a3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "920778735CFB5F0395BBFA1391CB4E90C547D455CAC77C8BB161A0C3B55A6A3F"
Last-Modified: Thu, 16 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15648
Expires: Sat, 18 Mar 2023 22:17:35 GMT
Date: Sat, 18 Mar 2023 17:56:47 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 84762efcb2e1535ae49fca6c1523df33
93e7f138a491d4276a793c2e5b947195ae69a88c
920778735cfb5f0395bbfa1391cb4e90c547d455cac77c8bb161a0c3b55a6a3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "920778735CFB5F0395BBFA1391CB4E90C547D455CAC77C8BB161A0C3B55A6A3F"
Last-Modified: Thu, 16 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15648
Expires: Sat, 18 Mar 2023 22:17:35 GMT
Date: Sat, 18 Mar 2023 17:56:47 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 84762efcb2e1535ae49fca6c1523df33
93e7f138a491d4276a793c2e5b947195ae69a88c
920778735cfb5f0395bbfa1391cb4e90c547d455cac77c8bb161a0c3b55a6a3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "920778735CFB5F0395BBFA1391CB4E90C547D455CAC77C8BB161A0C3B55A6A3F"
Last-Modified: Thu, 16 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15648
Expires: Sat, 18 Mar 2023 22:17:35 GMT
Date: Sat, 18 Mar 2023 17:56:47 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 10bb1da74cabb050bb1f1af5989d201a
a28a2ce1097c2bbbbd42869df64551a01d2c7de4
180b15454b4cd4d39194bee9ce00122c7cffb85decddb8083d3f1361ea01eb13
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 18 Mar 2023 17:56:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a465734-2031-4538-bcbc-9d828ea81250.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a465734-2031-4538-bcbc-9d828ea81250.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7f53bb1fb90c97461035e7f9f7f7837e
961b5fcbca5b49ca9136e74931253bb300aa1985
dad960991444a4cbd8841e5c673b0e4337bdeb8c18672b5cfadb93d4ac70e8d2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a465734-2031-4538-bcbc-9d828ea81250.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11673
x-amzn-requestid: 3675d2d9-47ab-4712-9511-0ad7570dd3cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B8eNfFXSIAMFbhQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6414dd89-53c9817044fda17b212f0237;Sampled=0
x-amzn-remapped-date: Fri, 17 Mar 2023 21:37:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: 3NRQ90kGnSsxxMeQA9UqBNxrT5CpJWJgKKPWHwcj2XBkSIjiwE55sw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 74ab105148338444981d1b2277ffd9c4.cloudfront.net (CloudFront), 1.1 google
date: Fri, 17 Mar 2023 22:53:23 GMT
etag: "961b5fcbca5b49ca9136e74931253bb300aa1985"
content-type: image/jpeg
age: 68604
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F666540c7-8fcc-4d9e-95cc-493f063f11c6.webp
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F666540c7-8fcc-4d9e-95cc-493f063f11c6.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d212de894f514eafa8a4e23e62280b70
b20a7f2b27c085f47a4d6ddaf7f1971876f11885
1ba6c03f75b3aa49d0636fca0007d0365c8db744ae8fb769f5c7e04991711fd6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F666540c7-8fcc-4d9e-95cc-493f063f11c6.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10531
x-amzn-requestid: b03ec37f-181a-450e-8b8b-42e1ddbd2372
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B8eOlENToAMF02A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6414dd90-4ed78f345679ff700e5a0e99;Sampled=0
x-amzn-remapped-date: Fri, 17 Mar 2023 21:37:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: thbvnsI_Ezwk-Gtqk654INjkVN55KLTlUeW-lL-t114v9AMxOMy75Q==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 0ec9ddba08fcd99386924593dbdbd44a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 17 Mar 2023 22:05:32 GMT
age: 71475
etag: "b20a7f2b27c085f47a4d6ddaf7f1971876f11885"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F261ec986-2f8d-4ff1-a532-841fb845618b.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F261ec986-2f8d-4ff1-a532-841fb845618b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ae34f2fd5c842d15f05edef4c8b71dec
7e0306e3aa1b415cf9cae33b07da9f3303216a33
a5c1d1c217f6ebae09bbcb3c7ca6261e75773fdf32c1be4fedc29695f3233bf4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F261ec986-2f8d-4ff1-a532-841fb845618b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6151
x-amzn-requestid: 3df3d28e-80d9-40ff-a524-1c8d07c5b5f5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B8eWhHeBIAMF2pA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6414ddc3-023ab8d94bf6b98a5c0b4260;Sampled=0
x-amzn-remapped-date: Fri, 17 Mar 2023 21:38:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: Sf-LgGpKI-9JPfurhJ_S6vfH-mT0jEl77QDUUWeOE1jzGS6OU47QpA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 de2dd11312f7d5ad3bcd0cb112c7fd0e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 17 Mar 2023 21:48:47 GMT
age: 72480
etag: "7e0306e3aa1b415cf9cae33b07da9f3303216a33"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feedd77c7-8b8f-4bac-96f9-56463f5c0e54.jpeg
34.120.237.76200 OK 5.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feedd77c7-8b8f-4bac-96f9-56463f5c0e54.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 23a8641328e19a1089aba9c25b56f5f9
6e6bae868b11788860aa23c5c35ee86d4e7edd80
7e16b14c774413387d81c06e068738a0f97882cd32ebdbf61ad711fa8aa8a5d6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feedd77c7-8b8f-4bac-96f9-56463f5c0e54.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5531
x-amzn-requestid: dcb5f835-dae0-4fd2-846d-33e52501b016
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B8eS7HtSoAMF8eA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6414ddac-2e1022da61b5532756dcbeff;Sampled=0
x-amzn-remapped-date: Fri, 17 Mar 2023 21:37:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: z4j-PSYSG-H58566292KAzF1Y08DrgcxvunTtWBD8dErl3n_oRweyA==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 de2dd11312f7d5ad3bcd0cb112c7fd0e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 17 Mar 2023 22:33:34 GMT
etag: "6e6bae868b11788860aa23c5c35ee86d4e7edd80"
content-type: image/jpeg
age: 69793
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f030924-26fe-4a36-bf48-11d8ccfe470b.png
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f030924-26fe-4a36-bf48-11d8ccfe470b.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 772-769, spot sensor temperature 0.000000, unit celsius, color scheme 0, minimum point enabled, calibration: offset 0.000000, slope 1115717714480204991250653249536.000000\012- data
Hash 7c6233f649c3f84fcba3d244b3e5c35d
2820939892ab0d9b7c995043dc0f38642ac1e415
1ff87957f29a41db7bcbfcbc644cd434705b046b32e8d01467ec6b8c9f75c77b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f030924-26fe-4a36-bf48-11d8ccfe470b.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12699
x-amzn-requestid: ebcd4e4c-f214-463e-a2c9-1392f278d6d9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B8eSgGFOIAMFt8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6414dda9-5ec892ee018fe3d118df30d6;Sampled=0
x-amzn-remapped-date: Fri, 17 Mar 2023 21:37:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: V7-65gE7I1yLibHGcEwS9iFpcxqCi_stbPmNcx98jG9HMfPvsk2mSw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 ef8f66c83aecd87910ce2e1153544a20.cloudfront.net (CloudFront), 1.1 google
date: Fri, 17 Mar 2023 22:20:53 GMT
age: 70554
etag: "2820939892ab0d9b7c995043dc0f38642ac1e415"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8afa2cdb-a5f3-4c78-a2ab-132c8b752b4b.png
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8afa2cdb-a5f3-4c78-a2ab-132c8b752b4b.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 78453ba98b72eff3879ef163b59c86ed
80519bb3726ee1f9f211344cd433cefaed3a7f2e
61adfeff11af9583355ac7d1500e8a8d97357b2846f151f2421001994fb06655
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8afa2cdb-a5f3-4c78-a2ab-132c8b752b4b.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10338
x-amzn-requestid: 9f880b5b-056c-44bb-a811-36ea27c232aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BvSgFGENoAMFuVw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640f9799-2318d444248f7610300c658f;Sampled=0
x-amzn-remapped-date: Mon, 13 Mar 2023 21:37:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: xfkObFQbeYQQjIJ4FWQ7xKbH5FPxBQ1vkTDCwWCM6IcAAu8H31BNhQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 ef8f66c83aecd87910ce2e1153544a20.cloudfront.net (CloudFront), 1.1 google
date: Sat, 18 Mar 2023 07:04:42 GMT
age: 39125
etag: "80519bb3726ee1f9f211344cd433cefaed3a7f2e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 657e225fbd809f16e51b4997847e5710
28b88c58a006257deb72f43ea236d0a513081847
f37f7d971e2f36b0d260965c8ab09863cffc87cfc3d561c40c3d72c9c207eae5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 18 Mar 2023 17:56:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.vneFu3d_4ck.L.F4.O/d=0/rs=AN8SPfrNa1b9K5rCmaIpu9SqE3A5sBDBfg/m=el_main_css
216.58.211.3200 OK 4.2 kB URL HTTP/2 www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.vneFu3d_4ck.L.F4.O/d=0/rs=AN8SPfrNa1b9K5rCmaIpu9SqE3A5sBDBfg/m=el_main_css
IP 216.58.211.3:0
File type ASCII text, with very long lines (23228), with no line terminators
Hash 8f89ebd6757f0474347497a9545d3cc2
014d050331fcdbcff8cbf854b4c926286e0c104a
015111236a8db21de30b2af7d2d24221a9f358fe83137f4651707f4728043585
GET /_/translate_http/_/ss/k=translate_http.tr.vneFu3d_4ck.L.F4.O/d=0/rs=AN8SPfrNa1b9K5rCmaIpu9SqE3A5sBDBfg/m=el_main_css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://musag.live/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 4205
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 16 Mar 2023 02:38:58 GMT
expires: Fri, 15 Mar 2024 02:38:58 GMT
cache-control: public, max-age=31536000
last-modified: Sun, 12 Mar 2023 00:11:57 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
age: 227869
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
musag.live/35/img/70.png
147.182.255.121200 OK 352 kB IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 1668 x 940, 8-bit/color RGBA, non-interlaced\012- data
Size 352 kB (352012 bytes)
Hash 8a4fe3ad7f1da9920c498e1d71cd8a34
7664a88bf64ecf83009c2d47ea4b6a176a05738f
fae184a926a895c45e2dab3e9f40da64d1352ef8e7e46e746dcea2c2a22ca597
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/img/70.png HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
Cookie: GoogleAccountsLocale_session=en; googtrans=/en/en
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:46 GMT
Content-Type: image/png
Content-Length: 352012
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:10:49 GMT
ETag: "55f0c-5ec51d260320f"
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash a4fe1012a4d75c602aab58bcff2d9c28
b079e7b9e4da4d67ecdc3e11bff33462bd026899
f7e4c8251356329744c989f9194354f78b9d142a69db8cc5d92ade3d70efcc01
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 18 Mar 2023 17:56:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 886a55065537b0624371a82292fe26c2
5ff87d6a26d94e0ed10f0cb55d0ac0237efb135a
a0811f584403bcdb37925007e7d9df722591566885dcedf330fb13fed891905f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 18 Mar 2023 17:56:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.17iCMyjz7Iw.O/d=1/exm=el_conf/ed=1/rs=AN8SPfrG3-YmeWvQ9kTiUgbxQCyTQjyEOg/m=el_main
142.250.74.138200 OK 75 kB URL HTTP/2 translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.17iCMyjz7Iw.O/d=1/exm=el_conf/ed=1/rs=AN8SPfrG3-YmeWvQ9kTiUgbxQCyTQjyEOg/m=el_main
IP 142.250.74.138:0
File type ASCII text, with very long lines (1665)
Hash 7f74ec5e63195411cc0b6c52ab5f184c
19bbc2f6a588de2838ea52051dcc34216fffb6a1
e6726c2436f9d0cfc8b46d87d51f4e6f12aa59d5baffeeafc4d4c52fcf5f3f78
GET /_/translate_http/_/js/k=translate_http.tr.no.17iCMyjz7Iw.O/d=1/exm=el_conf/ed=1/rs=AN8SPfrG3-YmeWvQ9kTiUgbxQCyTQjyEOg/m=el_main HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://musag.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 75113
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 16 Mar 2023 10:28:44 GMT
expires: Fri, 15 Mar 2024 10:28:44 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 16 Mar 2023 04:40:30 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 199683
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 886a55065537b0624371a82292fe26c2
5ff87d6a26d94e0ed10f0cb55d0ac0237efb135a
a0811f584403bcdb37925007e7d9df722591566885dcedf330fb13fed891905f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 18 Mar 2023 17:56:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
musag.live/35/img/img3.png
147.182.255.121200 OK 503 kB URL HTTP/1.1 musag.live/35/img/img3.png
IP 147.182.255.121:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 3000 x 1682, 8-bit/color RGB, non-interlaced\012- data
Size 503 kB (503260 bytes)
Hash 91cd838a0426739a260ddf36bb9f8c8f
648ee45b6f5908d4018b7473eb8d2c196c885103
e4fda554c4bb441d3c857d6e4a75ad67af81acc256a5e5708ae4a438ee5e1852
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /35/img/img3.png HTTP/1.1
Host: musag.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://musag.live/35/9.html
Cookie: GoogleAccountsLocale_session=en; googtrans=/en/en
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 18 Mar 2023 17:56:47 GMT
Content-Type: image/png
Content-Length: 503260
Connection: keep-alive
Last-Modified: Mon, 31 Oct 2022 10:10:51 GMT
ETag: "7addc-5ec51d283c7ba"
Accept-Ranges: bytes
translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
142.250.74.174200 OK 0 B URL HTTP/2 translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
IP 142.250.74.174:0
GET /translate_a/element.js?cb=googleTranslateElementInit HTTP/1.1
Host: translate.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://musag.live/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 18 Mar 2023 17:56:46 GMT
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: CONSENT=PENDING+980; expires=Mon, 17-Mar-2025 17:56:46 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
threatdetect.org/fonts/?font=aHR0cDovL211c2FnLmxpdmUvMzUvOS5odG1s
172.67.177.232200 OK 0 B URL HTTP/2 threatdetect.org/fonts/?font=aHR0cDovL211c2FnLmxpdmUvMzUvOS5odG1s
IP 172.67.177.232:0
GET /fonts/?font=aHR0cDovL211c2FnLmxpdmUvMzUvOS5odG1s HTTP/1.1
Host: threatdetect.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://musag.live
Connection: keep-alive
Referer: http://musag.live/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 18 Mar 2023 17:56:45 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9rvo5Z%2F%2BWf%2F0ioPAyjLzQQzuoACMeQK8yv3xGMiO2jabdn8p5nojfinJtj925a8k%2F1n3%2BK113tgHoEpCgqFC1YKRJ8Y4KzdmB2LxGIWJRcj0%2FlvQIeSmChIoMYORU6EtobKb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a9f5aa86eceb517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2