firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 30 Sep 2022 08:16:05 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 4UXmibd3Lm0AzAY_R6BDHXATHreaBC2h9hJR59sVWrKzXuB1ENAKmA==
Age: 1414
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6dd4587c98aef98ad0939030a6976a7f
92dc5966ac2deb0c3ac7fdd02bf8d28f9239801e
a382476d14b6ae14003333e7acdfbbd9ae8775d4c1a7d5c31116f33987043cff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A382476D14B6AE14003333E7ACDFBBD9AE8775D4C1A7D5C31116F33987043CFF"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5474
Expires: Fri, 30 Sep 2022 10:10:53 GMT
Date: Fri, 30 Sep 2022 08:39:39 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 30 Sep 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Bkqm8np2m3wb3LKiNvNBrP3QdRa5V5P8oiKq4HD5WJJwWsrsnG-VcA==
age: 11472
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash da4c5a725e617331b3cd34d138ad65a1
2a9f2e39392b2400f0315f048fa0c863696eef5f
45e71efb7a1e1adc2245fb5f74bc5c58db300e2039faae12590a56788206f08f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "45E71EFB7A1E1ADC2245FB5F74BC5C58DB300E2039FAAE12590A56788206F08F"
Last-Modified: Thu, 29 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Fri, 30 Sep 2022 14:39:39 GMT
Date: Fri, 30 Sep 2022 08:39:39 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 30 Sep 2022 08:39:39 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
doli.victorflorent.fr/BG_bg/rbb/Home/
185.49.20.101200 OK 7.5 kB URL HTTP/2 doli.victorflorent.fr/BG_bg/rbb/Home/
IP 185.49.20.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2994), with CRLF line terminators
Hash 6a13b5025fe72f8173685ff36b53c188
6f833ead87c92bbf97a49d8eca3b17153eae817c
c0f583efba5b0e9d0f47a4f14f9894de76a00a1c5693737d23bd61ce4792a9fb
Analyzer Verdict Alert openphish Raiffeisen Bank S.A.
fortinet Phishing
GET /BG_bg/rbb/Home/ HTTP/1.1
Host: doli.victorflorent.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 30 Sep 2022 08:39:39 GMT
server: Apache
last-modified: Mon, 19 Sep 2022 13:41:58 GMT
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
server-id: apache01k
cache-control: public
content-length: 7535
content-type: text/html
X-Firefox-Spdy: h2
doli.victorflorent.fr/BG_bg/rbb/Scripts/require.js
185.49.20.101200 OK 24 kB URL HTTP/2 doli.victorflorent.fr/BG_bg/rbb/Scripts/require.js
IP 185.49.20.101:0
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 9399d533d9068be86075f72fe235b5b8
61527e43710d66fbfcb8655e2816a657e2654f18
2d3b26166a7d3818b392b39aafc69630f1e602068aa934d563f8af721f49eb91
Analyzer Verdict Alert fortinet Phishing
GET /BG_bg/rbb/Scripts/require.js HTTP/1.1
Host: doli.victorflorent.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://doli.victorflorent.fr/BG_bg/rbb/Home/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 08:39:39 GMT
server: Apache
last-modified: Sat, 11 Jun 2022 08:55:30 GMT
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
server-id: apache01d
cache-control: public
content-length: 23705
content-type: application/javascript
X-Firefox-Spdy: h2
doli.victorflorent.fr/BG_bg/rbb/Scripts/promise.js
185.49.20.101200 OK 2.0 kB URL HTTP/2 doli.victorflorent.fr/BG_bg/rbb/Scripts/promise.js
IP 185.49.20.101:0
Hash 7ede93fc8456e935586ad86db0fe1bed
e015bf4b1ee9e419c30d78d77df398aae67767fe
ca22a6c8da0855f67cacbe3038c62616255d99c2d2cfead1dea37c407edf6790
Analyzer Verdict Alert fortinet Phishing
GET /BG_bg/rbb/Scripts/promise.js HTTP/1.1
Host: doli.victorflorent.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://doli.victorflorent.fr/BG_bg/rbb/Home/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 08:39:39 GMT
server: Apache
last-modified: Sat, 11 Jun 2022 08:55:30 GMT
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
server-id: apache01d
cache-control: public
content-length: 1991
content-type: application/javascript
X-Firefox-Spdy: h2
doli.victorflorent.fr/BG_bg/rbb/Scripts/smartbanner.min.js
185.49.20.101404 Not Found 196 B URL HTTP/2 doli.victorflorent.fr/BG_bg/rbb/Scripts/smartbanner.min.js
IP 185.49.20.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert fortinet Phishing
GET /BG_bg/rbb/Scripts/smartbanner.min.js HTTP/1.1
Host: doli.victorflorent.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://doli.victorflorent.fr/BG_bg/rbb/Home/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Fri, 30 Sep 2022 08:39:39 GMT
server: Apache
content-length: 196
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 30 Sep 2022 08:29:33 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Fri, 30 Sep 2022 08:42:47 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: tj_x7plLl_rvHBcJmwnu4wszO0jaBcfp26_l0mZvCfFCZzNBjm9MdA==
Age: 606
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 43384a7c83e27d2da309134c471fe2c3
7d5bc3d6e4392c507aaa84a541b1386c3926ca23
28329245a2037f71b8009e96fe329f7dfbbba5cb675e7b0ce2deecc71beb5fae
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1355
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 08:39:39 GMT
Last-Modified: Fri, 30 Sep 2022 08:17:04 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 43384a7c83e27d2da309134c471fe2c3
7d5bc3d6e4392c507aaa84a541b1386c3926ca23
28329245a2037f71b8009e96fe329f7dfbbba5cb675e7b0ce2deecc71beb5fae
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5686
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 08:39:39 GMT
Last-Modified: Fri, 30 Sep 2022 07:04:53 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2bfcbc6ef6a27d8a69a08d9f2c208d11
53e211fb4f11fb15eb45e95c94e9d03bd6bb6dbb
b255751861e630b44c2eee31f62da802eeebed7e37183c512f1b974187a76eab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 520
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 08:39:39 GMT
Last-Modified: Fri, 30 Sep 2022 08:30:59 GMT
Server: ECS (amb/6B96)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f09cb223e3dc028c58cf32c2274c3766
ca7f1663a1200941986e786353ed2f3ff50bd0b2
9b89a5534b1a84f0a86f150dc7f1f699bb972f7b8e151b29c02454dd939066ca
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1856
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 08:39:39 GMT
Last-Modified: Fri, 30 Sep 2022 08:08:43 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2bfcbc6ef6a27d8a69a08d9f2c208d11
53e211fb4f11fb15eb45e95c94e9d03bd6bb6dbb
b255751861e630b44c2eee31f62da802eeebed7e37183c512f1b974187a76eab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 08:39:39 GMT
Server: ECS (amb/6BC1)
Content-Length: 471
online.rbb.bg/Content/css/smartbanner/smartbanner.min.css
194.48.206.22200 OK 3.9 kB URL HTTP/1.1 online.rbb.bg/Content/css/smartbanner/smartbanner.min.css
IP 194.48.206.22:0
ASN #44396 Raiffeisenbank Bulgaria EAD
File type Unicode text, UTF-8 text, with very long lines (7681), with CRLF line terminators
Hash 267c53adfa6898bbf961f991069e3d61
8ee1a57cb8818f1c3b756e8cd0b538bb96a98ec8
d56082afaa6b6d5fbdc892b36db3989deabfcd03dfefad8480395bf47cbb628b
GET /Content/css/smartbanner/smartbanner.min.css HTTP/1.1
Host: online.rbb.bg
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://doli.victorflorent.fr/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=1200
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Tue, 02 Aug 2022 13:07:08 GMT
Accept-Ranges: bytes
ETag: "0e6dc570a6d81:0"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://browseranalytic.com/ https://livechat.infobip.com/ https://pisano.cx/ https://web2.pisano.cx/ ; frame-src https://browseranalytic.com/ https://www.youtube.com/ https://livechat.infobip.com/ ; connect-src 'self' https://browseranalytic.com https://c.browseranalytic.com https://fd.browseranalytic.com https://ad.browseranalytic.com https://livechat-fr.infobip.com/ https://api.infobip.com https://pisano.cx https://web2.pisano.cx/ https://api.pisano.cx/ https://stage.pisanousercontent.com/ wss://pisano.cx/ ; img-src 'self' data: https://browseranalytic.com https://pisano.cx/ https://cdn.jsdelivr.net/ https://i.ytimg.com/vi_webp/CZcQ6XltICA/mqdefault.webp https://i.ytimg.com/vi/CZcQ6XltICA/mqdefault.jpg
Date: Fri, 30 Sep 2022 08:39:28 GMT
Content-Length: 3900
Set-Cookie: TS01b8fa1e=01fcbdb75740355e039bc5bccb2ec2f0b756a65a267160109b0e1c3d6a2f5dd8fbcf5f29acb9d0051b5379582b312b53ac42d3270c; Path=/; Domain=.online.rbb.bg
online.rbb.bg/Content/css/style.min.css
194.48.206.22200 OK 70 kB URL HTTP/1.1 online.rbb.bg/Content/css/style.min.css
IP 194.48.206.22:0
ASN #44396 Raiffeisenbank Bulgaria EAD
File type Unicode text, UTF-8 (with BOM) text, with very long lines (58587)
Hash 6e8fb5f841030433926e0ff978d174e7
7cc3e3d7352a8deb93acc928c67f8698dc943b0f
e22ec3d4ad85457b3e2a62ac88e8d17326dc30ad28b401f2d3a945c85df39c4c
GET /Content/css/style.min.css HTTP/1.1
Host: online.rbb.bg
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://doli.victorflorent.fr/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=1200
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Fri, 05 Aug 2022 07:21:40 GMT
Accept-Ranges: bytes
ETag: "05a7119ca8d81:0"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://browseranalytic.com/ https://livechat.infobip.com/ https://pisano.cx/ https://web2.pisano.cx/ ; frame-src https://browseranalytic.com/ https://www.youtube.com/ https://livechat.infobip.com/ ; connect-src 'self' https://browseranalytic.com https://c.browseranalytic.com https://fd.browseranalytic.com https://ad.browseranalytic.com https://livechat-fr.infobip.com/ https://api.infobip.com https://pisano.cx https://web2.pisano.cx/ https://api.pisano.cx/ https://stage.pisanousercontent.com/ wss://pisano.cx/ ; img-src 'self' data: https://browseranalytic.com https://pisano.cx/ https://cdn.jsdelivr.net/ https://i.ytimg.com/vi_webp/CZcQ6XltICA/mqdefault.webp https://i.ytimg.com/vi/CZcQ6XltICA/mqdefault.jpg
Date: Fri, 30 Sep 2022 08:39:28 GMT
Content-Length: 69545
Set-Cookie: TS01b8fa1e=01fcbdb7576f094570368c36d767d3d5372aedee2b443e1525d77a8bd0f7bc8df093b3ac62eaeb48431437244dbedbd352e4fdf4fe; Path=/; Domain=.online.rbb.bg
doli.victorflorent.fr/BG_bg/rbb/Scripts/smartbanner.min.js
185.49.20.101404 Not Found 196 B URL HTTP/2 doli.victorflorent.fr/BG_bg/rbb/Scripts/smartbanner.min.js
IP 185.49.20.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert fortinet Phishing
GET /BG_bg/rbb/Scripts/smartbanner.min.js HTTP/1.1
Host: doli.victorflorent.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://doli.victorflorent.fr/BG_bg/rbb/Home/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Fri, 30 Sep 2022 08:39:40 GMT
server: Apache
content-length: 196
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.191.222.112101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.191.222.112:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: AO/SG4tL3VIPOJEAUwXkDA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: q+Ba814OMgUfr44+wgCOlT+BVrc=
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 68332d861224030707a1e197a1851d3b
8f94bee805e1d462bd22ff076890500aea641650
9dcf9756d49b596989a5025b18b21f105184acda7060f7f8556c5531b74789f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 08:39:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
online.rbb.bg/Content/svg/logo-kbc-white-bg.svg
194.48.206.22200 OK 4.3 kB URL HTTP/1.1 online.rbb.bg/Content/svg/logo-kbc-white-bg.svg
IP 194.48.206.22:0
ASN #44396 Raiffeisenbank Bulgaria EAD
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (953)
Hash 96e03315ada3fce68f0e9983308c8830
b694e4ec8e77fe0fb2aa387b2a5774b3e06f6ced
0b56aba8d2555e90dfcdd6bc2700c5124ce7e11ddb68334b23748a29baa28554
GET /Content/svg/logo-kbc-white-bg.svg HTTP/1.1
Host: online.rbb.bg
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.rbb.bg/Content/css/style.min.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: max-age=1200
Content-Type: image/svg+xml
Content-Encoding: gzip
Last-Modified: Tue, 02 Aug 2022 13:07:08 GMT
Accept-Ranges: bytes
ETag: "0e6dc570a6d81:0"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://browseranalytic.com/ https://livechat.infobip.com/ https://pisano.cx/ https://web2.pisano.cx/ ; frame-src https://browseranalytic.com/ https://www.youtube.com/ https://livechat.infobip.com/ ; connect-src 'self' https://browseranalytic.com https://c.browseranalytic.com https://fd.browseranalytic.com https://ad.browseranalytic.com https://livechat-fr.infobip.com/ https://api.infobip.com https://pisano.cx https://web2.pisano.cx/ https://api.pisano.cx/ https://stage.pisanousercontent.com/ wss://pisano.cx/ ; img-src 'self' data: https://browseranalytic.com https://pisano.cx/ https://cdn.jsdelivr.net/ https://i.ytimg.com/vi_webp/CZcQ6XltICA/mqdefault.webp https://i.ytimg.com/vi/CZcQ6XltICA/mqdefault.jpg
Date: Fri, 30 Sep 2022 08:39:28 GMT
Content-Length: 4284
Set-Cookie: TS01b8fa1e=01fcbdb75757e25775b24d0ee5b502c343e502c6ef709b1cb60204204d23ee7082125b24d3f6820a8800a2037c777838345797e014; Path=/; Domain=.online.rbb.bg
online.rbb.bg/Content/images/mobileApp.png
194.48.206.22200 OK 6.4 kB URL HTTP/1.1 online.rbb.bg/Content/images/mobileApp.png
IP 194.48.206.22:0
ASN #44396 Raiffeisenbank Bulgaria EAD
File type PNG image data, 90 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash a672b592553472f2640332d7d375adf5
1f9a48b6d6dd11fa237923bec1635a5e09127766
d10ce07f63b2a03a27eceb8b14ea40411caf2b70d374eac7373b7ccf10dfa04e
GET /Content/images/mobileApp.png HTTP/1.1
Host: online.rbb.bg
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.rbb.bg/Content/css/style.min.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: max-age=1200
Content-Type: image/png
Last-Modified: Tue, 02 Aug 2022 13:07:08 GMT
Accept-Ranges: bytes
ETag: "0e6dc570a6d81:0"
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://browseranalytic.com/ https://livechat.infobip.com/ https://pisano.cx/ https://web2.pisano.cx/ ; frame-src https://browseranalytic.com/ https://www.youtube.com/ https://livechat.infobip.com/ ; connect-src 'self' https://browseranalytic.com https://c.browseranalytic.com https://fd.browseranalytic.com https://ad.browseranalytic.com https://livechat-fr.infobip.com/ https://api.infobip.com https://pisano.cx https://web2.pisano.cx/ https://api.pisano.cx/ https://stage.pisanousercontent.com/ wss://pisano.cx/ ; img-src 'self' data: https://browseranalytic.com https://pisano.cx/ https://cdn.jsdelivr.net/ https://i.ytimg.com/vi_webp/CZcQ6XltICA/mqdefault.webp https://i.ytimg.com/vi/CZcQ6XltICA/mqdefault.jpg
Date: Fri, 30 Sep 2022 08:39:28 GMT
Content-Length: 6394
Set-Cookie: TS01b8fa1e=01fcbdb757807aa0f6733db12878d2a1d8ac88761baa87cd8b70b653b60119e39efaec506b235a6fa520466fa685875bac249638d7; Path=/; Domain=.online.rbb.bg
www.youtube.com/s/player/a336babc/www-player.css
142.250.74.78200 OK 50 kB URL HTTP/2 www.youtube.com/s/player/a336babc/www-player.css
IP 142.250.74.78:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 599595edb4b579af72ce667c0ca1f62d
40a8d3ee3fef3295d5021544b7c75f06dc6f3598
bc90c7ea4e282dcaa0f347b0717f317c089fda4e586c41a72ec78d8a9209c462
GET /s/player/a336babc/www-player.css HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/1Wh2xI03Tgs
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 49958
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 29 Sep 2022 14:56:23 GMT
expires: Fri, 29 Sep 2023 14:56:23 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 29 Sep 2022 00:20:07 GMT
content-type: text/css
age: 63797
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.youtube.com/s/player/a336babc/www-embed-player.vflset/www-embed-player.js
142.250.74.78200 OK 97 kB URL HTTP/2 www.youtube.com/s/player/a336babc/www-embed-player.vflset/www-embed-player.js
IP 142.250.74.78:0
File type ASCII text, with very long lines (570)
Hash 6ff47b063a6615ffeefaa585d5ea7550
5b27dac605b7c51d2c16556e868dd47863b28ff9
17c868996f865e5d1429f0a90baaf576538916aa9156ab0be1e53f64256c0de3
GET /s/player/a336babc/www-embed-player.vflset/www-embed-player.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/1Wh2xI03Tgs
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 97177
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 29 Sep 2022 14:56:23 GMT
expires: Fri, 29 Sep 2023 14:56:23 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 29 Sep 2022 00:20:07 GMT
content-type: text/javascript
age: 63797
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.youtube.com/s/player/a336babc/fetch-polyfill.vflset/fetch-polyfill.js
142.250.74.78200 OK 2.8 kB URL HTTP/2 www.youtube.com/s/player/a336babc/fetch-polyfill.vflset/fetch-polyfill.js
IP 142.250.74.78:0
File type Algol 68 source text\012- Pascal source, ASCII text, with very long lines (555)
Hash 80fe2d229007996c8397073b00755dc7
121f82c77bcf2a297a1085e3b092415c463fcafe
033dfa8941482c82d4f1aaa4a9172fb379b9e46a02d5b36297c5476bbbfdea2c
GET /s/player/a336babc/fetch-polyfill.vflset/fetch-polyfill.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/1Wh2xI03Tgs
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 2786
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 29 Sep 2022 14:56:23 GMT
expires: Fri, 29 Sep 2023 14:56:23 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 29 Sep 2022 00:20:07 GMT
content-type: text/javascript
age: 63797
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
online.rbb.bg/Content/images/google-play-bg.png
194.48.206.22200 OK 3.8 kB URL HTTP/1.1 online.rbb.bg/Content/images/google-play-bg.png
IP 194.48.206.22:0
ASN #44396 Raiffeisenbank Bulgaria EAD
File type PNG image data, 122 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash 60cd462f318c8d6d9e6c1c231ea150f6
a722e085caef99b75c6d1207d9986cfee8dcea61
c84158c02aa08b902be924e5b9b81fd349cd09510aa72710c70a6d55ac931fcd
GET /Content/images/google-play-bg.png HTTP/1.1
Host: online.rbb.bg
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.rbb.bg/Content/css/style.min.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: max-age=1200
Content-Type: image/png
Last-Modified: Tue, 02 Aug 2022 13:07:08 GMT
Accept-Ranges: bytes
ETag: "0e6dc570a6d81:0"
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://browseranalytic.com/ https://livechat.infobip.com/ https://pisano.cx/ https://web2.pisano.cx/ ; frame-src https://browseranalytic.com/ https://www.youtube.com/ https://livechat.infobip.com/ ; connect-src 'self' https://browseranalytic.com https://c.browseranalytic.com https://fd.browseranalytic.com https://ad.browseranalytic.com https://livechat-fr.infobip.com/ https://api.infobip.com https://pisano.cx https://web2.pisano.cx/ https://api.pisano.cx/ https://stage.pisanousercontent.com/ wss://pisano.cx/ ; img-src 'self' data: https://browseranalytic.com https://pisano.cx/ https://cdn.jsdelivr.net/ https://i.ytimg.com/vi_webp/CZcQ6XltICA/mqdefault.webp https://i.ytimg.com/vi/CZcQ6XltICA/mqdefault.jpg
Date: Fri, 30 Sep 2022 08:39:29 GMT
Content-Length: 3783
Set-Cookie: TS01b8fa1e=01fcbdb757e3557aa031aa67e019a50cde3517a0c44c57a925dd624119a7a001ea272ce5b6d8a90b4c56d434522f57ef45f2949582; Path=/; Domain=.online.rbb.bg
www.youtube.com/s/player/a336babc/player_ias.vflset/en_US/base.js
142.250.74.78200 OK 592 kB URL HTTP/2 www.youtube.com/s/player/a336babc/player_ias.vflset/en_US/base.js
IP 142.250.74.78:0
File type ASCII text, with very long lines (554)
Size 592 kB (591812 bytes)
Hash 494d152a1fc14d2ffb950d0513e390b2
56892d5c44185fadd2298db36a42865e5fe7ce32
3b10ce4a5ad56e2855b724be62a8f902117400cce57da9e451b8dbcf8e99cbc1
GET /s/player/a336babc/player_ias.vflset/en_US/base.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/1Wh2xI03Tgs
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding, Origin
content-encoding: br
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 591812
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 29 Sep 2022 14:56:23 GMT
expires: Fri, 29 Sep 2023 14:56:23 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 29 Sep 2022 00:20:07 GMT
content-type: text/javascript
age: 63797
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 68332d861224030707a1e197a1851d3b
8f94bee805e1d462bd22ff076890500aea641650
9dcf9756d49b596989a5025b18b21f105184acda7060f7f8556c5531b74789f1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 08:39:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
online.rbb.bg/Content/images/app-store-bg.png
194.48.206.22200 OK 3.1 kB URL HTTP/1.1 online.rbb.bg/Content/images/app-store-bg.png
IP 194.48.206.22:0
ASN #44396 Raiffeisenbank Bulgaria EAD
File type PNG image data, 122 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash 21f845f6c7019fcb2d4b6acb7f8c4d3d
95efd3d32e70eca5e9cf1e9349ef1a5a617007b7
5c95c6c1193ef4afdf14770fe02d2f008be731d477b38ad44e3a497241984696
GET /Content/images/app-store-bg.png HTTP/1.1
Host: online.rbb.bg
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.rbb.bg/Content/css/style.min.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: max-age=1200
Content-Type: image/png
Last-Modified: Tue, 02 Aug 2022 13:07:08 GMT
Accept-Ranges: bytes
ETag: "0e6dc570a6d81:0"
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://browseranalytic.com/ https://livechat.infobip.com/ https://pisano.cx/ https://web2.pisano.cx/ ; frame-src https://browseranalytic.com/ https://www.youtube.com/ https://livechat.infobip.com/ ; connect-src 'self' https://browseranalytic.com https://c.browseranalytic.com https://fd.browseranalytic.com https://ad.browseranalytic.com https://livechat-fr.infobip.com/ https://api.infobip.com https://pisano.cx https://web2.pisano.cx/ https://api.pisano.cx/ https://stage.pisanousercontent.com/ wss://pisano.cx/ ; img-src 'self' data: https://browseranalytic.com https://pisano.cx/ https://cdn.jsdelivr.net/ https://i.ytimg.com/vi_webp/CZcQ6XltICA/mqdefault.webp https://i.ytimg.com/vi/CZcQ6XltICA/mqdefault.jpg
Date: Fri, 30 Sep 2022 08:39:29 GMT
Content-Length: 3127
Set-Cookie: TS01b8fa1e=01fcbdb7570410fcb369f1c146756cb3ed8cda88ab264029462943a5e89ee9c56bd5a1369e4f8cbdc9613977a568ae9bb697a2b11c; Path=/; Domain=.online.rbb.bg
online.rbb.bg/Content/fonts/iconset-rbb//iconset-rbb.ttf?wxo579
194.48.206.22200 OK 4.3 kB URL HTTP/1.1 online.rbb.bg/Content/fonts/iconset-rbb//iconset-rbb.ttf?wxo579
IP 194.48.206.22:0
ASN #44396 Raiffeisenbank Bulgaria EAD
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 82d4ee0788a11e52b550cf1380273bc2
2ba00d29456ea1bdb17d1b8d4100653167df6a51
5b7cfedcbf686cb5eb874d4ca9362164d94691381b04135469c6b78933134b30
GET /Content/fonts/iconset-rbb//iconset-rbb.ttf?wxo579 HTTP/1.1
Host: online.rbb.bg
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://doli.victorflorent.fr
Connection: keep-alive
Referer: https://online.rbb.bg/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Pragma: no-cache
Waf-Blocked: true
Waf-Supportid: 15008022001775081010
Content-Length: 4340
online.rbb.bg/Content/fonts/webfonts/326381_1_0.woff
194.48.206.22200 OK 4.3 kB URL HTTP/1.1 online.rbb.bg/Content/fonts/webfonts/326381_1_0.woff
IP 194.48.206.22:0
ASN #44396 Raiffeisenbank Bulgaria EAD
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 91a84be59994efcad4820d6f535859a8
4830bf3338f2a1e58eb170b16547567a5f71f057
3416e8df294f5b55bbbad1ccb6349eb26c12b0856875ddb2bb8852c17fed8c22
GET /Content/fonts/webfonts/326381_1_0.woff HTTP/1.1
Host: online.rbb.bg
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://doli.victorflorent.fr
Connection: keep-alive
Referer: https://online.rbb.bg/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Pragma: no-cache
Waf-Blocked: true
Waf-Supportid: 15008022001790682497
Content-Length: 4340
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 8045f030f1424d43155236ac74193734
9f5d53209a1b442a342d7d59986e4817024e2fcd
211c2261b71490e21be41166efa63b59b01ed4188f80c7e095b748abf1f0ae68
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 08:39:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 8045f030f1424d43155236ac74193734
9f5d53209a1b442a342d7d59986e4817024e2fcd
211c2261b71490e21be41166efa63b59b01ed4188f80c7e095b748abf1f0ae68
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 08:39:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 30 Sep 2022 00:48:31 GMT
expires: Sat, 30 Sep 2023 00:48:31 GMT
cache-control: public, max-age=31536000
age: 28269
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
online.rbb.bg/Content/fonts/webfonts/FuturaPT-Medium.woff
194.48.206.22200 OK 4.3 kB URL HTTP/1.1 online.rbb.bg/Content/fonts/webfonts/FuturaPT-Medium.woff
IP 194.48.206.22:0
ASN #44396 Raiffeisenbank Bulgaria EAD
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 2587060229c4c427814ddda728744a6a
95f0bf1057800a0b8196a580a44f3ef0c022e873
602d40298f7803ed83af512adf6c2c12393277c908a04235d4c65d0d12806c65
GET /Content/fonts/webfonts/FuturaPT-Medium.woff HTTP/1.1
Host: online.rbb.bg
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://doli.victorflorent.fr
Connection: keep-alive
Referer: https://online.rbb.bg/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Pragma: no-cache
Waf-Blocked: true
Waf-Supportid: 15008022001784591392
Content-Length: 4340
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 8045f030f1424d43155236ac74193734
9f5d53209a1b442a342d7d59986e4817024e2fcd
211c2261b71490e21be41166efa63b59b01ed4188f80c7e095b748abf1f0ae68
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 08:39:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
online.rbb.bg/Content/images/favicon.ico
194.48.206.22200 OK 14 kB URL HTTP/1.1 online.rbb.bg/Content/images/favicon.ico
IP 194.48.206.22:0
ASN #44396 Raiffeisenbank Bulgaria EAD
File type MS Windows icon resource - 1 icon, 67x51, 32 bits/pixel\012- data
Hash c9b6ba58cc698879e61dfe86f8a1b212
90d98a5e7979bf1ef2ab4d3b3f66aef8ecc27ecb
a6c5e29c95da7c5a333c8f0f660b04b7559448dbb7eecff7372eb2c7fc2a4bc0
GET /Content/images/favicon.ico HTTP/1.1
Host: online.rbb.bg
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://doli.victorflorent.fr/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=1200
Content-Type: image/x-icon
Last-Modified: Tue, 02 Aug 2022 13:07:08 GMT
Accept-Ranges: bytes
ETag: "0e6dc570a6d81:0"
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://browseranalytic.com/ https://livechat.infobip.com/ https://pisano.cx/ https://web2.pisano.cx/ ; frame-src https://browseranalytic.com/ https://www.youtube.com/ https://livechat.infobip.com/ ; connect-src 'self' https://browseranalytic.com https://c.browseranalytic.com https://fd.browseranalytic.com https://ad.browseranalytic.com https://livechat-fr.infobip.com/ https://api.infobip.com https://pisano.cx https://web2.pisano.cx/ https://api.pisano.cx/ https://stage.pisanousercontent.com/ wss://pisano.cx/ ; img-src 'self' data: https://browseranalytic.com https://pisano.cx/ https://cdn.jsdelivr.net/ https://i.ytimg.com/vi_webp/CZcQ6XltICA/mqdefault.webp https://i.ytimg.com/vi/CZcQ6XltICA/mqdefault.jpg
Date: Fri, 30 Sep 2022 08:39:29 GMT
Content-Length: 14342
Set-Cookie: TS01b8fa1e=01fcbdb7579ef2c4fae09d8ee3d6f6af28e65373956836414564c2814b4ce753fd39f81ddb7fa7ee8b6f2077e5323137be640bc0f8; Path=/; Domain=.online.rbb.bg
doli.victorflorent.fr/BG_bg/rbb/Home/.../Scripts/common.js
185.49.20.101404 Not Found 196 B URL HTTP/2 doli.victorflorent.fr/BG_bg/rbb/Home/.../Scripts/common.js
IP 185.49.20.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert fortinet Phishing
GET /BG_bg/rbb/Home/.../Scripts/common.js HTTP/1.1
Host: doli.victorflorent.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://doli.victorflorent.fr/BG_bg/rbb/Home/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Fri, 30 Sep 2022 08:39:40 GMT
server: Apache
content-length: 196
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
online.rbb.bg/Content/fonts/webfonts/FuturaPT-Medium.ttf
194.48.206.22200 OK 4.3 kB URL HTTP/1.1 online.rbb.bg/Content/fonts/webfonts/FuturaPT-Medium.ttf
IP 194.48.206.22:0
ASN #44396 Raiffeisenbank Bulgaria EAD
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash d5ad267e51632b29c64654e87db38bdb
fe3650dd246e140517805c160cd2a225954a0ea2
5f5cf4dd34a43b431204f0d86fba766e7879206b026a4cd8709836a004926fb9
GET /Content/fonts/webfonts/FuturaPT-Medium.ttf HTTP/1.1
Host: online.rbb.bg
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://doli.victorflorent.fr
Connection: keep-alive
Referer: https://online.rbb.bg/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Pragma: no-cache
Waf-Blocked: true
Waf-Supportid: 15008022001790682889
Content-Length: 4340
online.rbb.bg/Content/fonts/iconset-rbb//iconset-rbb.woff?wxo579
194.48.206.22200 OK 4.3 kB URL HTTP/1.1 online.rbb.bg/Content/fonts/iconset-rbb//iconset-rbb.woff?wxo579
IP 194.48.206.22:0
ASN #44396 Raiffeisenbank Bulgaria EAD
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash c0a6c6f7c86a27ee9c094ab63e9f4ccc
dbf146d3c862db5533bb2644d618e7a7cbfd97f8
ce6abc03ebd381c68b3dadcfea21f816e5fe5ad4a87a4c47a9ba14ddf57e3123
GET /Content/fonts/iconset-rbb//iconset-rbb.woff?wxo579 HTTP/1.1
Host: online.rbb.bg
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://doli.victorflorent.fr
Connection: keep-alive
Referer: https://online.rbb.bg/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Pragma: no-cache
Waf-Blocked: true
Waf-Supportid: 15008022001784591624
Content-Length: 4340
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 4.3 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash d14add22be038372f5a2671f6765aeed
d5468bb680b6c4ece24db35d284d0066c2ca57dc
dc8b93a74ad27fe6831e7ea6e5fab39077909ad4602a6bd4022e270e2b5cdd04
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 24 Sep 2022 12:31:58 GMT
expires: Sun, 24 Sep 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 504462
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
online.rbb.bg/Content/fonts/webfonts/326381_0_0.ttf
194.48.206.22200 OK 4.3 kB URL HTTP/1.1 online.rbb.bg/Content/fonts/webfonts/326381_0_0.ttf
IP 194.48.206.22:0
ASN #44396 Raiffeisenbank Bulgaria EAD
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash df03d00b40721318fe0c83ef959dc627
0150ef224db53787fe531dca53b1dab4bff592b6
1e9aa71617c125787486e6359e7c4cbda86f1aaecd2e1d428eb911c3f99c45e1
GET /Content/fonts/webfonts/326381_0_0.ttf HTTP/1.1
Host: online.rbb.bg
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://doli.victorflorent.fr
Connection: keep-alive
Referer: https://online.rbb.bg/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
Pragma: no-cache
Waf-Blocked: true
Waf-Supportid: 15008022001790682897
Content-Length: 4340
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 16eb0b8e180f5a5682b562591c6687e9
20bab715711b3ee2417034898da9a12b02cda22f
5a8f14a2dd506f83291ea61e69504a0afa30f207b1272ec4fb1f059a18e92a2f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 08:39:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
doli.victorflorent.fr/BG_bg/rbb/Scripts/common.js
185.49.20.101200 OK 215 kB URL HTTP/2 doli.victorflorent.fr/BG_bg/rbb/Scripts/common.js
IP 185.49.20.101:0
Size 215 kB (215313 bytes)
Hash f8415f9774cbb396260214b984c41464
9bf4bbe6de7b8600451ace8199c2aec4ea18e630
ae8c90b3f723a14bab94f74e2adfecb51e11bd2361cc3f4733b0c8ba87668be1
Analyzer Verdict Alert fortinet Phishing
GET /BG_bg/rbb/Scripts/common.js HTTP/1.1
Host: doli.victorflorent.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://doli.victorflorent.fr/BG_bg/rbb/Home/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Sep 2022 08:39:40 GMT
server: Apache
last-modified: Fri, 27 May 2022 09:05:04 GMT
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-encoding: gzip
server-id: apache01k
cache-control: public
content-type: application/javascript
X-Firefox-Spdy: h2
www.youtube.com/embed/1Wh2xI03Tgs
142.250.74.78200 OK 29 kB URL HTTP/2 www.youtube.com/embed/1Wh2xI03Tgs
IP 142.250.74.78:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (58480)
Hash bedd9850c873fa3272d56065de81f25e
8f0d9edc662f5ad10e0cc93c12bcc47d42ff1d98
7158af88ec40835e4b6adb139bb3733c9647ad9209a355457074e233458607a2
GET /embed/1Wh2xI03Tgs HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://doli.victorflorent.fr/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 30 Sep 2022 08:39:40 GMT
strict-transport-security: max-age=31536000
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=lZ9yF1zqhsU; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=iSkbNiAMA2Y; Domain=.youtube.com; Expires=Wed, 29-Mar-2023 08:39:40 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+878; expires=Sun, 29-Sep-2024 08:39:40 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 707ae9fcdd83ff2684b843a21df14785
b32e881855867f5436205cca76f1f75062dbedf0
9b8c1f6775cc9961816ab6c78a406036ff4e1278141f3950868bc6dfc87fe3fb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 08:39:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu5mxKOzY.woff2
142.250.74.163200 OK 9.8 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu5mxKOzY.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 9832, version 1.0\012- data
Hash efe937997e08e15b056a3643e2734636
d02decbf472a0928b054cc8e4b13684539a913db
53f2931d978bf9b24d43b5d556ecf315a6b3f089699c5ba3a954c4dde8663361
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu5mxKOzY.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9832
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 25 Sep 2022 22:23:00 GMT
expires: Mon, 25 Sep 2023 22:23:00 GMT
cache-control: public, max-age=31536000
age: 382601
last-modified: Mon, 16 Oct 2017 17:32:49 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 707ae9fcdd83ff2684b843a21df14785
b32e881855867f5436205cca76f1f75062dbedf0
9b8c1f6775cc9961816ab6c78a406036ff4e1278141f3950868bc6dfc87fe3fb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 08:39:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 254cce7ebdf47f4c681ad3d5e22fee04
21ef3d38029b8c76262a70ff813dccce63434eda
a316352726e25710020ff342d7d907ee2a39d3f643a00e52b88b4b8cabbca9bf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 08:39:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/id
142.250.74.34302 Found 0 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP 142.250.74.34:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Fri, 30 Sep 2022 08:39:41 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
216.58.207.234200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 216.58.207.234:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Fri, 30 Sep 2022 08:39:41 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/js/th/NAdTarfwBmmVN2jO9_ZDZXbW2JobdXK1pZJ09rC2Bcw.js
142.250.74.164200 OK 14 kB URL HTTP/2 www.google.com/js/th/NAdTarfwBmmVN2jO9_ZDZXbW2JobdXK1pZJ09rC2Bcw.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (35947)
Hash e50215251e55ca26c783e2e9b382e4a9
80a0845ea0b8569e6b04532c7f958ba759b4f207
85041f26f46486b46c2b91fa99da2e214250de0ec79a3c6edb94c73f7fc9243f
GET /js/th/NAdTarfwBmmVN2jO9_ZDZXbW2JobdXK1pZJ09rC2Bcw.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14149
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 25 Sep 2022 07:45:40 GMT
expires: Mon, 25 Sep 2023 07:45:40 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 19 Sep 2022 15:00:00 GMT
content-type: text/javascript
age: 435241
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 16eb0b8e180f5a5682b562591c6687e9
20bab715711b3ee2417034898da9a12b02cda22f
5a8f14a2dd506f83291ea61e69504a0afa30f207b1272ec4fb1f059a18e92a2f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 08:39:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash dd28406cfc9ec5eb2d8926c1789eaceb
7ba8db83543b0fbc550ea54ed04a81c5c21c55e7
865b9d78033bdd9e9a4409ce9d597705d1d3c47f70f97f442aad6aaa57eebed7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 08:39:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
216.58.207.234200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 216.58.207.234:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash ad39c6983aee4b84054f55bf2372a478
d272db766075d24355a0090df3429ee2d3e8e06b
434233d7c085ee888b844ba75e3c3baa6196c3b90f22c0a45091f74eb20e363e
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Fri, 30 Sep 2022 08:39:41 GMT
server: ESF
cache-control: private
content-length: 30814
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 707ae9fcdd83ff2684b843a21df14785
b32e881855867f5436205cca76f1f75062dbedf0
9b8c1f6775cc9961816ab6c78a406036ff4e1278141f3950868bc6dfc87fe3fb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 08:39:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 271b44a3611bd0507079c8ace811e31b
ad9c9b11eb43eebde519b94128772a81e3166f8d
125dab4ef91481576205501536d51f0b2401c4b2fa75093ccc917a4ebb882a40
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 08:39:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i.ytimg.com/vi_webp/1Wh2xI03Tgs/sddefault.webp
142.250.74.182200 OK 34 kB URL HTTP/2 i.ytimg.com/vi_webp/1Wh2xI03Tgs/sddefault.webp
IP 142.250.74.182:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 640x480, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash be3956502e6584efc17c0fb577551356
bc118bef3ed4a372e2bc6a96e02f725920ce27bb
b065d519a47e9f19646102ce5337382fcdc7a3f8fc7399f0d26e214c4824a1a0
GET /vi_webp/1Wh2xI03Tgs/sddefault.webp HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/webp
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 33702
date: Fri, 30 Sep 2022 08:39:41 GMT
expires: Fri, 30 Sep 2022 10:39:41 GMT
cache-control: public, max-age=7200
etag: "1589868051"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
doli.victorflorent.fr/BG_bg/rbb/Home/Scripts/app.js
185.49.20.101404 Not Found 196 B URL HTTP/2 doli.victorflorent.fr/BG_bg/rbb/Home/Scripts/app.js
IP 185.49.20.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Analyzer Verdict Alert fortinet Phishing
GET /BG_bg/rbb/Home/Scripts/app.js HTTP/1.1
Host: doli.victorflorent.fr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://doli.victorflorent.fr/BG_bg/rbb/Home/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Fri, 30 Sep 2022 08:39:41 GMT
server: Apache
content-length: 196
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash dd28406cfc9ec5eb2d8926c1789eaceb
7ba8db83543b0fbc550ea54ed04a81c5c21c55e7
865b9d78033bdd9e9a4409ce9d597705d1d3c47f70f97f442aad6aaa57eebed7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 08:39:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 2e313bc93263c08c48de8f831da296b6
7a4250b67432477dad6bbbb364d496c71d991164
4ef2c705c2a5208807606836d84e500cf17c4d79662cbd9aefe819ebaa8d59db
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 08:39:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yt3.ggpht.com/ldBbmdaYrv3i-kAvqTStAiZv8Oc_Jz9-JgAvq22z_8MDzPr8SzCYrMui4tPbeQjj_dpaRxbnZA=s68-c-k-c0x00ffffff-no-rj
142.250.74.161200 OK 2.4 kB URL HTTP/2 yt3.ggpht.com/ldBbmdaYrv3i-kAvqTStAiZv8Oc_Jz9-JgAvq22z_8MDzPr8SzCYrMui4tPbeQjj_dpaRxbnZA=s68-c-k-c0x00ffffff-no-rj
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 68x68, components 3\012- data
Hash e3f2ce7ca0652d9a0df9db670d8e7567
48335b93856769796df28851b020e225a448e30f
264b1d1260a8f01aec8cfc9b73f709e948a47bdfb1804a22aac45d860c526583
GET /ldBbmdaYrv3i-kAvqTStAiZv8Oc_Jz9-JgAvq22z_8MDzPr8SzCYrMui4tPbeQjj_dpaRxbnZA=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="channels4_profile.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 2358
x-xss-protection: 0
date: Fri, 30 Sep 2022 05:56:59 GMT
expires: Tue, 12 Jul 2022 07:14:37 GMT
cache-control: public, max-age=86400, no-transform
age: 9762
etag: "v1"
content-type: image/jpeg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 2e313bc93263c08c48de8f831da296b6
7a4250b67432477dad6bbbb364d496c71d991164
4ef2c705c2a5208807606836d84e500cf17c4d79662cbd9aefe819ebaa8d59db
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 30 Sep 2022 08:39:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 139d64e28724086d1d5ab6d2f534ff25
2c717905e83564a17bd8ca61dd934133416f629b
a37afafc8ee712ae7ae935d3ed564f3cf46dd09005debbc5e2650f8b434d1e00
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A37AFAFC8EE712AE7AE935D3ED564F3CF46DD09005DEBBC5E2650F8B434D1E00"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7820
Expires: Fri, 30 Sep 2022 10:50:01 GMT
Date: Fri, 30 Sep 2022 08:39:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 139d64e28724086d1d5ab6d2f534ff25
2c717905e83564a17bd8ca61dd934133416f629b
a37afafc8ee712ae7ae935d3ed564f3cf46dd09005debbc5e2650f8b434d1e00
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A37AFAFC8EE712AE7AE935D3ED564F3CF46DD09005DEBBC5E2650F8B434D1E00"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7820
Expires: Fri, 30 Sep 2022 10:50:01 GMT
Date: Fri, 30 Sep 2022 08:39:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 139d64e28724086d1d5ab6d2f534ff25
2c717905e83564a17bd8ca61dd934133416f629b
a37afafc8ee712ae7ae935d3ed564f3cf46dd09005debbc5e2650f8b434d1e00
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A37AFAFC8EE712AE7AE935D3ED564F3CF46DD09005DEBBC5E2650F8B434D1E00"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7820
Expires: Fri, 30 Sep 2022 10:50:01 GMT
Date: Fri, 30 Sep 2022 08:39:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 139d64e28724086d1d5ab6d2f534ff25
2c717905e83564a17bd8ca61dd934133416f629b
a37afafc8ee712ae7ae935d3ed564f3cf46dd09005debbc5e2650f8b434d1e00
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A37AFAFC8EE712AE7AE935D3ED564F3CF46DD09005DEBBC5E2650F8B434D1E00"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7820
Expires: Fri, 30 Sep 2022 10:50:01 GMT
Date: Fri, 30 Sep 2022 08:39:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 139d64e28724086d1d5ab6d2f534ff25
2c717905e83564a17bd8ca61dd934133416f629b
a37afafc8ee712ae7ae935d3ed564f3cf46dd09005debbc5e2650f8b434d1e00
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A37AFAFC8EE712AE7AE935D3ED564F3CF46DD09005DEBBC5E2650F8B434D1E00"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7820
Expires: Fri, 30 Sep 2022 10:50:01 GMT
Date: Fri, 30 Sep 2022 08:39:41 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe12af206-9f17-40de-9764-14d3cdcb4d2f.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe12af206-9f17-40de-9764-14d3cdcb4d2f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5b8d0a19bc0a56bb40a975c5c71af05a
3248ca3a8b88efd5be8499898fce957d096cf211
da44d6dd845dc400b0b76f19c67e5a79d9359ce24fe5e4490477f195b23203b4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe12af206-9f17-40de-9764-14d3cdcb4d2f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6722
x-amzn-requestid: 6aca2e04-02b4-4e42-8bba-9bbe2ace1ed0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPeLrGq1oAMFuAw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633610b0-65b0664d0233107029ef0157;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 21:40:00 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: AJBSzj2-oh3i6UOpOUtGTcsdTFfHlZhIQchgvcnIeF-4mnNKRly5HQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 21:47:14 GMT
etag: "3248ca3a8b88efd5be8499898fce957d096cf211"
content-type: image/jpeg
age: 39147
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ae1e7d3-41cb-4400-8cae-870baa006b86.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ae1e7d3-41cb-4400-8cae-870baa006b86.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5a137925cb6116c46ce21c6e27933c44
2973e908318c68489bba9b4242254769a4f3d1ba
737bf9c3d2906a937ed0b082c8830982163be90acf8dd01dacc7ec80c5c8bcd1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ae1e7d3-41cb-4400-8cae-870baa006b86.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7777
x-amzn-requestid: d035ce80-1700-4e69-8b75-e0bf47ca9ddf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZDCWCFw4oAMFVDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63311759-0412900d669b5381058ec9a2;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 03:07:05 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qzrjS6zkJKNsHq2s5ooiWCPdM5nPY6isIJfpcGtUi4r4uvXkJBlS8w==
via: 1.1 73b60e9a9fd08eae9e034cedba707280.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 07:24:48 GMT
age: 4493
etag: "2973e908318c68489bba9b4242254769a4f3d1ba"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b307b2d-4d65-4a44-bdc9-02e2eb3040fe.webp
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b307b2d-4d65-4a44-bdc9-02e2eb3040fe.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a7660f52ff0ccc2805e4186bfaeb86f3
64012d0a87c77d8409fa1be7d8d29124a81e3206
c4c2c65c2f830c5820dd019ada07607e31d338b824e2d66f7b4449c1026e123b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b307b2d-4d65-4a44-bdc9-02e2eb3040fe.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6058
x-amzn-requestid: 5895a9dc-4ec5-41cb-b0fa-b3f47677affe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPda6H8toAMFz7g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63360f78-0941b5457484dc0c534333e2;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 21:34:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1Raa8DphZfTmcxIv1z70MMHpeboGmlsoY7k24hpc4GvYqAv4x2NGZQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 22:05:17 GMT
age: 38064
etag: "64012d0a87c77d8409fa1be7d8d29124a81e3206"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff846d550-1085-41f0-ab5c-5cbdba5d3a00.jpeg
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff846d550-1085-41f0-ab5c-5cbdba5d3a00.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 39d9370f63a9d19ea9c05fa1926ce1d0
f15bb6564adddb9a3bb9949321482e65714c047a
cf9353ff328f1afced61c19b48b2add29f4a212bd97cb4d874d5e7747850b3e7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff846d550-1085-41f0-ab5c-5cbdba5d3a00.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5094
x-amzn-requestid: 49ace90a-85a0-45ea-8c0d-6a498fb89042
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPd60Eo9oAMFtkw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63361045-6b8a1c42300d4d6024186bfd;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 21:38:13 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: RlSYyyYERUy_dGxSBuCqq7KOrtHEhq02w2Clbo5flJYC4NBmY-Pphg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 22:15:16 GMT
age: 37465
etag: "f15bb6564adddb9a3bb9949321482e65714c047a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f0344fb-c824-4eac-9d71-05a217499bf9.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f0344fb-c824-4eac-9d71-05a217499bf9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7bb7bc234f1a5c9b04670d89d99c7957
6fbb164a7a1b894c6f5b2be20e66cbc8914f6a10
c4e2ad314004e1e8c97c02575823f376379292c55ba4033362713d84f62e1432
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f0344fb-c824-4eac-9d71-05a217499bf9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9281
x-amzn-requestid: 85c111f8-8883-4f7a-8e94-2e4e12e923b8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPdZZF7-oAMF0Vw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63360f6f-5f4e26bd047866fb170cae01;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 21:34:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: j2TJHo66aMJ_s9Vtr_Tqf0YbBcCwFTprSzk2aUNyOzEPgON6NW5Npw==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 22:21:29 GMT
age: 37092
etag: "6fbb164a7a1b894c6f5b2be20e66cbc8914f6a10"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9789cead-4e6c-4a12-9b45-25d0efd38fc9.png
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9789cead-4e6c-4a12-9b45-25d0efd38fc9.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1389b1d624b44706c7a6f6b7eb769241
78b798f2cfa7db13a6b5ca2ca2783bece5e77d5d
c3c2526b98be06fc7e793e1150bacde2a7bd718e29a851a6e6992e8d84333790
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9789cead-4e6c-4a12-9b45-25d0efd38fc9.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16011
x-amzn-requestid: d58dfdcd-383a-45ac-8ae2-2b97f016b6a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPdbjFy1IAMF84A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63360f7c-1ca9707a5e5087fd769d9ab6;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 21:34:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: f7RrSV82yxUNWPUohKYX-_PBShMw7Qk82bepr3WAGkzHTjLR-gIXBA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 22:53:34 GMT
age: 35167
etag: "78b798f2cfa7db13a6b5ca2ca2783bece5e77d5d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
216.58.207.234200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 216.58.207.234:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Fri, 30 Sep 2022 08:39:41 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
216.58.207.234200 OK 114 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 216.58.207.234:0
File type JSON data\012- , ASCII text, with no line terminators
Hash e7b053c076c71daabd7d2365539acd11
55a3d3f379c2bc748611e6e911f990c816d11351
2c7342884bba1e2572626f0c852a2a4a90b0f9c134b5932361bfa1c6baf4669a
POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 842
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Fri, 30 Sep 2022 08:39:41 GMT
server: ESF
cache-control: private
content-length: 114
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
online.rbb.bg/Content/images/KBC-banner-login.jpg
194.48.206.22200 OK 0 B URL HTTP/1.1 online.rbb.bg/Content/images/KBC-banner-login.jpg
IP 194.48.206.22:0
ASN #44396 Raiffeisenbank Bulgaria EAD
GET /Content/images/KBC-banner-login.jpg HTTP/1.1
Host: online.rbb.bg
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://online.rbb.bg/Content/css/style.min.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Cache-Control: max-age=1200
Content-Type: image/jpeg
Last-Modified: Tue, 02 Aug 2022 13:07:08 GMT
Accept-Ranges: bytes
ETag: "0e6dc570a6d81:0"
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://browseranalytic.com/ https://livechat.infobip.com/ https://pisano.cx/ https://web2.pisano.cx/ ; frame-src https://browseranalytic.com/ https://www.youtube.com/ https://livechat.infobip.com/ ; connect-src 'self' https://browseranalytic.com https://c.browseranalytic.com https://fd.browseranalytic.com https://ad.browseranalytic.com https://livechat-fr.infobip.com/ https://api.infobip.com https://pisano.cx https://web2.pisano.cx/ https://api.pisano.cx/ https://stage.pisanousercontent.com/ wss://pisano.cx/ ; img-src 'self' data: https://browseranalytic.com https://pisano.cx/ https://cdn.jsdelivr.net/ https://i.ytimg.com/vi_webp/CZcQ6XltICA/mqdefault.webp https://i.ytimg.com/vi/CZcQ6XltICA/mqdefault.jpg
Date: Fri, 30 Sep 2022 08:39:28 GMT
Content-Length: 161438
Set-Cookie: TS01b8fa1e=01fcbdb757f10f4f91bc84bc94988cf88403a9d4926d32a1f5d2a259e6bf06ace1ba45c7fa0ba21a7a7412634ae73e1f219cb7c2a4; Path=/; Domain=.online.rbb.bg