Overview

URL gzybl13.com/vendor/sebastian/diff/bana/292be75f17f04266fcefbb0f1dbad7fd/execution.html?validation=e1s1
IP121.42.94.163
ASNHangzhou Alibaba Advertising Co.,Ltd.
Location China
Report completed2022-09-28 20:44:05 UTC
StatusLoading report..
urlquery Alerts Phishing - DHL


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-28 2 gzybl13.com/vendor/sebastian/diff/bana/dist/js.cookie.js Phishing
2022-09-28 2 gzybl13.com/vendor/sebastian/diff/bana/dist/jquery-lang.js Phishing
2022-09-28 2 gzybl13.com/vendor/sebastian/diff/bana/dist/load.php Phishing
2022-09-28 2 gzybl13.com/vendor/sebastian/diff/bana/dist/DHL_head.html Phishing
2022-09-28 2 gzybl13.com/vendor/sebastian/diff/bana/dist/DHL_footer.html Phishing
2022-09-28 2 gzybl13.com/vendor/sebastian/diff/bana/dist/fonts/iconfont-e7bece496cd0e6d6 (...) Phishing
2022-09-28 2 gzybl13.com/vendor/sebastian/diff/bana/dist/fonts/default-274a65bae9742377a (...) Phishing
2022-09-28 2 gzybl13.com/vendor/sebastian/diff/bana/dist/fonts/default-815fcbb4d2c579017 (...) Phishing
2022-09-28 2 gzybl13.com/vendor/sebastian/diff/bana/dist/fonts/default-3e828e80f6e985c35 (...) Phishing
2022-09-28 2 gzybl13.com/vendor/sebastian/diff/bana/dist/DHL_track.html Phishing
2022-09-28 2 gzybl13.com/vendor/sebastian/diff/bana/dist/jquery.validate.min.js Phishing
2022-09-28 2 gzybl13.com/vendor/sebastian/diff/bana/dist/langpack/en.json Phishing
2022-09-28 2 gzybl13.com/vendor/sebastian/diff/bana/dist/langpack/en.json Phishing
2022-09-28 2 gzybl13.com/vendor/sebastian/diff/bana/dist/fonts/default-5a6dd86f272b304a8 (...) Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (14)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS ipinfo.io (2) 8136 2015-02-06 06:58:53 UTC 2022-09-28 10:12:53 UTC 34.117.59.81
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-28 17:26:30 UTC 2022-09-28 12:06:36 UTC 143.204.55.36
mnemonic passive DNS r3.o.lencr.org (5) 344 2020-12-02 08:52:13 UTC 2022-09-28 04:36:09 UTC 23.36.77.32
mnemonic passive DNS code.jquery.com (1) 634 2012-05-21 17:28:02 UTC 2022-09-28 04:38:15 UTC 69.16.175.10
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-28 05:02:28 UTC 52.89.15.44
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-28 08:06:38 UTC 34.120.237.76
mnemonic passive DNS ocsp.globalsign.com (1) 2075 2012-05-25 06:20:55 UTC 2022-09-28 04:39:17 UTC 104.18.20.226
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-28 04:36:06 UTC 34.117.237.239
mnemonic passive DNS gzybl13.com (17) 0 2022-09-14 15:07:23 UTC 2022-09-28 17:37:35 UTC 121.42.94.163 Unknown ranking
mnemonic passive DNS ajax.googleapis.com (1) 12905 2013-08-16 09:51:31 UTC 2022-09-28 16:18:43 UTC 142.250.74.42
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-28 16:15:39 UTC 93.184.220.29
mnemonic passive DNS ocsp.pki.goog (2) 175 2017-06-14 07:23:31 UTC 2022-09-28 04:36:20 UTC 142.250.74.3
mnemonic passive DNS cdn.jsdelivr.net (2) 439 2012-09-30 00:15:09 UTC 2022-09-28 04:37:53 UTC 151.101.85.229
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-28 05:13:47 UTC 143.204.55.35


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 121.42.94.163

Date UQ / IDS / BL URL IP
2022-10-01 23:16:28 +0000
6 - 0 - 13 gzybl13.com/vendor/sebastian/diff/bana/cca1aa (...) 121.42.94.163
2022-10-01 22:53:35 +0000
6 - 0 - 13 gzybl13.com/vendor/sebastian/diff/bana/90e069 (...) 121.42.94.163
2022-10-01 22:52:43 +0000
7 - 0 - 14 gzybl13.com/vendor/sebastian/diff/bana/8db71c (...) 121.42.94.163
2022-10-01 22:52:27 +0000
6 - 0 - 13 gzybl13.com/vendor/sebastian/diff/bana/7dc89f (...) 121.42.94.163
2022-10-01 22:21:05 +0000
6 - 0 - 13 gzybl13.com/vendor/sebastian/diff/bana/f47529 (...) 121.42.94.163

Last 5 reports on ASN: Hangzhou Alibaba Advertising Co.,Ltd.

Date UQ / IDS / BL URL IP
2022-11-28 20:33:40 +0000
0 - 0 - 1 zhikey.com/crm/exe/update.exe 39.100.254.136
2022-11-28 20:19:05 +0000
0 - 0 - 9 test2.sibole.cn/mobile/pages/login/login 47.106.222.192
2022-11-28 17:09:42 +0000
0 - 0 - 39 ufeiya.cn/en/index.php/template/public/js/fan (...) 112.74.88.221
2022-11-28 17:09:42 +0000
0 - 0 - 39 ufeiya.cn/en/index.php/template/public/js/tem (...) 112.74.88.221
2022-11-28 17:06:49 +0000
0 - 0 - 116 ufeiya.cn/en/index.php/template/public/js/fan (...) 112.74.88.221

Last 5 reports on domain: gzybl13.com

Date UQ / IDS / BL URL IP
2022-10-01 23:16:28 +0000
6 - 0 - 13 gzybl13.com/vendor/sebastian/diff/bana/cca1aa (...) 121.42.94.163
2022-10-01 22:53:35 +0000
6 - 0 - 13 gzybl13.com/vendor/sebastian/diff/bana/90e069 (...) 121.42.94.163
2022-10-01 22:52:43 +0000
7 - 0 - 14 gzybl13.com/vendor/sebastian/diff/bana/8db71c (...) 121.42.94.163
2022-10-01 22:52:27 +0000
6 - 0 - 13 gzybl13.com/vendor/sebastian/diff/bana/7dc89f (...) 121.42.94.163
2022-10-01 22:21:05 +0000
6 - 0 - 13 gzybl13.com/vendor/sebastian/diff/bana/f47529 (...) 121.42.94.163

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-11-12 15:56:11 +0000
17 - 0 - 15 diretoriodeartistas.com/Ven-C404/_/dir/93772f (...) 43.156.100.63
2022-11-12 15:55:31 +0000
20 - 0 - 17 diretoriodeartistas.com/Ven-C404/_/dir/6d1b54 (...) 43.156.100.63
2022-11-12 15:55:08 +0000
18 - 0 - 15 diretoriodeartistas.com/Ven-C404/_/dir/570989 (...) 43.156.100.63
2022-11-12 15:54:49 +0000
18 - 0 - 15 diretoriodeartistas.com/Ven-C404/_/dir/c083b7 (...) 43.156.100.63
2022-11-12 15:54:28 +0000
22 - 0 - 19 diretoriodeartistas.com/Ven-C404/_/dir/310c23 (...) 43.156.100.63


JavaScript

Executed Scripts (14)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (43)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 28 Sep 2022 20:15:39 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: EQp0RrVnXWUsbVsb-PlKW3sMiCnVHM2B549TwDYabkkicF_UIjAQkA==
Age: 1695


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "2A40F957A6B1734AA3F87CFF51B673F0536732DB15B09033DD604879692DF349"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10343
Expires: Wed, 28 Sep 2022 23:36:17 GMT
Date: Wed, 28 Sep 2022 20:43:54 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 28 Sep 2022 09:24:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: vQyT7PPGbPY2ODF8AUoRLW9SCLJTguJRnuG8IIJ97g6hJA5LX0sL7w==
age: 54928
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 28 Sep 2022 20:43:54 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 28 Sep 2022 20:29:34 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Wed, 28 Sep 2022 21:10:59 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 1MA2iDaO3Un81Uj0vZuQxXdCiYrxOJLq8verpOWfYdJ5O0Qolt5SOQ==
Age: 862


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /vendor/sebastian/diff/bana/292be75f17f04266fcefbb0f1dbad7fd/execution.html?validation=e1s1 HTTP/1.1 
Host: gzybl13.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         121.42.94.163
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Wed, 28 Sep 2022 20:43:55 GMT
Server: Apache
Last-Modified: Fri, 16 Sep 2022 14:06:26 GMT
ETag: "28205ae-1f52-5e8cbde23af40"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 1782
Keep-Alive: timeout=15, max=300
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   1782
Md5:    6b93961fcf4afedb697680d1abf1cf33
Sha1:   025249a0f6d1fc3192abec4f8f4c089a121534cd
Sha256: b33e199645f50f4a637971e4a59746df19a8b9abf44e731f24d7e78bb9048d5d

Alerts:
  urlquery:
    - Phishing - DHL
                                        
                                            GET /ajax/libs/jquery/1.10.2/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gzybl13.com/

                                         
                                         142.250.74.42
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 32954
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 28 Sep 2022 06:14:25 GMT
Expires: Thu, 28 Sep 2023 06:14:25 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Age: 52170


--- Additional Info ---
Magic:  ASCII text, with very long lines (32072)
Size:   32954
Md5:    d38e2944bbc9ae54b8947a2bd0b9a932
Sha1:   782a825679b248d38979c2d7ecae257873344437
Sha256: 65a0917567cb7037612cf420629873f2f3594d2e741aaadf90d893d07d8f5fdd
                                        
                                            GET /jquery-3.5.1.min.js HTTP/1.1 
Host: code.jquery.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://gzybl13.com
Connection: keep-alive
Referer: http://gzybl13.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         69.16.175.10
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Wed, 28 Sep 2022 20:43:55 GMT
content-encoding: gzip
content-length: 30879
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-15d84"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1664397835.dop022.sk1.t,1664397835.cds263.sk1.hn,1664397835.cds208.sk1.c
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   30879
Md5:    3700d0b271343804b9b9aa1c13efa521
Sha1:   3d6b03dbd74872ca3dfbb0529f6c80943788f918
Sha256: fda7541f8e4cf921d20bcd0dc1d0efe69644c79bd18a0be4ce2f34246c83603e
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3809
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 20:43:55 GMT
Last-Modified: Wed, 28 Sep 2022 19:40:26 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /vendor/sebastian/diff/bana/dist/js.cookie.js HTTP/1.1 
Host: gzybl13.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gzybl13.com/vendor/sebastian/diff/bana/292be75f17f04266fcefbb0f1dbad7fd/execution.html?validation=e1s1

                                         
                                         121.42.94.163
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Wed, 28 Sep 2022 20:43:55 GMT
Server: Apache
Last-Modified: Wed, 07 Sep 2022 22:05:59 GMT
ETag: "2421066-d60-5e81d8492cc0d"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 1387
Keep-Alive: timeout=15, max=299
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   1387
Md5:    bc8cc9c688c4d556936a7fa6ec6fbe12
Sha1:   7c3a045a0256e758345d82062b9d08c6a4d97d2a
Sha256: d234097e1e7a6e22fa09f7684577c07c861c77485105a1d74daa90646c1d47a7

Alerts:
  urlquery:
    - Phishing - DHL
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: xNRY9qqtHTPtoRTs90zezg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         52.89.15.44
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ERvXcknbuKuMLSYbNYxRm59nFgQ=

                                        
                                            GET /vendor/sebastian/diff/bana/dist/jquery-lang.js HTTP/1.1 
Host: gzybl13.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gzybl13.com/vendor/sebastian/diff/bana/292be75f17f04266fcefbb0f1dbad7fd/execution.html?validation=e1s1

                                         
                                         121.42.94.163
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Wed, 28 Sep 2022 20:43:56 GMT
Server: Apache
Last-Modified: Wed, 07 Sep 2022 22:05:59 GMT
ETag: "2421061-6c2d-5e81d8492c825"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 7000
Keep-Alive: timeout=15, max=300
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   7000
Md5:    1c1917fafff89489f105f5d8427e6ef5
Sha1:   f6fb0efe5340fb45aeeb5550c1811e8c46cf79fa
Sha256: 50b74f02b7f4852ea8afdf518a07bb264480821da537d26d5fe7dffd5c62ca2f

Alerts:
  urlquery:
    - Phishing - DHL
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6667
Expires: Wed, 28 Sep 2022 22:35:03 GMT
Date: Wed, 28 Sep 2022 20:43:56 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6667
Expires: Wed, 28 Sep 2022 22:35:03 GMT
Date: Wed, 28 Sep 2022 20:43:56 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6667
Expires: Wed, 28 Sep 2022 22:35:03 GMT
Date: Wed, 28 Sep 2022 20:43:56 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6667
Expires: Wed, 28 Sep 2022 22:35:03 GMT
Date: Wed, 28 Sep 2022 20:43:56 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad593ee0-d404-46e3-b129-229e09b263b0.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12016
x-amzn-requestid: ec1b3715-5d0f-4045-aa5b-b70a55c81d72
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e3EtyIAMFdZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5e-201dd1ef1426a09965c68dab;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: pR4b1-lZZRMnWf-PdXFGXaHBCGAfOyp3AjeuCvtu5imWmf9N9l2wKQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:48:38 GMT
age: 82518
etag: "a54803cca7d3c509c195f65961e1110c8ec56f55"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12016
Md5:    4b794c6812cb546de0295e087ebe66a7
Sha1:   a54803cca7d3c509c195f65961e1110c8ec56f55
Sha256: 6a207f75eb3951f3dea5252bc8d185cd604d3d657f15b838774e8087e91f37f5
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0369629e-f44d-439f-a279-b5ae6ecc0cf1.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 14464
x-amzn-requestid: 5cbbafdb-3f69-4ee2-9e46-c1ff0ed4ef14
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPFiooAMFulA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-633a649700e040b91deadb64;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: cNryG5vkxZuFATZfcNW9Z1-0teUBWLRyWslX1onwYlDCQBUjU2xVdA==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:46:03 GMT
age: 82673
etag: "bc214d60be395d4cf753216ff8f9691c33d25e75"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   14464
Md5:    aa5cad224dbddd71881bd07255beb4da
Sha1:   bc214d60be395d4cf753216ff8f9691c33d25e75
Sha256: 82935e52aa59929a448d17a5a2d58fda86bb5c25bf6628a05bd904f82517dada
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ffa6dde-b51e-43f8-bfcb-3f442d674928.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8500
x-amzn-requestid: 626c21ec-f29b-4b69-b275-c22c864c2409
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3VmENnIAMFeTQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c23-75eccc381fbd6e5d4ff59c06;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Eyy8qoYVCJbt6b6hTGJ-rOrYex9RuX1InyZbpHkeu9yQqPUEvowKcw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:48:58 GMT
etag: "9c4692ea64832895fbd107d91f879728b6a440c7"
age: 82498
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8500
Md5:    6139c878a7d2bd32c61fc8287996eb5b
Sha1:   9c4692ea64832895fbd107d91f879728b6a440c7
Sha256: 3839df92f0a10c1433d5b576df50c9f7953912ae4f425012262f08ee8a59ce2e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F693de74c-173e-4d9b-8317-35601f30ffd7.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13299
x-amzn-requestid: 926df8b6-beec-470d-b0b3-33be326cd379
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPF8YIAMF3Nw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-343e91e735af43d01fc83ddd;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: fcxclGRP3zfWwb6opjYU2bL9VAq_mCSNjFtfp9iMLq6tbZu57EDqpQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:50:04 GMT
etag: "651600f2ef18cecc2e38370069bbb5e1d86f68e0"
age: 82432
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13299
Md5:    ad84ed0c5b2090df7996007514cf1984
Sha1:   651600f2ef18cecc2e38370069bbb5e1d86f68e0
Sha256: a3d0729e1d43afeadd2dd8273c858b8839d9e476f773c8ec9d96b5969a9e0b4a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13213
x-amzn-requestid: 09f8fee2-6830-4bec-af40-f2fb6547bc63
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFkreH5poAMFdxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321b16-0afbf5e01a013e6f0db53da1;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:35:18 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: CwkfEPDseHez7mArqwz8tmC3WHFwXAZF1OSColucaQ5vG2hvBIDWOg==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:39:01 GMT
age: 83095
etag: "3d4fa8701f17e8818c25584ef5f04bfbee8440cd"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13213
Md5:    62e68c3cd08dd94d910507512a67e85f
Sha1:   3d4fa8701f17e8818c25584ef5f04bfbee8440cd
Sha256: 058d798963f83f5fb88ab728185f755c5353fa981d93e1b6ff869089f501586b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9a3b058-92c9-490e-9cbb-736f7e46510d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7455
x-amzn-requestid: e99c9f33-b72a-4070-80cf-06fb4a87d1df
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZG4S6EcAoAMFX1A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6332a0df-04122b4a345dbc3f3918af98;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 07:06:07 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: yprErfM7s7P7jJPJT-HQZ2Z_AAN4946Tjwyn1g4r7yiA6IF0yLdQTQ==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 05:22:11 GMT
age: 55305
etag: "b383135e2ebc23fe80eb0d594b198cb8c89327a5"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7455
Md5:    ea3890e460356d6ecc3ba4e405ac2e9e
Sha1:   b383135e2ebc23fe80eb0d594b198cb8c89327a5
Sha256: 8fcff053ce6e5750136bf876bad5b2916935f13ea039912d977928b086f0a48b
                                        
                                            GET /vendor/sebastian/diff/bana/dist/dhl.css HTTP/1.1 
Host: gzybl13.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gzybl13.com/vendor/sebastian/diff/bana/292be75f17f04266fcefbb0f1dbad7fd/execution.html?validation=e1s1

                                         
                                         121.42.94.163
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Wed, 28 Sep 2022 20:43:55 GMT
Server: Apache
Last-Modified: Wed, 07 Sep 2022 22:05:59 GMT
ETag: "2421056-15b189-5e81d8492b0b5"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Keep-Alive: timeout=15, max=300
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (1148), with CRLF line terminators
Size:   314756
Md5:    91bb51af984823aa997a73805a14c17a
Sha1:   3e466647149a7c376f7df1fc9d921571eac24c9d
Sha256: 4ebc8985f17f3baf5683617c7854fd2132e952ca17ca83312685c7eb0e5d7c54
                                        
                                            GET /vendor/sebastian/diff/bana/dist/favicon.ico HTTP/1.1 
Host: gzybl13.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gzybl13.com/vendor/sebastian/diff/bana/292be75f17f04266fcefbb0f1dbad7fd/execution.html?validation=e1s1

                                         
                                         121.42.94.163
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Date: Wed, 28 Sep 2022 20:43:59 GMT
Server: Apache
Last-Modified: Wed, 07 Sep 2022 22:05:59 GMT
ETag: "242105c-47e-5e81d8492b49d"
Accept-Ranges: bytes
Content-Length: 1150
Vary: User-Agent
Keep-Alive: timeout=15, max=299
Connection: Keep-Alive


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size:   1150
Md5:    d8106bf3a1d00ab43b01e6e3c92500eb
Sha1:   202b5e8654ab1b28351378293bca3b9d844cc29b
Sha256: 9ada5709e264c31b04a05bd85448a9bd5e91925e8d83df5cef0762ec97cc283e
                                        
                                            GET /vendor/sebastian/diff/bana/dist/load.php HTTP/1.1 
Host: gzybl13.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://gzybl13.com/vendor/sebastian/diff/bana/292be75f17f04266fcefbb0f1dbad7fd/execution.html?validation=e1s1

                                         
                                         121.42.94.163
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Wed, 28 Sep 2022 20:43:59 GMT
Server: Apache
Vary: User-Agent,Accept-Encoding
Content-Encoding: gzip
Content-Length: 1096
Keep-Alive: timeout=15, max=298
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document, ASCII text, with CRLF line terminators
Size:   1096
Md5:    443278ad17f9fe35fcaf6044308d9762
Sha1:   0b1b47ec66fff41259da13c19283b366c6f39e29
Sha256: 0d2d38ee6854230889d7e258fff29e7878cd1407ca222fb4b859863579ab9507

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /vendor/sebastian/diff/bana/dist/DHL_head.html HTTP/1.1 
Host: gzybl13.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://gzybl13.com/vendor/sebastian/diff/bana/292be75f17f04266fcefbb0f1dbad7fd/execution.html?validation=e1s1

                                         
                                         121.42.94.163
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Wed, 28 Sep 2022 20:43:59 GMT
Server: Apache
Last-Modified: Wed, 07 Sep 2022 22:05:59 GMT
ETag: "2421058-2cb7-5e81d8492b0b5"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 3110
Keep-Alive: timeout=15, max=298
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (1836)
Size:   3110
Md5:    0f20c23d9a6f196d80806ed8f45a1034
Sha1:   d3ffb719f856333ac01886c8f9dacb2467c7df78
Sha256: 3e87d6aac316578b0c3ee6a1e4dcb51a03cf97146896e94a421c36da027f797f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /vendor/sebastian/diff/bana/dist/DHL_footer.html HTTP/1.1 
Host: gzybl13.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://gzybl13.com/vendor/sebastian/diff/bana/292be75f17f04266fcefbb0f1dbad7fd/execution.html?validation=e1s1

                                         
                                         121.42.94.163
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Wed, 28 Sep 2022 20:44:00 GMT
Server: Apache
Last-Modified: Wed, 07 Sep 2022 22:05:59 GMT
ETag: "2421057-3c2f-5e81d8492b0b5"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 6053
Keep-Alive: timeout=15, max=300
Connection: Keep-Alive


--- Additional Info ---
Magic:  exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (2591)
Size:   6053
Md5:    e45471c894fc4dac290da5a886d216b7
Sha1:   f064f191fd83000073053213acb364d0600b52aa
Sha256: aebdf87856c1666bd33d7b4135380b7a3593d11cada6d62682f5bf27790c04d8

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /country HTTP/1.1 
Host: ipinfo.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://gzybl13.com/
Origin: http://gzybl13.com
Connection: keep-alive

                                         
                                         34.117.59.81
HTTP/1.1 302 Found
content-type: text/plain; charset=utf-8
                                        
access-control-allow-origin: *
location: https://ipinfo.io/country
vary: Accept, Accept-Encoding
date: Wed, 28 Sep 2022 20:44:00 GMT
x-envoy-upstream-service-time: 1
strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: gzip
transfer-encoding: chunked
Via: 1.1 google


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   72
Md5:    b79f12127b13f3298b65130f55033eea
Sha1:   0c5df3d4734c5d754f78df4dd08f329ce38ab901
Sha256: 76d7f55bf215f2132f41391f47b4efd048f7c3b61db2b650e2a0a9b4a02d79f0
                                        
                                            GET /vendor/sebastian/diff/bana/dist/fonts/iconfont-e7bece496cd0e6d60e456bc2b48c9446.woff HTTP/1.1 
Host: gzybl13.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://gzybl13.com/vendor/sebastian/diff/bana/dist/dhl.css

                                         
                                         121.42.94.163
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Date: Wed, 28 Sep 2022 20:44:00 GMT
Server: Apache
Last-Modified: Wed, 07 Sep 2022 22:05:59 GMT
ETag: "2443064-2464-5e81d8492c43d"
Accept-Ranges: bytes
Content-Length: 9316
Vary: User-Agent
Keep-Alive: timeout=15, max=297
Connection: Keep-Alive


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 9316, version 1.0\012- data
Size:   9316
Md5:    9355df62a665ef9249036bbccad8c54c
Sha1:   6b7779a10187a1a7473f604fbe3db96350868c6a
Sha256: 6d051536af97fbd33fae0683a1b6ce3749757ab43c8ee8c89295755fd4595807

Alerts:
  urlquery:
    - Phishing - DHL
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /s/gts1d4/5QlTZKzjgCw HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 20:44:00 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /s/gts1d4/5QlTZKzjgCw HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 20:44:00 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /vendor/sebastian/diff/bana/dist/fonts/default-274a65bae9742377aaf010bb1a7de971.woff HTTP/1.1 
Host: gzybl13.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://gzybl13.com/vendor/sebastian/diff/bana/dist/dhl.css

                                         
                                         121.42.94.163
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Date: Wed, 28 Sep 2022 20:43:59 GMT
Server: Apache
Last-Modified: Wed, 07 Sep 2022 22:05:59 GMT
ETag: "2443059-a07c-5e81d8492bc6d"
Accept-Ranges: bytes
Content-Length: 41084
Vary: User-Agent
Keep-Alive: timeout=15, max=299
Connection: Keep-Alive


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 41084, version 1.66\012- data
Size:   41084
Md5:    03f859bf58e4d37841070de34be7d978
Sha1:   3436d4fa17e7ee470c3d62b08787cfa7de408408
Sha256: 5af5c3746b03792640b9cafdabddfb2c5407f72988e128541a88fa439607d940

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /vendor/sebastian/diff/bana/dist/fonts/default-815fcbb4d2c57901701125d768f09d67.woff HTTP/1.1 
Host: gzybl13.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://gzybl13.com/vendor/sebastian/diff/bana/dist/dhl.css

                                         
                                         121.42.94.163
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Date: Wed, 28 Sep 2022 20:44:00 GMT
Server: Apache
Last-Modified: Wed, 07 Sep 2022 22:05:59 GMT
ETag: "2443063-a170-5e81d8492c055"
Accept-Ranges: bytes
Content-Length: 41328
Vary: User-Agent
Keep-Alive: timeout=15, max=300
Connection: Keep-Alive


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 41328, version 1.66\012- data
Size:   41328
Md5:    e39bd2e2657ce5dd6f9c33df18529233
Sha1:   6db81ebb91bfa67cef8f2f870f03046150568799
Sha256: 19d0bda83ecbc986620468801adf000c77c3c38398650903c63fac8dcbac4383

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /vendor/sebastian/diff/bana/dist/fonts/default-3e828e80f6e985c352eba4474518978d.woff HTTP/1.1 
Host: gzybl13.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://gzybl13.com/vendor/sebastian/diff/bana/dist/dhl.css

                                         
                                         121.42.94.163
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Date: Wed, 28 Sep 2022 20:44:00 GMT
Server: Apache
Last-Modified: Wed, 07 Sep 2022 22:05:59 GMT
ETag: "2443061-ace4-5e81d8492c055"
Accept-Ranges: bytes
Content-Length: 44260
Vary: User-Agent
Keep-Alive: timeout=15, max=299
Connection: Keep-Alive


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 44260, version 1.66\012- data
Size:   44260
Md5:    4a350e02a03ac62e72e9ea575b31ce84
Sha1:   d47b03b96b6e7034a1473a293bb594e597a41dc2
Sha256: 87c40e3961e21f759770615ae67568a3de3ec6e0735f1238a6aae062f4ea15d5

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /vendor/sebastian/diff/bana/dist/DHL_track.html HTTP/1.1 
Host: gzybl13.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://gzybl13.com/vendor/sebastian/diff/bana/292be75f17f04266fcefbb0f1dbad7fd/execution.html?validation=e1s1

                                         
                                         121.42.94.163
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Wed, 28 Sep 2022 20:44:01 GMT
Server: Apache
Last-Modified: Wed, 07 Sep 2022 22:05:59 GMT
ETag: "242105b-1952-5e81d8492b49d"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 2376
Keep-Alive: timeout=15, max=298
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (356)
Size:   2376
Md5:    c53f5d4aa2db91c1ed65876d9abbafd8
Sha1:   5a9a36799ec58afb17711e9fcfbe61e8bbf8757a
Sha256: 809a2807c641ba62a321e81b256bd9b3f7cb89793c3a579f5c2f8388c3c61f7e

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /vendor/sebastian/diff/bana/dist/jquery.validate.min.js HTTP/1.1 
Host: gzybl13.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://gzybl13.com/vendor/sebastian/diff/bana/292be75f17f04266fcefbb0f1dbad7fd/execution.html?validation=e1s1

                                         
                                         121.42.94.163
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Wed, 28 Sep 2022 20:44:02 GMT
Server: Apache
Last-Modified: Wed, 07 Sep 2022 22:05:59 GMT
ETag: "2421065-5f38-5e81d8492cc0d"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 7815
Keep-Alive: timeout=15, max=297
Connection: Keep-Alive


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (24237)
Size:   7815
Md5:    733b253cf585468481e2a1d19b517fc2
Sha1:   bd1c201faf6ff53a44b19e2ef8f6a18b6a36141b
Sha256: d88829113f706278062864700f82a7b55756af1c0ba4be724122c78fe3fc37fe

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /npm/popper.js@1.16.1/dist/umd/popper.min.js HTTP/1.1 
Host: cdn.jsdelivr.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gzybl13.com/

                                         
                                         151.101.85.229
HTTP/1.1 301 Moved Permanently
                                        
Server: Varnish
Retry-After: 0
Location: https://cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js
Content-Length: 0
Accept-Ranges: bytes
Date: Wed, 28 Sep 2022 20:44:02 GMT
Connection: close
X-Served-By: cache-bma1651-BMA
X-Cache: HIT

                                        
                                            GET /npm/popper.js@1.16.1/dist/umd/popper.min.js HTTP/1.1 
Host: cdn.jsdelivr.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://gzybl13.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.85.229
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 1.16.1
x-jsd-version-type: version
etag: W/"52f1-MTeJyg4xtlR4TbuosPg/Nk+Gg7Q"
content-encoding: gzip
accept-ranges: bytes
date: Wed, 28 Sep 2022 20:44:02 GMT
age: 10688047
x-served-by: cache-fra19126-FRA, cache-bma1670-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 7503
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (21060)
Size:   7503
Md5:    1f61c1b15b25ba046056238766ff3a43
Sha1:   2b8db740e4e913e9dc87a6060dea2a6b17ad0ec8
Sha256: fe78a2c604b4757dd5d114e0efb7e74c8f4acfe840bf6b6c01517205744a7648
                                        
                                            POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 20:44:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "D3B63C95CA4D03BF5602611F1A67336D32CF0E9C"
Expires: Thu, 29 Sep 2022 07:00:00 GMT
Last-Modified: Wed, 28 Sep 2022 19:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 3584
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 751f50919d9ab4ed-OSL


--- Additional Info ---
Magic:  data
Size:   1462
Md5:    9a5f40134eef38301c9ec6c42e3e9f88
Sha1:   233d49b11a88c322a50988ed95844fc7b6250e04
Sha256: 5d82f5c50b017aa273529ea0eb55348e5a11a7705cebda6d8e4935eb306d13a5
                                        
                                            GET /vendor/sebastian/diff/bana/dist/langpack/en.json HTTP/1.1 
Host: gzybl13.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://gzybl13.com/vendor/sebastian/diff/bana/292be75f17f04266fcefbb0f1dbad7fd/execution.html?validation=e1s1

                                         
                                         121.42.94.163
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Date: Wed, 28 Sep 2022 20:44:02 GMT
Server: Apache
Last-Modified: Wed, 07 Sep 2022 22:05:59 GMT
ETag: "24600f3-202-5e81d8492dbad"
Accept-Ranges: bytes
Content-Length: 514
Vary: User-Agent
Keep-Alive: timeout=15, max=299
Connection: Keep-Alive


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   514
Md5:    e5111c3d242107acc93f71f9c9182079
Sha1:   c648da6b0a6c4f9b89dbee1027cf9a7be36217ca
Sha256: 86f9abd216bc64ead1404975e2b6132aebc42ebd106e5be0f660b7e5852051a3

Alerts:
  urlquery:
    - Phishing - DHL
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /vendor/sebastian/diff/bana/dist/langpack/en.json HTTP/1.1 
Host: gzybl13.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://gzybl13.com/vendor/sebastian/diff/bana/292be75f17f04266fcefbb0f1dbad7fd/execution.html?validation=e1s1

                                         
                                         121.42.94.163
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Date: Wed, 28 Sep 2022 20:44:02 GMT
Server: Apache
Last-Modified: Wed, 07 Sep 2022 22:05:59 GMT
ETag: "24600f3-202-5e81d8492dbad"
Accept-Ranges: bytes
Content-Length: 514
Vary: User-Agent
Keep-Alive: timeout=15, max=296
Connection: Keep-Alive


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   514
Md5:    e5111c3d242107acc93f71f9c9182079
Sha1:   c648da6b0a6c4f9b89dbee1027cf9a7be36217ca
Sha256: 86f9abd216bc64ead1404975e2b6132aebc42ebd106e5be0f660b7e5852051a3

Alerts:
  urlquery:
    - Phishing - DHL
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /vendor/sebastian/diff/bana/dist/fonts/default-5a6dd86f272b304a8b83f7df61f11c2f.woff HTTP/1.1 
Host: gzybl13.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://gzybl13.com/vendor/sebastian/diff/bana/dist/dhl.css

                                         
                                         121.42.94.163
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Date: Wed, 28 Sep 2022 20:44:02 GMT
Server: Apache
Last-Modified: Wed, 07 Sep 2022 22:05:59 GMT
ETag: "2443062-a188-5e81d8492c055"
Accept-Ranges: bytes
Content-Length: 41352
Vary: User-Agent
Keep-Alive: timeout=15, max=298
Connection: Keep-Alive


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 41352, version 1.66\012- data
Size:   41352
Md5:    4e23ecf085132857bdb54b4da7373151
Sha1:   a50215c22a591536b21e509100d1707c6886ffd6
Sha256: b033eff45e6e8ecd5c5bccd8ef9a96c4dc37325adc64c5aed8b1d909b24c4eb4

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /country HTTP/1.1 
Host: ipinfo.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: http://gzybl13.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.59.81
HTTP/2 429 Too Many Requests
content-type: application/json; charset=utf-8
                                        
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
date: Wed, 28 Sep 2022 20:44:00 GMT
x-envoy-upstream-service-time: 2
strict-transport-security: max-age=2592000; includeSubDomains
vary: Accept-Encoding
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---