Overview

URL cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&1ea5d09f79e65ee089bc671aa1affeb3&dispatch=7789a9717300104ca4218ad08bcbd57bbc81867b
IP163.44.198.59
ASNGMO-Z com NetDesign Holdings Co., Ltd.
Location Thailand
Report completed2022-10-01 17:49:42 UTC
StatusLoading report..
urlquery Alerts Phishing - Spotify


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-10-01 2 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/activityi(2).html Phishing
2022-10-01 2 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.maskedinput.js Phishing
2022-10-01 2 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.v-form.js Phishing
2022-10-01 2 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.additional-me (...) Phishing
2022-10-01 2 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.validate.js Phishing
2022-10-01 2 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.js Phishing
2022-10-01 2 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.CardValidator.js Phishing
2022-10-01 2 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/form_offer_panel.html Phishing
2022-10-01 2 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.mask.js Phishing
2022-10-01 2 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/script.min.js.download Phishing
2022-10-01 2 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/download.ico Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (27)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS r3.o.lencr.org (7) 344 2020-12-02 08:52:13 UTC 2022-10-01 04:59:16 UTC 23.36.76.226
mnemonic passive DNS www.scdn.co (2) 37159 2017-06-28 16:47:14 UTC 2022-10-01 12:36:49 UTC 151.101.86.248
mnemonic passive DNS firefox-settings-attachments.cdn.mozilla.net (1) 11509 2019-11-30 09:32:57 UTC 2022-10-01 09:13:14 UTC 18.164.68.116
mnemonic passive DNS r3.o.lencr.org (7) 344 2020-12-02 08:52:13 UTC 2022-10-01 04:59:16 UTC 23.36.77.32
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-10-01 04:22:38 UTC 34.120.237.76
mnemonic passive DNS shavar.services.mozilla.com (1) 3602 2017-01-30 05:00:58 UTC 2022-10-01 05:17:16 UTC 52.88.11.165
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-10-01 05:28:34 UTC 34.212.166.60
mnemonic passive DNS insight.adsrvr.org (1) 631 2014-07-14 16:03:10 UTC 2022-10-01 09:54:32 UTC 52.223.40.198
mnemonic passive DNS adservice.google.no (1) 96969 2017-09-26 14:23:08 UTC 2022-10-01 04:58:27 UTC 172.217.21.162
mnemonic passive DNS connect.facebook.net (1) 139 2012-05-22 02:51:28 UTC 2022-10-01 04:59:22 UTC 157.240.221.16
mnemonic passive DNS adservice.google.com (1) 76 2021-02-20 16:10:48 UTC 2022-10-01 14:15:52 UTC 216.58.207.226
mnemonic passive DNS www.google.no (1) 25607 2016-04-05 19:50:59 UTC 2022-10-01 09:34:50 UTC 142.250.74.3
mnemonic passive DNS getpocket.cdn.mozilla.net (1) 1369 2017-08-31 07:41:15 UTC 2022-10-01 07:12:21 UTC 34.120.5.221
mnemonic passive DNS content-signature-2.cdn.mozilla.net (3) 1152 2020-11-03 12:26:46 UTC 2022-10-01 05:17:12 UTC 108.156.28.39
mnemonic passive DNS firefox.settings.services.mozilla.com (15) 867 2020-05-27 20:08:30 UTC 2022-10-01 11:41:02 UTC 18.165.201.80
mnemonic passive DNS ocsp.digicert.com (3) 86 2012-05-21 07:02:23 UTC 2022-10-01 14:14:43 UTC 93.184.220.29
mnemonic passive DNS 4721227.fls.doubleclick.net (2) 34921 2015-06-18 14:05:06 UTC 2022-10-01 12:36:50 UTC 142.250.74.70
mnemonic passive DNS bat.bing.com (3) 387 2014-04-08 09:23:16 UTC 2022-10-01 06:07:25 UTC 13.107.21.200
mnemonic passive DNS detectportal.firefox.com (2) 1601 2017-01-30 00:03:31 UTC 2022-10-01 05:02:30 UTC 34.107.221.82
mnemonic passive DNS cpanel10wh.bkk1.cloud.z.com (18) 0 2018-04-15 08:04:34 UTC 2022-10-01 11:51:46 UTC 163.44.198.59 Domain (z.com) ranked at: 166397
mnemonic passive DNS www.googleadservices.com (1) 107 2012-07-21 05:05:30 UTC 2022-10-01 16:14:33 UTC 172.217.21.162
mnemonic passive DNS googleads.g.doubleclick.net (1) 42 2021-02-20 15:43:32 UTC 2022-10-01 17:45:11 UTC 142.250.74.66
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-10-01 05:00:18 UTC 34.117.237.239
mnemonic passive DNS ocsp.globalsign.com (1) 2075 2012-05-25 06:20:55 UTC 2022-10-01 05:00:56 UTC 104.18.20.226
mnemonic passive DNS sp-bootstrap.global.ssl.fastly.net (5) 319464 2015-03-02 13:51:10 UTC 2022-10-01 11:51:50 UTC 151.101.85.194
mnemonic passive DNS www.google.com (1) 7 2016-08-04 12:36:31 UTC 2022-10-01 11:15:31 UTC 142.250.74.164
mnemonic passive DNS ocsp.pki.goog (11) 175 2017-06-14 07:23:31 UTC 2022-10-01 04:58:47 UTC 142.250.74.3


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 163.44.198.59

Date UQ / IDS / BL URL IP
2022-11-12 00:37:06 +0000
23 - 0 - 11 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Lo (...) 163.44.198.59
2022-11-12 00:36:30 +0000
23 - 0 - 11 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Lo (...) 163.44.198.59
2022-11-12 00:36:02 +0000
23 - 0 - 11 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Lo (...) 163.44.198.59
2022-11-12 00:35:52 +0000
23 - 0 - 12 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Lo (...) 163.44.198.59
2022-11-12 00:35:21 +0000
23 - 0 - 11 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Lo (...) 163.44.198.59

Last 5 reports on ASN: GMO-Z com NetDesign Holdings Co., Ltd.

Date UQ / IDS / BL URL IP
2022-12-02 01:37:31 +0000
0 - 0 - 8 bd-dee.com/ 150.95.29.64
2022-12-02 01:04:20 +0000
0 - 0 - 1 jsmultitech.com/ 150.95.29.64
2022-11-30 08:10:43 +0000
0 - 0 - 6 thaiairwaysclub.com/ 150.95.29.64
2022-11-30 01:21:16 +0000
0 - 0 - 1 35795789-44-20181117082207.webstarterz.com/im (...) 163.44.198.51
2022-11-29 20:13:49 +0000
0 - 0 - 2 ghtnt.com/ 163.44.198.39

Last 5 reports on domain: z.com

Date UQ / IDS / BL URL IP
2022-11-12 00:37:06 +0000
23 - 0 - 11 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Lo (...) 163.44.198.59
2022-11-12 00:36:30 +0000
23 - 0 - 11 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Lo (...) 163.44.198.59
2022-11-12 00:36:02 +0000
23 - 0 - 11 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Lo (...) 163.44.198.59
2022-11-12 00:35:52 +0000
23 - 0 - 12 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Lo (...) 163.44.198.59
2022-11-12 00:35:21 +0000
23 - 0 - 11 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Lo (...) 163.44.198.59

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-11-12 00:37:06 +0000
23 - 0 - 11 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Lo (...) 163.44.198.59
2022-11-12 00:36:30 +0000
23 - 0 - 11 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Lo (...) 163.44.198.59
2022-11-12 00:36:02 +0000
23 - 0 - 11 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Lo (...) 163.44.198.59
2022-11-12 00:35:52 +0000
23 - 0 - 12 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Lo (...) 163.44.198.59
2022-11-12 00:35:21 +0000
23 - 0 - 11 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Lo (...) 163.44.198.59


JavaScript

Executed Scripts (18)


Executed Evals (0)


Executed Writes (1)

#1 JavaScript::Write (size: 0, repeated: 1) - SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        
                                    


HTTP Transactions (91)


Request Response
                                        
                                            GET /success.txt?ipv4 HTTP/1.1 
Host: detectportal.firefox.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         34.107.221.82
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Sat, 01 Oct 2022 00:55:58 GMT
Age: 60808
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600


--- Additional Info ---
Magic:  ASCII text
Size:   8
Md5:    ae780585f49b94ce1444eb7d28906123
Sha1:   7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
Sha256: 81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "763E2DADFDD286A51327CD2000CA335E30CD0B9B7267875D22CA33F7556BA200"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2417
Expires: Sat, 01 Oct 2022 18:29:44 GMT
Date: Sat, 01 Oct 2022 17:49:27 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "967B310BB60ACDBB06064A3CF9C7615745AAECAB58818CF5FF156AFD23482A88"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2830
Expires: Sat, 01 Oct 2022 18:36:37 GMT
Date: Sat, 01 Oct 2022 17:49:27 GMT
Connection: keep-alive

                                        
                                            GET /success.txt?ipv4 HTTP/1.1 
Host: detectportal.firefox.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         34.107.221.82
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Sat, 01 Oct 2022 00:55:58 GMT
Age: 60809
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600


--- Additional Info ---
Magic:  ASCII text
Size:   8
Md5:    ae780585f49b94ce1444eb7d28906123
Sha1:   7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
Sha256: 81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5
                                        
                                            GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30 HTTP/1.1 
Host: getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.5.221
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
vary: Accept-Encoding
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Hit from cloudfront
x-amz-cf-pop: SEA73-P2
x-amz-cf-id: 91Lo8scjXYub6Bff2c8kFt2ClBc4P_Su51mZr-_k_bx8PLlPSlzR1g==
content-encoding: gzip
via: 1.1 c21a0d27ceec21e266c9f962d0349438.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 17:47:41 GMT
age: 237
content-length: 44341
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Size:   44341
Md5:    8c1a6c3668bec1aad2ff7b7a96c8ec22
Sha1:   b90c349a3dfbb041527dd2771aab1caf2267a675
Sha256: c6596caf2c0975964b7e4ceb3447cf92eb7349054685ce4aa0607e289abda362
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-06-30-19-51-38.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         108.156.28.39
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Wed, 11 May 2022 19:51:39 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 01 Oct 2022 06:33:13 GMT
etag: "48ca0beea419a9039591cf1aee5179e0"
x-cache: Hit from cloudfront
via: 1.1 b3d26bb0853726fb30b0576bc254ef10.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: 1q0K1sxNBrlO_r-slFVcHyYEbmReEHfFbMAaIFaIgi7Apgpb9VRQDA==
age: 51581
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    48ca0beea419a9039591cf1aee5179e0
Sha1:   9e92629f505fcc07aab51221e8fe62197a23e307
Sha256: 630a5f110337b4a4876aa85c21107d9e8f2550bcc60f023a4777d895b17399fd
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         18.165.201.80
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 01 Oct 2022 17:02:39 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 cb9d66c261e91793be744f629d6e309e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: 8TdPAwrgfBmuSpM50l-WoP5HPqoeMCyTpVgoSXBkOaHiOMnSFaK6MQ==
Age: 2808


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    1b3053fa528e28810f8a2cc9284cc921
Sha1:   cca9eb471d941881a6b9a1793aecb6c281908f6a
Sha256: a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sat, 01 Oct 2022 17:49:27 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1826
Cache-Control: 'max-age=158059'
Date: Sat, 01 Oct 2022 17:49:27 GMT
Last-Modified: Sat, 01 Oct 2022 17:19:01 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /activityi;src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html? HTTP/1.1 
Host: 4721227.fls.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Upgrade-Insecure-Requests: 1

                                         
                                         142.250.74.70
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Date: Sat, 01 Oct 2022 17:49:28 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Strict-Transport-Security: max-age=21600
Pragma: no-cache
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 386
X-XSS-Protection: 0


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (514), with no line terminators
Size:   386
Md5:    296deb3695167c3c5554400fac013f71
Sha1:   6d2e86f0cae8fecc3f6e86fe5c749a687a681ec6
Sha256: 7e5eb591696539bfc010e9c16144f877f6b027804491e4910fce2068bdbff984
                                        
                                            GET /build/js/sp-analytics-a3e2493d01.js HTTP/1.1 
Host: www.scdn.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/

                                         
                                         151.101.86.248
HTTP/1.1 301 Moved Permanently
                                        
Connection: close
Content-Length: 0
Retry-After: 0
Location: https://www.scdn.co/build/js/sp-analytics-a3e2493d01.js
Accept-Ranges: bytes
Date: Sat, 01 Oct 2022 17:49:28 GMT
X-Served-By: cache-bma1663-BMA
X-Cache: HIT
X-Cache-Hits: 0
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000

                                        
                                            POST /downloads?client=Firefox&appver=96.0a&pver=2.2 HTTP/1.1 
Host: shavar.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 773
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         52.88.11.165
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Date: Sat, 01 Oct 2022 17:49:28 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 8
Connection: Close


--- Additional Info ---
Magic:  ASCII text
Size:   8
Md5:    29fc57841962e407cb50c1be60284bf7
Sha1:   ce968a77e2996da5eee8925182318f171ccdce47
Sha256: ae7e7075247dcfad763f1e131aeac3d2e756bb03d48b0d315a50c69636e5dc8b
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 17:49:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /~cp785288/hlep/Login/billing.php?verify_account=session=NL&1ea5d09f79e65ee089bc671aa1affeb3&dispatch=7789a9717300104ca4218ad08bcbd57bbc81867b HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Sat, 01 Oct 2022 17:49:27 GMT
Server: Apache
X-Powered-By: PHP/5.6.40
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=o06mkqvadkchad221oqv258up1; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (743)
Size:   28977
Md5:    08ce35e754d2234cd96dd99e7ff451d6
Sha1:   d143e70cbb9cad1cb08d702eed9c556e69da4b1a
Sha256: 1ece5ebafae25c9db69d85036fb6e7a1960d115b980ac2b1716e0d0e5d6ad0f0

Alerts:
  urlquery:
    - Phishing - Spotify
                                        
                                            GET /build/js/sp-analytics-a3e2493d01.js HTTP/1.1 
Host: www.scdn.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.86.248
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Connection: keep-alive
Content-Length: 2934
Last-Modified: Thu, 09 Aug 2018 08:55:55 GMT
ETag: "3b8ea9b9fed8d12d22fd1c7b7c4367b8"
x-goog-generation: 1533804955085745
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 7969
x-amz-meta-goog-reserved-file-mtime: 1533804724
Content-Encoding: gzip
Accept-Ranges: bytes
Date: Sat, 01 Oct 2022 17:49:28 GMT
Age: 4008838
Timing-Allow-Origin: *
X-Served-By: cache-chi-kigq8000063-CHI, cache-bma1657-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 1
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000


--- Additional Info ---
Magic:  ASCII text, with very long lines (7916)
Size:   2934
Md5:    46f7394944aba4665f842d75ef972bb3
Sha1:   65046fbc4dc0c4d397210e6141702bb70873e273
Sha256: 602d76b0de139658e9c504c4e8f7f1c5858d33d2da30040766d78fb1c9702964
                                        
                                            GET /ddm/fls/i/src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html HTTP/1.1 
Host: adservice.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://4721227.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         216.58.207.226
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 17:49:28 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 385
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (513), with no line terminators
Size:   385
Md5:    6da5969356df80d83312d6b0bca604e8
Sha1:   a352bd59cfe4068c776cc9d3acb723eb4e1609af
Sha256: 4514880eba4798114d09a67b93f1433cf06ece4beeee8266b101fd27b3070d5e
                                        
                                            GET /~cp785288/hlep/Login/files/activityi(2).html HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&1ea5d09f79e65ee089bc671aa1affeb3&dispatch=7789a9717300104ca4218ad08bcbd57bbc81867b
Cookie: PHPSESSID=o06mkqvadkchad221oqv258up1
Upgrade-Insecure-Requests: 1

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 17:49:28 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "20e-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 526
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size:   526
Md5:    4111ba0635356cb00c95c1e7df71bc7a
Sha1:   478e66ccd3ea1606c21b0bc2dc7be11fb4980c81
Sha256: 368050e24650d085ae45ff96cb255eafd8196154f484969f0492ceaab7d9d9c5

Alerts:
  urlquery:
    - Phishing - Spotify
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 17:49:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 17:49:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /ddm/fls/i/src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html HTTP/1.1 
Host: adservice.google.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         172.217.21.162
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 17:49:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://4721227.fls.doubleclick.net/ddm/fls/r/src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 17:49:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 17:49:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /ddm/fls/r/src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html HTTP/1.1 
Host: 4721227.fls.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://adservice.google.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.70
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 17:49:28 GMT
expires: Sat, 01 Oct 2022 17:49:28 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 810
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 01-Oct-2022 18:04:28 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (605)
Size:   810
Md5:    491829d94d11c593c5e13c746519b674
Sha1:   676caaca2116a50807fe27a04675afdead57f8a2
Sha256: 91b4b4087bafc56e81cd7586ea02acf165671395e607698d4d0f78c7e37eeccd
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         18.165.201.80
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Sat, 01 Oct 2022 17:32:55 GMT
Expires: Sat, 01 Oct 2022 18:18:14 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 4ae6e5888b43b4133973ba1aadad8194.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: 96R29trZM8oE3afwlkhd2k4hM2-nsRFyBc8OZHpjKmpTvCN4LlzPRA==
Age: 993


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 17:49:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 17:49:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /~cp785288/hlep/Login/files/jquery.maskedinput.js HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&1ea5d09f79e65ee089bc671aa1affeb3&dispatch=7789a9717300104ca4218ad08bcbd57bbc81867b
Cookie: PHPSESSID=o06mkqvadkchad221oqv258up1

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 01 Oct 2022 17:49:28 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "2805-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 10245
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   10245
Md5:    6f7c106ad7a91b4d75ffbdce35b1907b
Sha1:   e1937b367daea561b96d7f47be85132a5a8ad55b
Sha256: b63e5bcbf53f3f1ab4bcf0845a900fab7b25981693e753d73cfd2784a8046446

Alerts:
  urlquery:
    - Phishing - Spotify
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /pagead/conversion.js HTTP/1.1 
Host: www.googleadservices.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.217.21.162
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 01 Oct 2022 17:49:28 GMT
expires: Sat, 01 Oct 2022 17:49:28 GMT
cache-control: private, max-age=3600
etag: 11313833467736987248
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 16840
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2021)
Size:   16840
Md5:    facf633646edbf5b62983e22d11aa160
Sha1:   0373848f224ca40d2982581b205a8cf28b72dd7c
Sha256: ce5955eb70e6611579323a75ba5536d9af9a224a593fe1a2d8d204fa1127f524
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 17:49:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2435
Cache-Control: 'max-age=158059'
Date: Sat, 01 Oct 2022 17:49:28 GMT
Last-Modified: Sat, 01 Oct 2022 17:08:53 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /~cp785288/hlep/Login/files/embedded-checkout-7f51b6350a.css HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&1ea5d09f79e65ee089bc671aa1affeb3&dispatch=7789a9717300104ca4218ad08bcbd57bbc81867b
Cookie: PHPSESSID=o06mkqvadkchad221oqv258up1

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 01 Oct 2022 17:49:28 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "3f72-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 16242
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (16242), with no line terminators
Size:   16242
Md5:    7f51b6350a9a704d466a234099088106
Sha1:   c86c363d221743f1fd094dc449ebd173c9978998
Sha256: c98fd9d8e74817c15654a9bc1381f9cd3850b87fc5da82d92f1f6aa7558ba09f

Alerts:
  urlquery:
    - Phishing - Spotify
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ZA77iUl/Pp3WjPGWz+6SOQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         34.212.166.60
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 54LnnCSKo4+PBYhL/MInIQNsajQ=

                                        
                                            GET /~cp785288/hlep/Login/files/jquery.v-form.js HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&1ea5d09f79e65ee089bc671aa1affeb3&dispatch=7789a9717300104ca4218ad08bcbd57bbc81867b
Cookie: PHPSESSID=o06mkqvadkchad221oqv258up1

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 01 Oct 2022 17:49:29 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "1bc7-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 7111
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   7111
Md5:    8d3893b549d0d074acd24a67fa6bb19c
Sha1:   e1612052c6092b2ed31a89bd4f2657fd7ca960f6
Sha256: 4e5b8d16044077193472b2bad96dabf3f322452461b533f469846de23b94995f

Alerts:
  urlquery:
    - Phishing - Spotify
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /~cp785288/hlep/Login/files/jquery.additional-methods.js HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&1ea5d09f79e65ee089bc671aa1affeb3&dispatch=7789a9717300104ca4218ad08bcbd57bbc81867b
Cookie: PHPSESSID=o06mkqvadkchad221oqv258up1

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 01 Oct 2022 17:49:28 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "56ed-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 22253
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (1231)
Size:   22253
Md5:    90ea2fdca7a2817e04c6f508fc70fc82
Sha1:   8ea4223a744c83d354c257bbce3e85e6804e9147
Sha256: 72d04d4e4fec062d1c4ef989026f021267b61ffa1d0350855a7007e81f49bba6

Alerts:
  urlquery:
    - Phishing - Spotify
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /~cp785288/hlep/Login/files/jquery.validate.js HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&1ea5d09f79e65ee089bc671aa1affeb3&dispatch=7789a9717300104ca4218ad08bcbd57bbc81867b
Cookie: PHPSESSID=o06mkqvadkchad221oqv258up1

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 01 Oct 2022 17:49:28 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "b4bb-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 46267
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (511)
Size:   46267
Md5:    17836a76e9a044bc7dad83f6dcef42ef
Sha1:   3467edcee0e9cecd3e5be5bfd21227c8676c05ac
Sha256: d030f6633a5d0efd3f76fcf5ec98a0468c76770e618a401ffe5ddc7f6ccc844b

Alerts:
  urlquery:
    - Phishing - Spotify
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /~cp785288/hlep/Login/files/jquery.js HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&1ea5d09f79e65ee089bc671aa1affeb3&dispatch=7789a9717300104ca4218ad08bcbd57bbc81867b
Cookie: PHPSESSID=o06mkqvadkchad221oqv258up1

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 01 Oct 2022 17:49:28 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "15147-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 86343
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (32034), with CRLF line terminators
Size:   86343
Md5:    1a0d5be2d25ff036a0e088e0ec0b3600
Sha1:   7a9ae64f46b3c59ab06648d5681434a89c3d605c
Sha256: 2a1f1370eb7b24a307312112427dfd544fb838a8bef66babc936f5e870a22e52

Alerts:
  urlquery:
    - Phishing - Spotify
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /gsgccr3dvtlsca2020 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 17:49:29 GMT
Content-Length: 1414
Connection: keep-alive
Expires: Wed, 05 Oct 2022 16:01:47 GMT
ETag: "8e41b2861b45200b453431bd26a5cb3f0646eb7e"
Last-Modified: Sat, 01 Oct 2022 16:01:48 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1043
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 753709025d27fab4-OSL


--- Additional Info ---
Magic:  data
Size:   1414
Md5:    788b08834191b0e43b18d95bc12a3505
Sha1:   8e41b2861b45200b453431bd26a5cb3f0646eb7e
Sha256: 98e0113502309a2b0e2d902355074f18c9c5148c5a0110f02d8922fe9e7692a2
                                        
                                            GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221664629034449%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         18.165.201.80
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Sat, 01 Oct 2022 12:57:14 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cache-Control: max-age=3600, max-age=3600
Date: Sat, 01 Oct 2022 17:02:00 GMT
Expires: Sat, 01 Oct 2022 17:02:12 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 1872df29670137f21773bdb80da38e36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: M59WwrFXjfzCBtGsl2k4pfpQHbflwOUsfKDhq5NmeJlZo5zpy4yspw==
Age: 2849


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (22383), with no line terminators
Size:   5244
Md5:    e9c61db898c956a44d767adcf2f44a26
Sha1:   ba775a343d19844a289de26433f3d6c8d14a8fa6
Sha256: b76fbc179cb4bc725712e32d61c2b47067fe164d183c9ef5c8707429858270dc
                                        
                                            GET /~cp785288/hlep/Login/files/jquery.CardValidator.js HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&1ea5d09f79e65ee089bc671aa1affeb3&dispatch=7789a9717300104ca4218ad08bcbd57bbc81867b
Cookie: PHPSESSID=o06mkqvadkchad221oqv258up1

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 01 Oct 2022 17:49:29 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "18df-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 6367
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   6367
Md5:    27c724fa448269f77118494361b0fc0c
Sha1:   7455679ba0a9811fd31ab5ea8f76ebfe4ba22ec9
Sha256: 8802adf5641c1056fcf4feeeabb83be1b1e3724d9b460cecc791dfdd6422bc3b

Alerts:
  urlquery:
    - Phishing - Spotify
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1664498243168&_since=%221653914271178%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         18.165.201.80
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 30 Sep 2022 00:37:23 GMT
X-Content-Type-Options: nosniff
Content-Encoding: br
Date: Sat, 01 Oct 2022 17:05:38 GMT
Cache-Control: max-age=3600
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 1872df29670137f21773bdb80da38e36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: Yj46UmPqm8p1Y6h7Gb_ENeY95qbqFHxLqR-SlSot0PKjWnFsxitcYQ==
Age: 2797


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Size:   12589
Md5:    a88efaec2edcaf88000001ad774230a7
Sha1:   f7b8fa68c170778925675f8b973eecb19f857ca8
Sha256: b7e54c7a5a7e06215135ee2ff5a9fe1aa540e662a085c4c13f5158e84546477b
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         108.156.28.39
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 01 Oct 2022 03:39:03 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 b3d26bb0853726fb30b0576bc254ef10.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: cs2h5oB-CwCTMtk2xzTit2SoKft_rSYE_aHnzr0CVYOMx4CGJLZKHA==
age: 51373
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         18.165.201.80
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 01 Oct 2022 17:02:39 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 1872df29670137f21773bdb80da38e36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: pSbkw1ZHYXNVY8BHPc9oaSu7VxB9ouo8Vxcq4UqsCCCDMpLhZ6ovVw==
Age: 2810


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    1b3053fa528e28810f8a2cc9284cc921
Sha1:   cca9eb471d941881a6b9a1793aecb6c281908f6a
Sha256: a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
                                        
                                            GET /~cp785288/hlep/Login/files/form_offer_panel.html HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&1ea5d09f79e65ee089bc671aa1affeb3&dispatch=7789a9717300104ca4218ad08bcbd57bbc81867b
Cookie: PHPSESSID=o06mkqvadkchad221oqv258up1
Upgrade-Insecure-Requests: 1

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 17:49:29 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "1489-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 5257
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (993)
Size:   5257
Md5:    c118ac3a4ba997458c78eade2e1fdac4
Sha1:   faf216d9d3d102571af688fa9aa4b52da44257fb
Sha256: cfa2f7dc5b0d7b3bc7190aab46525cefb46185c2c0251de98a3290440b5282d1

Alerts:
  urlquery:
    - Phishing - Spotify
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /~cp785288/hlep/Login/files/jquery.mask.js HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&1ea5d09f79e65ee089bc671aa1affeb3&dispatch=7789a9717300104ca4218ad08bcbd57bbc81867b
Cookie: PHPSESSID=o06mkqvadkchad221oqv258up1

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 01 Oct 2022 17:49:29 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "47fe-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 18430
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   18430
Md5:    219d169a80568884a3d6baab3e5e7def
Sha1:   61d00104de8c972c820cd9b527d8e2edb30e5c4a
Sha256: cf1f0d954cbbbcb32d170b1ff68c5b082a1086f34f2bbee825ca88b7c9fb213a

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /staging/addons-bloomfilters/67600448-6fc2-4f40-bd4a-8687d731734f.bin HTTP/1.1 
Host: firefox-settings-attachments.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         18.164.68.116
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Content-Length: 795699
Connection: keep-alive
Last-Modified: Mon, 27 Jun 2022 12:39:11 GMT
x-amz-version-id: 9np1boOrxtHVWzMczpbX1a.N_ewQWHDF
Accept-Ranges: bytes
Server: AmazonS3
Date: Sat, 01 Oct 2022 07:04:19 GMT
ETag: "9b95765b0e26af76116a95a966d61354"
X-Cache: Hit from cloudfront
Via: 1.1 6e05560e2a116f10e93777df92ea6478.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: 1127A4w_crSTQGkBVtiYBY34P59L-e4huIt_i4ioJyu1T3lv47ycaA==
Age: 38718


--- Additional Info ---
Magic:  data
Size:   795699
Md5:    9b95765b0e26af76116a95a966d61354
Sha1:   3f7c1b40fc999b83f3696f455402e49ab484b027
Sha256: 34f969c8e082310785ec4262e2d5b58c919d4de856ffc64b3467507f83ac9571
                                        
                                            GET /v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1664582468554&_since=%221654732864402%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         18.165.201.80
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Sat, 01 Oct 2022 00:01:08 GMT
X-Content-Type-Options: nosniff
Content-Encoding: br
Cache-Control: max-age=3600
Date: Sat, 01 Oct 2022 17:07:16 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 1872df29670137f21773bdb80da38e36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: ehm7--HKzI0IMRxaEBTZ4rMAmzBBtX9w1aqkMp_b2jPydEdBOX8V_w==
Age: 2533


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (58917), with no line terminators
Size:   12189
Md5:    fbf12ba78a987b12a3f002829d49513a
Sha1:   851a3d0c8ab281d5660c3f966e3ec49cdede3539
Sha256: 86bb8a4a4373f252e0819af32c21de9a693805dcbf9ebbaa7f54a97db2f63615
                                        
                                            GET /v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1664576981597&_since=%221654636467710%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         18.165.201.80
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 30 Sep 2022 22:29:41 GMT
X-Content-Type-Options: nosniff
Content-Encoding: br
Cache-Control: max-age=3600
Date: Sat, 01 Oct 2022 17:14:34 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 1872df29670137f21773bdb80da38e36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: kj9l41xnO54nlVPVq4Rpe2wD37CcF9m_PXsZtN8ICqT0JET2O2h0tw==
Age: 2095


--- Additional Info ---
Magic:  ASCII text, with very long lines (31812), with no line terminators
Size:   4522
Md5:    0a8cfe2efc6b0b24150c549ab477643e
Sha1:   ea11b76b989c1cca396d75cb40774bbd014ef689
Sha256: 86f672ecf608509aa0e411d8b80f9e4bb5c1e877040957d56a53ae69897d5ecd
                                        
                                            GET /~cp785288/hlep/Login/files/account-4445741da9.css HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&1ea5d09f79e65ee089bc671aa1affeb3&dispatch=7789a9717300104ca4218ad08bcbd57bbc81867b
Cookie: PHPSESSID=o06mkqvadkchad221oqv258up1

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 01 Oct 2022 17:49:28 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "1ba27-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 113191
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   113191
Md5:    4445741da9c2fcc072a15b124aca043b
Sha1:   6496e6d22375b3c56470b0d163a704e5f5a1dd72
Sha256: 279c2837ecb9591e8dcfd0d1da12755faf0360ff9154f5a2dfde51f138c09489

Alerts:
  urlquery:
    - Phishing - Spotify
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         108.156.28.39
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
date: Fri, 30 Sep 2022 22:29:49 GMT
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 b3d26bb0853726fb30b0576bc254ef10.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: 7EwvhFkg3hwbMgijXvEksEtG3_nAhtMtM6CmdomdJ3V3mkL9z--3wA==
age: 69581
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            GET /v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1662044085942&_since=%221622732735407%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         18.165.201.80
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Thu, 01 Sep 2022 14:54:45 GMT
X-Content-Type-Options: nosniff
Content-Encoding: br
Cache-Control: max-age=3600
Date: Sat, 01 Oct 2022 17:12:21 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 1872df29670137f21773bdb80da38e36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: kKKGW6e4ZbseU3qNxqJVNWVqybD2rALCwGBKBiNGem0TgMfLNRLNWw==
Age: 2228


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (20424), with no line terminators
Size:   5467
Md5:    bcd6f18cc37db55be80b342165208818
Sha1:   9efb53b924ca98367bc4b55b111a39cba2f931f8
Sha256: c36b60b3d2c181017d5bdab7c5978529b70c283001c0ed35bab8242b08a607fd
                                        
                                            GET /v1/buckets/main/collections/password-rules/changeset?_expected=1659924409785&_since=%221652712410939%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         18.165.201.80
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Mon, 08 Aug 2022 02:06:49 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cache-Control: max-age=2592000
Date: Sun, 25 Sep 2022 09:31:21 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 1872df29670137f21773bdb80da38e36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: RgYQ8J7HHFQ-1Xi2JNiE2bhx0hrPUDZ65PIMGD8lELY4nHK46K9low==
Age: 548289


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (1394), with no line terminators
Size:   825
Md5:    323f63cea1e65bcba94765be51a8cad4
Sha1:   5ae1b62bce94b3c9de5cdf0bb3d61873e0667300
Sha256: de2dfaadd3174377d4e4edb027b2abe3909fdfeb1537b4cbc1a56b700ce0be76
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5165
Expires: Sat, 01 Oct 2022 19:15:35 GMT
Date: Sat, 01 Oct 2022 17:49:30 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5165
Expires: Sat, 01 Oct 2022 19:15:35 GMT
Date: Sat, 01 Oct 2022 17:49:30 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7145
Expires: Sat, 01 Oct 2022 19:48:35 GMT
Date: Sat, 01 Oct 2022 17:49:30 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7145
Expires: Sat, 01 Oct 2022 19:48:35 GMT
Date: Sat, 01 Oct 2022 17:49:30 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5165
Expires: Sat, 01 Oct 2022 19:15:35 GMT
Date: Sat, 01 Oct 2022 17:49:30 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fc3f7b5-4c80-4662-ba8b-7997bdbdb6a3.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8299
x-amzn-requestid: 91eed6b6-632f-472b-93d7-4192425fcdfd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSxLDF0SoAMFWgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376246-17bb04894cc786555d693ec3;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:40:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 8JvNUZRyYeZjd4ZxOrGMCbJxVf46NRhiHXsFvCAZn2QeUkdCzKoYbw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 22:15:58 GMT
age: 70412
etag: "2df7db53629c7adda2c0a4dfe9c17791b73a75e1"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8299
Md5:    0d31a422078d02bda318c693c05a58dc
Sha1:   2df7db53629c7adda2c0a4dfe9c17791b73a75e1
Sha256: a07fe4e135b52da6dfa9d8a55684f0a3bf5f5ce52c4064c8ab37836a939902a9
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b0d9d19-67ea-434c-8233-4ac3ec9e78e7.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6959
x-amzn-requestid: eaf91f33-2fe3-4ed5-b89c-6199c2f17651
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSxLCF6toAMFSDg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376246-3b8c7f290ffda97b2d179433;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:40:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: xr7RU7lL1QVYd5D1qQ_jqJQbefIVMeUQsJgxK4C-EvT0Hx0U37SNWQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 22:16:03 GMT
age: 70407
etag: "c09ee0f2be578f0067b2ed0237d565a04438147e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6959
Md5:    21e55a6ca7350ed834993a486e138de1
Sha1:   c09ee0f2be578f0067b2ed0237d565a04438147e
Sha256: 124ca8ae6e3f7c7bb28f0d47fa693753884261ed61896eccf7bc13f249fc8960
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6315
x-amzn-requestid: f0791b53-3c5f-4d94-954d-992a529ebb60
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPnunF35oAMFYbg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63361ff6-2adb303349153ced73ccecf6;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 22:45:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: RGS_T9Cwl5Vjs_bxngHRomiYppE5fLe0SnH19VEfc5-PCT5tb5ku1A==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 04:40:52 GMT
age: 47318
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6315
Md5:    206fb65e75dbadf119512f71e0b78402
Sha1:   58ff0bf8ce7528b303d28bab01a80ad721705569
Sha256: 56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ae73d97-d8e4-4f93-bf30-c175fc72b008.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10201
x-amzn-requestid: 62562627-78a8-4c17-bf6c-b2c986b9ee8f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSxLCFH3IAMFoFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376246-69637d745165485171ca73b9;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:40:22 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: CueKD4mKZFXrPdwSOtYV3muaegRDOA632EztOt22qrk0Qd2yj1oPkg==
via: 1.1 6a63e853422f3197776fb098fab5a416.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 21:57:18 GMT
age: 71532
etag: "49798c4a15545a49f3870b2a16af78dbf8e168cc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10201
Md5:    4be456dbe857580c7b4c7fca3936e04e
Sha1:   49798c4a15545a49f3870b2a16af78dbf8e168cc
Sha256: 23e42987d5e9939424d5f4e4fe0c38faf20a221732097927dd4a656199d9d315
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb90508fe-e6b6-4ad0-9afc-67b46e4d0aa4.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8734
x-amzn-requestid: abef68e4-c2c6-4551-babc-125c93c1506d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSz0UECTIAMF3BA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376681-5090c08a3349bb8715d3c579;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:58:25 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: pAnOlf78Pu-hwBIKm002F4z1G8Q1pshDOPxwIQ81Yu6HzIT-0PJt1Q==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 22:22:17 GMT
age: 70033
etag: "7eea9aa04c5a72c417a580ca45341a0b5adc72cf"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8734
Md5:    1c475b8cc11fdaabbda170c6605d1391
Sha1:   7eea9aa04c5a72c417a580ca45341a0b5adc72cf
Sha256: 888de88ddad429a0bdb565b1f069dab4bea55a3b8a662c4efd9b75fd261dee3b
                                        
                                            GET /v1/buckets/main/collections/websites-with-shared-credential-backends/changeset?_expected=1659924446436&_since=%221650898092205%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         18.165.201.80
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Mon, 08 Aug 2022 02:07:26 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cache-Control: max-age=2592000
Date: Fri, 30 Sep 2022 06:14:31 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 1872df29670137f21773bdb80da38e36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: KdwXMZxrogTnGFVkxyx2NAp4xdUbno9BsOMKg5t58H2CYaHLBNH8pw==
Age: 128099


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (8682), with no line terminators
Size:   3280
Md5:    43ca54322d55fb59979cb10bc0b30a3e
Sha1:   e2c56532fbe8201e4e9e25ac1a1926e2de00fdb5
Sha256: 75f3f51896ab455cc6462a4010bfb3653bf01c4239dbbd92bb9a814267accad6
                                        
                                            GET /v1/buckets/main/collections/search-config/changeset?_expected=1661199949574&_since=%221648132005528%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         18.165.201.80
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Mon, 22 Aug 2022 20:25:49 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cache-Control: max-age=2592000
Date: Sun, 25 Sep 2022 14:46:16 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 1872df29670137f21773bdb80da38e36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: njbZ-cox6Xhco2J1et5llpR67zQV5OTtfHsBfqPa2to2bd7tWuFtXg==
Age: 529394


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (14029), with no line terminators
Size:   3396
Md5:    e7e74647424d9c39a17385a707c87ffd
Sha1:   880314757d8539e3b7ae6512ed941b8c4f6540c5
Sha256: d7bd771e4a69a08d014f8dae26bee3b39f560054ea3ee2d0d1ce9504949e11b4
                                        
                                            GET /v1/buckets/main/collections/cfr/changeset?_expected=1659547595259&_since=%221653578606314%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         18.165.201.80
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Wed, 03 Aug 2022 17:26:35 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Sat, 01 Oct 2022 17:20:18 GMT
Cache-Control: max-age=3600
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 1872df29670137f21773bdb80da38e36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: P_DWCySA4kOlmTVYPiivs4ko_iAg7jaHUC1l6Ys5XN4386wk-4KJJA==
Age: 1773


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (3678), with no line terminators
Size:   1538
Md5:    4372b0caced054199d3597172833bf71
Sha1:   41d1f9115dd839dc4861ff4f79319c1db4e72edb
Sha256: aba600b4d02c12a0dbfcfce41e82c64c08783865d651e4ca171e24df6e74edf3
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d8201d9-93ae-492b-8ea9-d245fa2e4073.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
date: Sat, 01 Oct 2022 17:49:30 GMT
content-length: 3640
x-amzn-requestid: b5f5c567-8aa9-414b-8310-cf3006711ee9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZJo1vFIwoAMF2mA=
x-content-type-options: nosniff
etag: "303c6bb672425443a15bbe22394bd1149f887904"
x-amzn-trace-id: Root=1-6333bb57-0f1cbcbb29287f5367a14b67;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 03:11:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: cUwSPozfNUYcfs8f9xfyj4EO-qku4sf4bzdJkiP0YiaZ5F4cqXgILw==
age: 241192
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3640
Md5:    a9e7ba045a723120501994dea21709db
Sha1:   303c6bb672425443a15bbe22394bd1149f887904
Sha256: b1bea7212e55ec8eaf62434214a86fed7d6a990d105984d79a7fa0e793395d59
                                        
                                            GET /v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         18.165.201.80
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 682
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Pragma, Content-Length, Backoff, Last-Modified, Cache-Control, Content-Type, Retry-After, ETag, Expires, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Mon, 26 Sep 2022 16:36:56 GMT
X-Content-Type-Options: nosniff
Date: Sat, 01 Oct 2022 17:29:12 GMT
Cache-Control: no-cache, no-store, max-age=3600
ETag: "1664210216116"
X-Cache: Hit from cloudfront
Via: 1.1 1872df29670137f21773bdb80da38e36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: OWd9zXG6668CSEFyLfkKLb1JDXK7t8vPzEk4n-Fv4XWGb7qPoksg5g==
Age: 1219


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (682), with no line terminators
Size:   682
Md5:    4e767b65980ef55063cce1d7f423c58e
Sha1:   f6f9756deac632f187752ff6708a2e3a71a04ebc
Sha256: 132e8f66a926b19d6a3ff32ca5bf385272b3b9be5e748cd21b9bb02a13a661e9
                                        
                                            GET /~cp785288/hlep/Login/files/spotify-543b91ee3c.css HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&1ea5d09f79e65ee089bc671aa1affeb3&dispatch=7789a9717300104ca4218ad08bcbd57bbc81867b
Cookie: PHPSESSID=o06mkqvadkchad221oqv258up1

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 01 Oct 2022 17:49:28 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "51795-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 333717
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65371)
Size:   333717
Md5:    543b91ee3c2476d8cef5ea60c31e9c89
Sha1:   6d966ee2076be0b1497de6584b2f4b03b4dfcdc2
Sha256: 758ad9846aa8db4fd6d7958b03c8db3a2416c1e200fd203c4da5d0129f701e94

Alerts:
  urlquery:
    - Phishing - Spotify
                                        
                                            GET /v1/buckets/main/collections/query-stripping/changeset?_expected=1656585893704&_since=%221649762862679%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         18.165.201.80
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Thu, 30 Jun 2022 10:44:53 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cache-Control: max-age=2592000
Date: Thu, 22 Sep 2022 16:58:34 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 1872df29670137f21773bdb80da38e36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: Auh_pr23eCNw4t3Z30QdLlW2YWcKJfnz0vV6FbZa8OIrwg7Zz0v_cA==
Age: 780656


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (1710), with no line terminators
Size:   959
Md5:    7f8d60f2a2ddf1651425be89890b444b
Sha1:   cf38b90181533f4349a971304041d985130844bc
Sha256: 9d4dc14a2c3acf67d6202f7660eec8195f820565902ae4ac776f4e5a86a6295a
                                        
                                            GET /v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1657747510534&_since=%221654266643527%22 HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         18.165.201.80
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Wed, 13 Jul 2022 21:25:10 GMT
X-Content-Type-Options: nosniff
Content-Encoding: br
Date: Sat, 01 Oct 2022 17:19:24 GMT
Cache-Control: max-age=3600
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 1872df29670137f21773bdb80da38e36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: DM8B0Z0CN0XO74uLmbDoDko3Fbcw5fLQ2vSyHHA_gMuLidt7a_4FTQ==
Age: 1822


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (2194), with no line terminators
Size:   1009
Md5:    724bbf0bfaba9a725274e8a594cf420b
Sha1:   d7e187e558c0ad886a8eade39a79f7aae0eadb20
Sha256: 41ce2c16cf3dcc886429392702ea944492e457e7d82b8b33d77c7a32c918549d
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 17:49:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /bat.js HTTP/1.1 
Host: bat.bing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         13.107.21.200
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: private,max-age=1800
content-length: 11376
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ranges: bytes
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
set-cookie: MUID=3D6AC1E90C276134381ED3D90DD260FF; domain=.bing.com; expires=Thu, 26-Oct-2023 17:49:30 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EDA0C6153EDC43FF943C6EFAFBE768BA Ref B: OSL30EDGE0511 Ref C: 2022-10-01T17:49:30Z
date: Sat, 01 Oct 2022 17:49:29 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (38826), with no line terminators
Size:   11376
Md5:    2fe1e0c50cbb86b0c379ed78416df9c5
Sha1:   3e2c958bf438bc1486502253d613527fde7fdb25
Sha256: 57ab58b1840406037c30d4031235b6a715ee6f96f2574ab1eb93c5f4d6894bcd
                                        
                                            GET /pagead/viewthroughconversion/938675917/?random=1664646566903&cv=9&fst=1664646566903&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F4721227.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D4721227%3Btype%3Duidfq0%3Bcat%3Dspoti0%3Bord%3D5160187481151%3Bgtm%3DG1u%3Bu2%3Dundefined%3B~oref%3Dfile%253A%252F%252F%252FC%253A%252FAppServ%252Fwww%252FOVO%252520v2.7%252FSpotify%252FSubscription%252520and%252520payment%252520-%252520Spotify.html&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&rfmt=3&fmt=4 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

                                         
                                         142.250.74.66
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 17:49:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1155
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 01-Oct-2022 18:04:30 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2718), with no line terminators
Size:   1155
Md5:    81fac0d2bdad11acc020c97c6e247ae6
Sha1:   b71bfe7436c4ea4e87adde255801032cf1f872d5
Sha256: 788bd0b092613a2e70bb900b641ebdce4468bf114e06c0facd0f4820b74d8a6d
                                        
                                            GET /~cp785288/hlep/Login/files/script.min.js.download HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/form_offer_panel.html
Cookie: PHPSESSID=o06mkqvadkchad221oqv258up1

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 01 Oct 2022 17:49:29 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "19066-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 102502
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (606)
Size:   102502
Md5:    97a4272e14f1f22426b66cf76d35cb6c
Sha1:   37b019ee762cf810d1f7afb2093759555a7b9a82
Sha256: 5eac9ca987f8ea95d31583f360ea2211f3cd58afda19ead30f9e890106d460b2

Alerts:
  urlquery:
    - Phishing - Spotify
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /p/action/5489004.js HTTP/1.1 
Host: bat.bing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         13.107.21.200
HTTP/2 204 No Content
                                        
cache-control: private,max-age=1800
set-cookie: MUID=0FA134820920641E03C126B208D565A8; domain=.bing.com; expires=Thu, 26-Oct-2023 17:49:30 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B99F1CCE2A73485AA18513C51D973C01 Ref B: OSL30EDGE0511 Ref C: 2022-10-01T17:49:30Z
date: Sat, 01 Oct 2022 17:49:29 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /action/0?ti=5489004&Ver=2&mid=6ccbfa07-98be-4e37-9a35-63c75a38b21e&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&p=https%3A%2F%2Fadservice.google.com%2F&r=&lt=2246&evt=pageLoad&ifm=1&sv=1&rn=763835 HTTP/1.1 
Host: bat.bing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         13.107.21.200
HTTP/2 204 No Content
                                        
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=39E7E83733CF650E2EA2FA07323A6447; domain=.bing.com; expires=Thu, 26-Oct-2023 17:49:30 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4721CFEF27704A9382ABA8192176BC28 Ref B: OSL30EDGE0511 Ref C: 2022-10-01T17:49:30Z
date: Sat, 01 Oct 2022 17:49:29 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /8.2.0/images/flags/int.svg HTTP/1.1 
Host: sp-bootstrap.global.ssl.fastly.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.85.194
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Connection: keep-alive
Content-Length: 20408
Last-Modified: Mon, 21 Mar 2022 12:56:04 GMT
ETag: "d15d3150af5b38c95ccbe16ba344d47f"
x-goog-generation: 1647867364791394
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 48095
x-amz-meta-goog-reserved-file-mtime: 1504812661
Content-Encoding: gzip
Accept-Ranges: bytes
Date: Sat, 01 Oct 2022 17:49:30 GMT
Age: 2773578
X-Served-By: cache-chi-klot8100114-CHI, cache-bma1639-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 136, 1
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (48095), with no line terminators
Size:   20408
Md5:    f0502bfcc1f3e782c835f8451b65b007
Sha1:   121a2c65c3081cfbc124f475b411adb92b2bc1bc
Sha256: 4d148629e85b4da29493dd19bd6d02acfcf63b3085475b7154e3279811cdfa56

Alerts:
  urlquery:
    - Phishing - Spotify
                                        
                                            GET /8.2.0/fonts/circular-black.woff2 HTTP/1.1 
Host: sp-bootstrap.global.ssl.fastly.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://cpanel10wh.bkk1.cloud.z.com
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.85.194
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Connection: keep-alive
Content-Length: 69188
Last-Modified: Mon, 21 Mar 2022 12:56:03 GMT
ETag: "9e0ddf791ff8bdc860603330b6b1c88e"
x-goog-generation: 1647867363538571
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 69188
x-amz-meta-goog-reserved-file-mtime: 1504812660
Accept-Ranges: bytes
Date: Sat, 01 Oct 2022 17:49:30 GMT
Age: 2095717
X-Served-By: cache-chi-kigq8000145-CHI, cache-bma1679-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 1
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 69188, version 1.66\012- data
Size:   69188
Md5:    9e0ddf791ff8bdc860603330b6b1c88e
Sha1:   9a721a21c1928f089ee0eae1988acd8c83fa1a33
Sha256: 769dae020149617e3d70328c3e1557fa3ca53fa128a9743ab389b2bfcb5327f1

Alerts:
  urlquery:
    - Phishing - Spotify
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 17:49:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /8.2.0/fonts/circular-book.woff2 HTTP/1.1 
Host: sp-bootstrap.global.ssl.fastly.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://cpanel10wh.bkk1.cloud.z.com
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.85.194
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Connection: keep-alive
Content-Length: 64512
Last-Modified: Mon, 21 Mar 2022 12:56:03 GMT
ETag: "0c0dfc4df72c07c84b15651ab6f951a6"
x-goog-generation: 1647867363540028
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 64512
x-amz-meta-goog-reserved-file-mtime: 1504812661
Accept-Ranges: bytes
Date: Sat, 01 Oct 2022 17:49:30 GMT
Age: 965695
X-Served-By: cache-chi-kigq8000135-CHI, cache-bma1665-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 63, 1
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 64512, version 1.66\012- data
Size:   64512
Md5:    0c0dfc4df72c07c84b15651ab6f951a6
Sha1:   06d7669306b19fffec534f47b18eedce61c5aa73
Sha256: 16f860a080d405f412750f83c4ee2168302cd1f3347416b5b3ae50bae3571b28

Alerts:
  urlquery:
    - Phishing - Spotify
                                        
                                            GET /8.2.0/fonts/circular-bold.woff2 HTTP/1.1 
Host: sp-bootstrap.global.ssl.fastly.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://cpanel10wh.bkk1.cloud.z.com
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.85.194
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Connection: keep-alive
Content-Length: 69140
Last-Modified: Mon, 21 Mar 2022 12:56:03 GMT
ETag: "14bfce9501e5a5dc0adbe559dd630bc6"
x-goog-generation: 1647867363593511
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 69140
x-amz-meta-goog-reserved-file-mtime: 1504812661
Accept-Ranges: bytes
Date: Sat, 01 Oct 2022 17:49:30 GMT
Age: 4534572
X-Served-By: cache-chi-kigq8000076-CHI, cache-bma1675-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 7
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 69140, version 1.66\012- data
Size:   69140
Md5:    14bfce9501e5a5dc0adbe559dd630bc6
Sha1:   1347f73fa1907fd9762431cbcfc1e14918cdbddc
Sha256: 0e1e4f36fc8076dd1b5f30ac8aeaeed4b5927e475d0d4e7b8d63a33beb2fd0b5

Alerts:
  urlquery:
    - Phishing - Spotify
                                        
                                            GET /8.2.0/fonts/circular-medium.woff2 HTTP/1.1 
Host: sp-bootstrap.global.ssl.fastly.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://cpanel10wh.bkk1.cloud.z.com
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.85.194
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Connection: keep-alive
Content-Length: 66268
Last-Modified: Mon, 21 Mar 2022 12:56:03 GMT
ETag: "251eb282f9ea3a40421d0ae5a549fb92"
x-goog-generation: 1647867363628825
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 66268
x-amz-meta-goog-reserved-file-mtime: 1504812661
Accept-Ranges: bytes
Date: Sat, 01 Oct 2022 17:49:30 GMT
Age: 977476
X-Served-By: cache-chi-kigq8000155-CHI, cache-bma1653-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 37, 1
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 66268, version 1.66\012- data
Size:   66268
Md5:    251eb282f9ea3a40421d0ae5a549fb92
Sha1:   1a82cf4b6869398509c5bd982495e461c1eb3823
Sha256: a9d8ae96f7d8b1c672c9cdf8709e876e76172e41c2d9f15a842fc6d9c6f5573d

Alerts:
  urlquery:
    - Phishing - Spotify
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 17:49:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /pagead/1p-user-list/938675917/?random=1664646566903&cv=9&fst=1664643600000&num=1&guid=ON&eid=375603261&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=2&url=https%3A%2F%2F4721227.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D4721227%3Btype%3Duidfq0%3Bcat%3Dspoti0%3Bord%3D5160187481151%3Bgtm%3DG1u%3Bu2%3Dundefined%3B~oref%3Dfile%253A%252F%252F%252FC%253A%252FAppServ%252Fwww%252FOVO%252520v2.7%252FSpotify%252FSubscription%252520and%252520payment%252520-%252520Spotify.html&ref=https%3A%2F%2Fadservice.google.com%2F&fmt=3&is_vtc=1&random=3896170332&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1 
Host: www.google.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.3
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 17:49:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /pagead/1p-user-list/938675917/?random=1664646566903&cv=9&fst=1664643600000&num=1&guid=ON&eid=375603261&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=2&url=https%3A%2F%2F4721227.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D4721227%3Btype%3Duidfq0%3Bcat%3Dspoti0%3Bord%3D5160187481151%3Bgtm%3DG1u%3Bu2%3Dundefined%3B~oref%3Dfile%253A%252F%252F%252FC%253A%252FAppServ%252Fwww%252FOVO%252520v2.7%252FSpotify%252FSubscription%252520and%252520payment%252520-%252520Spotify.html&ref=https%3A%2F%2Fadservice.google.com%2F&fmt=3&is_vtc=1&random=3896170332&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.164
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 01 Oct 2022 17:49:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /~cp785288/hlep/Login/files/sprites_cc_logos.png HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&1ea5d09f79e65ee089bc671aa1affeb3&dispatch=7789a9717300104ca4218ad08bcbd57bbc81867b
Cookie: PHPSESSID=o06mkqvadkchad221oqv258up1

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sat, 01 Oct 2022 17:49:30 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "5e74-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 24180
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 37 x 948, 8-bit/color RGBA, non-interlaced\012- data
Size:   24180
Md5:    0cc5525016888556c3fb82f2cdab246a
Sha1:   f7fbe9b43f6d01cad02f9b016d4b0f0abb8c4423
Sha256: a47f9feda7682c5085fa780e2560144c5bc70caa592a8d1a345a852948efa94a

Alerts:
  urlquery:
    - Phishing - Spotify
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4887
Cache-Control: 'max-age=158059'
Date: Sat, 01 Oct 2022 17:49:30 GMT
Last-Modified: Sat, 01 Oct 2022 16:28:03 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /~cp785288/hlep/Login/files/download.ico HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&1ea5d09f79e65ee089bc671aa1affeb3&dispatch=7789a9717300104ca4218ad08bcbd57bbc81867b
Cookie: PHPSESSID=o06mkqvadkchad221oqv258up1

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Date: Sat, 01 Oct 2022 17:49:31 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "1536-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 5430
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size:   5430
Md5:    ace4d8543bbb017893402a1e9d1ac1fa
Sha1:   70a0e66f27ae1b004628117d4d9e9b4110f91651
Sha256: d2534e9fb333a6e277f1edf9b9843564e094027fb79979081e41fd778c339ae5

Alerts:
  urlquery:
    - Phishing - Spotify
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /~cp785288/hlep/Login/vv.gif HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&1ea5d09f79e65ee089bc671aa1affeb3&dispatch=7789a9717300104ca4218ad08bcbd57bbc81867b
Cookie: PHPSESSID=o06mkqvadkchad221oqv258up1

                                         
                                         163.44.198.59
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 17:49:30 GMT
Server: Apache
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
                                        
                                            GET /track/conv/?adv=3ysyqec&ct=0:2azffrr&fmt=3 HTTP/1.1 
Host: insight.adsrvr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         52.223.40.198
HTTP/2 200 OK
content-type: image/gif
                                        
date: Sat, 01 Oct 2022 17:49:29 GMT
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
set-cookie: TDID=ed36b640-0553-46aa-a48e-99e440d0d9b8; domain=.adsrvr.org; expires=Sun, 01-Oct-2023 17:49:29 GMT; path=/; secure; SameSite=None TDCPM=CAEYBTgBQgQiAggB; domain=.adsrvr.org; expires=Sun, 01-Oct-2023 17:49:29 GMT; path=/; secure; SameSite=None
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /signals/config/1483047915331997?v=2.8.12&r=stable HTTP/1.1 
Host: connect.facebook.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         157.240.221.16
HTTP/2 200 OK
content-type: application/x-javascript; charset=utf-8
                                        
vary: Accept-Encoding
content-encoding: gzip
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: SCjgAnJPPRMOncmw2cwTSZQppfasxU8ioH8gCmGtXWbylx/9w6kqmyZYUJ6olNKftcqObfRySrDSr7Df3vzjVg==
priority: u=3,i
x-fb-trip-id: 1679558926
date: Sat, 01 Oct 2022 17:49:31 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /build/i/sprite/icon-provider-9b3624f0bb.png HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/account-4445741da9.css
Cookie: PHPSESSID=o06mkqvadkchad221oqv258up1

                                         
                                         163.44.198.59
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Sat, 01 Oct 2022 17:49:30 GMT
Server: Apache
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---