Report - www.fortgift.com/survey/44472/source=10-908/subid=10/nrp=7b5ce34fca2946469114cd14dbd412d9

Report Overview

Submitted URL
www.fortgift.com/survey/44472/source=10-908/subid=10/nrp=7b5ce34fca2946469114cd14dbd412d9
IP
104.21.43.29
ASN
#13335 CLOUDFLARENET
Submitted
2022-09-05 07:09:12
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
32

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	3.5 kB	142.250.74.3
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	689 B	1.6 kB	142.250.74.10
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	26 kB	142.250.74.163
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	49 kB	34.120.237.76
your-choice-center.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	354 B	730 B	104.21.90.72
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.25
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.76.226
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
www.fortgift.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	11 kB	296 kB	104.21.43.29
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	35.162.35.244
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-09-05	medium	fortgift.com	Sinkholed
2022-09-05	medium	fortgift.com	Sinkholed
2022-09-05	medium	fortgift.com	Sinkholed
2022-09-05	medium	fortgift.com	Sinkholed
2022-09-05	medium	fortgift.com	Sinkholed
2022-09-05	medium	fortgift.com	Sinkholed
2022-09-05	medium	fortgift.com	Sinkholed
2022-09-05	medium	fortgift.com	Sinkholed
2022-09-05	medium	fortgift.com	Sinkholed
2022-09-05	medium	fortgift.com	Sinkholed
2022-09-05	medium	fortgift.com	Sinkholed
2022-09-05	medium	fortgift.com	Sinkholed
2022-09-05	medium	fortgift.com	Sinkholed
2022-09-05	medium	fortgift.com	Sinkholed
2022-09-05	medium	fortgift.com	Sinkholed
2022-09-05	medium	your-choice-center.com	Sinkholed

JavaScript (9)

	URL	Size	First Seen	Last Seen
	www.fortgift.com/js/plugins/base64decode/webtoolkit.base64.js	3.4 kB	2023-03-07	2023-03-17
Pretty URL www.fortgift.com/js/plugins/base64decode/webtoolkit.base64.js IP 104.21.43.29 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:17:14 Last Seen2023-03-17 10:34:54 Times Seen1 Hash 7a815c162a878cdf4b442718f411aab5 43eb218f675225a9291b7cd656d2af49b542f965 bf105e00754ed199cca74149ffcaae97684c72eee00602223f918efdd96cc45f Loading...

	your-choice-center.com/embed.js	23 kB	2023-03-07	2024-01-23
Pretty URL your-choice-center.com/embed.js IP 104.21.90.72 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:17:14 Last Seen2024-01-23 22:39:21 Times Seen163 Hash c4c90cc996e9a9a80197430353cdf76c 24c1b242a40959d16c4f6b94532790f948a872c4 6575b6aa7cd10f1ea8d43bc8577c45afd3964d1d423c79c7c77d0dbf4ad136d3 Loading...

	www.fortgift.com/survey/44472/source=10-908/subid=10/nrp=7b5ce34fca2946469114cd14dbd412d9	9.0 kB	2023-03-07	2023-03-07
Pretty URL www.fortgift.com/survey/44472/source=10-908/subid=10/nrp=7b5ce34fca2946469114cd14dbd412d9 IP 104.21.43.29 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:42:36 Last Seen2023-03-07 12:42:36 Times Seen1 Hash f0287e05322057700ccbb1751dbf62a7 880146929eb25887a4c77679c53ba888ee1c74f9 40c4d8059c2e4b69a577ad9e774e6c062e2a5e6921304223f552a4e51c1b4ed6 Loading...

	unknown	0 B	2023-03-07	2024-04-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-19 00:08:05 Times Seen36949654 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.fortgift.com/js/plugins/jqueryCookie/jquery.cookie.js	3.1 kB	2023-03-07	2024-04-18
Pretty URL www.fortgift.com/js/plugins/jqueryCookie/jquery.cookie.js IP 104.21.43.29 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:39 Last Seen2024-04-18 14:07:34 Times Seen9095 Hash d5528dde0006c78be04817327c2f9b6f 31e1bcc4cf805a2c2fee21f48ded1e598f64a2a8 b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8 Loading...

	www.fortgift.com/custom_js/currency_cnd2.js	1.5 kB	2023-03-07	2023-03-17
Pretty URL www.fortgift.com/custom_js/currency_cnd2.js IP 104.21.43.29 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:17:14 Last Seen2023-03-17 10:34:54 Times Seen1 Hash a290376f27e20a1bcd95cd6f9b49aa1e 47bff7df4674306c2716b6798a8b80f6587c9137 d7793635b3a67ad46bb0f738f17326d1d4de4ef3e9a2a2ee4ac4e318a77dabd0 Loading...

	www.fortgift.com/survey/44472/source=10-908/subid=10/nrp=7b5ce34fca2946469114cd14dbd412d9	233 B	2023-03-07	2023-03-07
Pretty URL www.fortgift.com/survey/44472/source=10-908/subid=10/nrp=7b5ce34fca2946469114cd14dbd412d9 IP 104.21.43.29 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:42:36 Last Seen2023-03-07 14:26:39 Times Seen1 Hash 862c217a8943ed5abf2dad81a1adab66 b0737c5c64a0c741d8fef4513a07bde507933d17 88b9f160ca79cfdb59d67c2afdfedf4e54fd78fef9cbbbf0216c0152590fed28 Loading...

	www.fortgift.com/survey/44472/source=10-908/subid=10/nrp=7b5ce34fca2946469114cd14dbd412d9	43 B	2023-03-07	2023-03-07
Pretty URL www.fortgift.com/survey/44472/source=10-908/subid=10/nrp=7b5ce34fca2946469114cd14dbd412d9 IP 104.21.43.29 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:42:36 Last Seen2023-03-07 12:42:36 Times Seen1 Hash 85c120aa34a93b5714a9296a106a000f cd412544f93242fce148bbfbb4704a82d631b23b 59b0daac8e3d5b840457071b0a9a08090e034ca73b98a0d626c68c7f2dedbc08 Loading...

	www.fortgift.com/survey/44472/source=10-908/subid=10/nrp=7b5ce34fca2946469114cd14dbd412d9	24 B	2023-03-07	2023-03-17
Pretty URL www.fortgift.com/survey/44472/source=10-908/subid=10/nrp=7b5ce34fca2946469114cd14dbd412d9 IP 104.21.43.29 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:17:15 Last Seen2023-03-17 10:34:54 Times Seen1 Hash e9b9d4977dbfa6cba84c65c9a7884c43 1d136a0af92f45cb2031a1b71bcd2e9055a0bb50 f8ac099fe5ded26c3c67f0d5d7742bb8130f428c07586c79c29b40d36485799d Loading...

HTTP Transactions (44)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

143.204.55.35

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 05 Sep 2022 06:43:57 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 0mQnQTrtgBQUeTAYUuLdN0J8pqRRDdaff8DARzpXSSV_C92nmrdi4A==
Age: 1504

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d931e0142ef5ffe9cdb4c4c6bfcb9bc9
d9c4caf525e8926b042a14f38d374cc4033ed768
f610984fb0a75b3a31424faa860cbc8172c7f21804df1dc14fbb685b7c456f29

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F610984FB0A75B3A31424FAA860CBC8172C7F21804DF1DC14FBB685B7C456F29"
Last-Modified: Sat, 03 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17644
Expires: Mon, 05 Sep 2022 12:03:05 GMT
Date: Mon, 05 Sep 2022 07:09:01 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.25

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.25:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 05 Sep 2022 01:15:19 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: LyZotoASbdHh9J2bhf3VUs3QhvCrKyzR4Ty_PO1rFoOk0whp-3s66A==
age: 21224
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 07:09:01 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

www.fortgift.com/survey/44472/source=10-908/subid=10/nrp=7b5ce34fca2946469114cd14dbd412d9

104.21.43.29

200 OK

5.5 kB

URL HTTP/1.1
www.fortgift.com/survey/44472/source=10-908/subid=10/nrp=7b5ce34fca2946469114cd14dbd412d9
IP
104.21.43.29:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1817), with CRLF, LF line terminators
Size
5.5 kB (5470 bytes)
Hash
4c8bbd1ddced357d4a37fbcecc20afc8
9274c5d236b0151230e083bdfe1711a293f9e95e
a387c72e2b52ff776acb95c89e1e9f31637465086bf23cd090d57680186bb386

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /survey/44472/source=10-908/subid=10/nrp=7b5ce34fca2946469114cd14dbd412d9 HTTP/1.1
Host: www.fortgift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Mon, 05 Sep 2022 07:09:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache
Set-Cookie: laravel_session=eyJpdiI6InpFcjdEYWFTVUdOd2o4MGozc0R2TkE9PSIsInZhbHVlIjoiWHdJVUFLVFwvM1JPSmNoUlhEU1ZJZjRlMjRMUk1oUmtocmhSYlFKZXYwUlNcL2M1ZkVSUUxBaXl0czZ1VnhiY1dzZlNBZHV4UHJVS1VxM3M4VFVKaGN6dz09IiwibWFjIjoiNjY4NGNkOGFjMjI4ZjM3ZWExMWIxZWY5OWU0NzE1NWJhOTBjNzc3M2E2YWRiZTljYjM0MzI4MTRhNTM5NjQyYyJ9; expires=Mon, 12-Sep-2022 05:48:02 GMT; Max-Age=599940; path=/; httponly
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jpZ3JwDjAtJF9aLd9ZGonEx9GpCW19IVKMOWBGbrLsC6iF2%2BXB8kdTyq40u%2BJ3u7mRheblb4AnE9v5%2FHBf81cTT1ihaUGFgFiXWD7De4xtf%2B9qUJ4Wox%2FYlJ5SaTCSb2hBob"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 745d2314fd69b512-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.35

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Mon, 05 Sep 2022 06:38:16 GMT
Cache-Control: max-age=3600
Expires: Mon, 05 Sep 2022 07:15:16 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 2UScprVC4Ngow_rfqaUVqWceXbquQE9xnne3jNAhke1ImI589XsrZw==
Age: 1846

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
a73c40e0fed317f31e35a24d5b5e2d0d
fb19e9d403e37956762ebb527260576860161872
4a38f2cc8997dada402e2cce06bbd8776cbad2075b00696d00efa59ad5388644

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 07:09:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.fortgift.com/js/plugins/base64decode/webtoolkit.base64.js

104.21.43.29

200 OK

1.1 kB

URL HTTP/1.1
www.fortgift.com/js/plugins/base64decode/webtoolkit.base64.js
IP
104.21.43.29:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
1.1 kB (1084 bytes)
Hash
54cf5258f60909c053784b5a5190d0e9
45e44c232d3011fedd8f3b6dd6a08771e3619727
8f24e122c8e501d5848884b7f9f7bd037d530565118acd5dfafe8490349b64e4

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /js/plugins/base64decode/webtoolkit.base64.js HTTP/1.1
Host: www.fortgift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.fortgift.com/survey/44472/source=10-908/subid=10/nrp=7b5ce34fca2946469114cd14dbd412d9
Cookie: laravel_session=eyJpdiI6InpFcjdEYWFTVUdOd2o4MGozc0R2TkE9PSIsInZhbHVlIjoiWHdJVUFLVFwvM1JPSmNoUlhEU1ZJZjRlMjRMUk1oUmtocmhSYlFKZXYwUlNcL2M1ZkVSUUxBaXl0czZ1VnhiY1dzZlNBZHV4UHJVS1VxM3M4VFVKaGN6dz09IiwibWFjIjoiNjY4NGNkOGFjMjI4ZjM3ZWExMWIxZWY5OWU0NzE1NWJhOTBjNzc3M2E2YWRiZTljYjM0MzI4MTRhNTM5NjQyYyJ9

HTTP/1.1 200 OK
Date: Mon, 05 Sep 2022 07:09:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 19 Jun 2020 11:41:06 GMT
Vary: Accept-Encoding
ETag: W/"5eeca452-d67"
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KnVNqhZZEkSBtKRTecFmw03c6gxbNL5wDZVY4Kdk%2FKUqYinuaRHUjgRtQQK2WuPetcAi7UVVUUUwpco1WRuwvmwykmN%2FUB9xmHe8wWVk3sX258056Z2XuY3X79VznAarI2he"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 745d23197cacb512-OSL
alt-svc: h2=":443"; ma=60

www.fortgift.com/assets/font-awesome/css/font-awesome.min.css

104.21.43.29

200 OK

7.9 kB

URL HTTP/1.1
www.fortgift.com/assets/font-awesome/css/font-awesome.min.css
IP
104.21.43.29:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (30837)
Size
7.9 kB (7949 bytes)
Hash
103f21b72014a566bb04f62aa8162a5c
0901754088a97f071b312c4cafcb3ab379d925f7
1fe16cbb06573d874d9d143f536623d7db5688ed4e86d7fe3889a52b7dae3f2b

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /assets/font-awesome/css/font-awesome.min.css HTTP/1.1
Host: www.fortgift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.fortgift.com/survey/44472/source=10-908/subid=10/nrp=7b5ce34fca2946469114cd14dbd412d9
Cookie: laravel_session=eyJpdiI6InpFcjdEYWFTVUdOd2o4MGozc0R2TkE9PSIsInZhbHVlIjoiWHdJVUFLVFwvM1JPSmNoUlhEU1ZJZjRlMjRMUk1oUmtocmhSYlFKZXYwUlNcL2M1ZkVSUUxBaXl0czZ1VnhiY1dzZlNBZHV4UHJVS1VxM3M4VFVKaGN6dz09IiwibWFjIjoiNjY4NGNkOGFjMjI4ZjM3ZWExMWIxZWY5OWU0NzE1NWJhOTBjNzc3M2E2YWRiZTljYjM0MzI4MTRhNTM5NjQyYyJ9

HTTP/1.1 200 OK
Date: Mon, 05 Sep 2022 07:09:02 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 16 Oct 2017 10:55:51 GMT
Vary: Accept-Encoding
ETag: W/"59e49037-7918"
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5hTH8e9Y2y55FfkVCdUVhJW5jRprbahbWl%2FKWh7VxcXhz%2B24jl3EK31warTnvky7TR54hONt2zusYiiUcEKMpe3EqJRbQgUNgPsPc4%2FPrCPv4uU87Eo%2BQNpRXRxZPPLtpy8A"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 745d231988740b39-OSL
alt-svc: h2=":443"; ma=60

www.fortgift.com/js/plugins/jqueryCookie/jquery.cookie.js

104.21.43.29

200 OK

1.4 kB

URL HTTP/1.1
www.fortgift.com/js/plugins/jqueryCookie/jquery.cookie.js
IP
104.21.43.29:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
1.4 kB (1448 bytes)
Hash
df9bc2ca94581a9f0d4778857f2dd204
c3bc1c54c929e4682371a6612c46025346fb04b4
2660c68222b1a6bf81d0cb331e601fdd2fdd8c304603b11f72a6fbd31fc5e8be

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /js/plugins/jqueryCookie/jquery.cookie.js HTTP/1.1
Host: www.fortgift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.fortgift.com/survey/44472/source=10-908/subid=10/nrp=7b5ce34fca2946469114cd14dbd412d9
Cookie: laravel_session=eyJpdiI6InpFcjdEYWFTVUdOd2o4MGozc0R2TkE9PSIsInZhbHVlIjoiWHdJVUFLVFwvM1JPSmNoUlhEU1ZJZjRlMjRMUk1oUmtocmhSYlFKZXYwUlNcL2M1ZkVSUUxBaXl0czZ1VnhiY1dzZlNBZHV4UHJVS1VxM3M4VFVKaGN6dz09IiwibWFjIjoiNjY4NGNkOGFjMjI4ZjM3ZWExMWIxZWY5OWU0NzE1NWJhOTBjNzc3M2E2YWRiZTljYjM0MzI4MTRhNTM5NjQyYyJ9

HTTP/1.1 200 OK
Date: Mon, 05 Sep 2022 07:09:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 14 Jun 2017 09:55:44 GMT
Vary: Accept-Encoding
ETag: W/"59410820-c31"
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JsTHvA5aQaA8GuoHlUKCqqlvjxKmACjCZjegUU0v7YnweapsqoYPleTzVFmCJkfApFsSnAIqn%2B996etehvjgkQUR8bEvRQ2%2BtKRXsd3yX6ZNH3%2BgqSyYa%2FyM8KYX1WT22pGM"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 745d231988790b39-OSL
alt-svc: h2=":443"; ma=60

www.fortgift.com/css/backend.css

104.21.43.29

200 OK

729 B

URL HTTP/1.1
www.fortgift.com/css/backend.css
IP
104.21.43.29:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
729 B (729 bytes)
Hash
512485967b9476e8ac57df9cba5e160e
907cc60d8f308d523ce31a4876a690184123e8bb
dd4c95b8ac49f56fb3e5acc7f31d8d58abf9997b10cfb20b536c847ae6d6e2cd

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /css/backend.css HTTP/1.1
Host: www.fortgift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.fortgift.com/survey/44472/source=10-908/subid=10/nrp=7b5ce34fca2946469114cd14dbd412d9
Cookie: laravel_session=eyJpdiI6InpFcjdEYWFTVUdOd2o4MGozc0R2TkE9PSIsInZhbHVlIjoiWHdJVUFLVFwvM1JPSmNoUlhEU1ZJZjRlMjRMUk1oUmtocmhSYlFKZXYwUlNcL2M1ZkVSUUxBaXl0czZ1VnhiY1dzZlNBZHV4UHJVS1VxM3M4VFVKaGN6dz09IiwibWFjIjoiNjY4NGNkOGFjMjI4ZjM3ZWExMWIxZWY5OWU0NzE1NWJhOTBjNzc3M2E2YWRiZTljYjM0MzI4MTRhNTM5NjQyYyJ9

HTTP/1.1 200 OK
Date: Mon, 05 Sep 2022 07:09:02 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 14 Jun 2017 10:13:06 GMT
Vary: Accept-Encoding
ETag: W/"59410c32-8ab"
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pRnF8yUMvIwT%2BD6fkzmo9yJ0fni%2Bd4r9C10zokcVBMFD0uOZ11GRhCnuKJxMMgj7SFNlGS0mXecPm2LwDbjQCvAqkrIDLA2rvZh1xGxgf%2BDrN7Q4Kw4%2Fw5lhOsmZWbSC7tCB"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 745d23198803b506-OSL
alt-svc: h2=":443"; ma=60

www.fortgift.com/css/tpl_css/track_trace_v2/track_trace_v2.css

104.21.43.29

200 OK

7.9 kB

URL HTTP/1.1
www.fortgift.com/css/tpl_css/track_trace_v2/track_trace_v2.css
IP
104.21.43.29:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text
Size
7.9 kB (7913 bytes)
Hash
e0fd1a10516342e09a9faf8058c7c213
78eefdfd07d8fabaff6120fbb6d8c54bfe770025
4bb0ade002030464270e80f8343b4c0d35fed9e1dd31fb12d4a13ed5bee33934

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /css/tpl_css/track_trace_v2/track_trace_v2.css HTTP/1.1
Host: www.fortgift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.fortgift.com/survey/44472/source=10-908/subid=10/nrp=7b5ce34fca2946469114cd14dbd412d9
Cookie: laravel_session=eyJpdiI6InpFcjdEYWFTVUdOd2o4MGozc0R2TkE9PSIsInZhbHVlIjoiWHdJVUFLVFwvM1JPSmNoUlhEU1ZJZjRlMjRMUk1oUmtocmhSYlFKZXYwUlNcL2M1ZkVSUUxBaXl0czZ1VnhiY1dzZlNBZHV4UHJVS1VxM3M4VFVKaGN6dz09IiwibWFjIjoiNjY4NGNkOGFjMjI4ZjM3ZWExMWIxZWY5OWU0NzE1NWJhOTBjNzc3M2E2YWRiZTljYjM0MzI4MTRhNTM5NjQyYyJ9

HTTP/1.1 200 OK
Date: Mon, 05 Sep 2022 07:09:02 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 25 Jun 2019 10:25:18 GMT
Vary: Accept-Encoding
ETag: W/"5d11f68e-825a"
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OtYyLTXL5THfHj3q%2FMaEirv8hDAvQq%2BVljMEN5ZSGWqaDElL%2BSnIiFL7B9IOPbZx%2Fyuej0OsAgC5prkD48gUQf%2BlduT%2FVnw6Dx%2FrkUJRPBV3iRkoyP1JW5C9LQljyzDOdSr2"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 745d23198ab8fac8-OSL
alt-svc: h2=":443"; ma=60

fonts.googleapis.com/css?family=Lato:700

142.250.74.10

200 OK

332 B

URL HTTP/1.1
fonts.googleapis.com/css?family=Lato:700
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
332 B (332 bytes)
Hash
9cc27774596fed247a4eae0a8cbb6d40
97d03a65398a1481cb1b30e046d836efe8c5e484
a4b03bf467e90bdb0b1e94ec59d655a889952d39129678ca37b92d4c38d47eb0

HTTP Headers

GET /css?family=Lato:700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.fortgift.com/

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Mon, 05 Sep 2022 07:09:02 GMT
Date: Mon, 05 Sep 2022 07:09:02 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff

www.fortgift.com/custom_js/currency_cnd2.js

104.21.43.29

200 OK

521 B

URL HTTP/1.1
www.fortgift.com/custom_js/currency_cnd2.js
IP
104.21.43.29:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
521 B (521 bytes)
Hash
6fdf507ab6734c9639dc0eb8ae39aaa1
da6da50ffd83ad9daf904427639fb8d59bf9c428
db21cf31808932d16659346639644d8d03c5aeca9de0dab60701c141d0801025

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /custom_js/currency_cnd2.js HTTP/1.1
Host: www.fortgift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.fortgift.com/survey/44472/source=10-908/subid=10/nrp=7b5ce34fca2946469114cd14dbd412d9
Cookie: laravel_session=eyJpdiI6InpFcjdEYWFTVUdOd2o4MGozc0R2TkE9PSIsInZhbHVlIjoiWHdJVUFLVFwvM1JPSmNoUlhEU1ZJZjRlMjRMUk1oUmtocmhSYlFKZXYwUlNcL2M1ZkVSUUxBaXl0czZ1VnhiY1dzZlNBZHV4UHJVS1VxM3M4VFVKaGN6dz09IiwibWFjIjoiNjY4NGNkOGFjMjI4ZjM3ZWExMWIxZWY5OWU0NzE1NWJhOTBjNzc3M2E2YWRiZTljYjM0MzI4MTRhNTM5NjQyYyJ9

HTTP/1.1 200 OK
Date: Mon, 05 Sep 2022 07:09:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 14 Jun 2017 10:12:22 GMT
Vary: Accept-Encoding
ETag: W/"59410c06-5f4"
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cOwbTzkcWMuBmJPLVFUIucvujKmI11ODTzVJpvNEhCyXMjJ9vQhJr%2BcDaTbk9RpbBz58S4TeOSFmP%2BHvgdindpeN2lHxNAiKqFNOYF83uZld2st%2FIdhEwm5Yn382cmhhnumm"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 745d231a1d73b512-OSL
alt-svc: h2=":443"; ma=60

www.fortgift.com/js/jquery.js

104.21.43.29

200 OK

104 kB

URL HTTP/1.1
www.fortgift.com/js/jquery.js
IP
104.21.43.29:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
104 kB (103527 bytes)
Hash
64d51a91842027c9b0fa6d320c76e0e9
cb8f4124034b10289daf906b446ad78a4f0d7145
5d3429fe9a31d9435a4457fab6931d7f16308afebf8b39baad4306c536b05892

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /js/jquery.js HTTP/1.1
Host: www.fortgift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.fortgift.com/survey/44472/source=10-908/subid=10/nrp=7b5ce34fca2946469114cd14dbd412d9
Cookie: laravel_session=eyJpdiI6InpFcjdEYWFTVUdOd2o4MGozc0R2TkE9PSIsInZhbHVlIjoiWHdJVUFLVFwvM1JPSmNoUlhEU1ZJZjRlMjRMUk1oUmtocmhSYlFKZXYwUlNcL2M1ZkVSUUxBaXl0czZ1VnhiY1dzZlNBZHV4UHJVS1VxM3M4VFVKaGN6dz09IiwibWFjIjoiNjY4NGNkOGFjMjI4ZjM3ZWExMWIxZWY5OWU0NzE1NWJhOTBjNzc3M2E2YWRiZTljYjM0MzI4MTRhNTM5NjQyYyJ9

HTTP/1.1 200 OK
Date: Mon, 05 Sep 2022 07:09:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 14 Jun 2017 09:51:56 GMT
Vary: Accept-Encoding
ETag: W/"5941073c-456ea"
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fFci0TdV8vC5Uei0tRGRX%2Fp6hImlsaAzqnQC%2FNxWUKlsN%2FyheDJ0cUNMc9r72bklHHO9xue%2BOK4GRyWF4lcLxCJML33kL83nlYrh6Keb2EHsmMzthm4h6n%2FzN6nXXBHk9zch"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 745d2319898eb517-OSL
alt-svc: h2=":443"; ma=60

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
77d035f38a45e8a1ec30d5fe9611880b
01cf34de95257da64dac90edf5a86203f1160271
7dc687d6bb1679ba5567e58b4f8c1e78766e7ee36273ba7f62068c595d57f7f3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1389
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 07:09:02 GMT
Last-Modified: Mon, 05 Sep 2022 06:45:53 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

www.fortgift.com/uploads/20220715095536_3753223535eb92fffd4c731f719079c4.png

104.21.43.29

200 OK

18 kB

URL HTTP/1.1
www.fortgift.com/uploads/20220715095536_3753223535eb92fffd4c731f719079c4.png
IP
104.21.43.29:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 200 x 133, 8-bit colormap, non-interlaced\012- data
Size
18 kB (17622 bytes)
Hash
9a1060928c4c80bc3c817af01e939040
ec60717eda3540eb60ea24f1fba11e6e1e93cb01
3b19eeb21d7fbd9b8b260e57c2d9198f83732339a9e3cbd5d2264f77e722df26

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /uploads/20220715095536_3753223535eb92fffd4c731f719079c4.png HTTP/1.1
Host: www.fortgift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.fortgift.com/survey/44472/source=10-908/subid=10/nrp=7b5ce34fca2946469114cd14dbd412d9
Cookie: laravel_session=eyJpdiI6InpFcjdEYWFTVUdOd2o4MGozc0R2TkE9PSIsInZhbHVlIjoiWHdJVUFLVFwvM1JPSmNoUlhEU1ZJZjRlMjRMUk1oUmtocmhSYlFKZXYwUlNcL2M1ZkVSUUxBaXl0czZ1VnhiY1dzZlNBZHV4UHJVS1VxM3M4VFVKaGN6dz09IiwibWFjIjoiNjY4NGNkOGFjMjI4ZjM3ZWExMWIxZWY5OWU0NzE1NWJhOTBjNzc3M2E2YWRiZTljYjM0MzI4MTRhNTM5NjQyYyJ9

HTTP/1.1 200 OK
Date: Mon, 05 Sep 2022 07:09:02 GMT
Content-Type: image/png
Content-Length: 17622
Connection: keep-alive
Last-Modified: Fri, 15 Jul 2022 07:55:36 GMT
ETag: "62d11d78-44d6"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FHpLW3blmgXfyHBt1End5lqvutjUk5TYHjXCM7JLu6nGdSK43%2BOei1Qu4WLXl0fR%2FP9yi1ym6n%2Bcdlv9rwBgaFIWg5%2BVmQTkO7Sa77wzhjqHTQ5s8h117MxLcltyAxrv2FHk"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 745d231acbc8fac8-OSL
alt-svc: h2=":443"; ma=60

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
3958546039b436bd448017432b45c949
45aadab2339c0718b57200a1b2849073c04f08f5
903f9b9e0ccec46513fb56991790db64f79dd2548f6240c4905cf9f19bdaa783

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 07:09:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

142.250.74.163

200 OK

8.0 kB

URL HTTP/2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 8000, version 1.0\012- data
Size
8.0 kB (8000 bytes)
Hash
72993dddf88a63e8f226656f7de88e57
179f97ec0275f09603a8db94d4380eb584d81cd5
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

HTTP Headers

GET /s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.fortgift.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8000
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:30:59 GMT
expires: Thu, 31 Aug 2023 19:30:59 GMT
cache-control: public, max-age=31536000
age: 387483
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
3958546039b436bd448017432b45c949
45aadab2339c0718b57200a1b2849073c04f08f5
903f9b9e0ccec46513fb56991790db64f79dd2548f6240c4905cf9f19bdaa783

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 07:09:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
3958546039b436bd448017432b45c949
45aadab2339c0718b57200a1b2849073c04f08f5
903f9b9e0ccec46513fb56991790db64f79dd2548f6240c4905cf9f19bdaa783

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 07:09:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

142.250.74.163

200 OK

7.9 kB

URL HTTP/2
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Size
7.9 kB (7884 bytes)
Hash
9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

HTTP Headers

GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.fortgift.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:32:09 GMT
expires: Thu, 31 Aug 2023 19:32:09 GMT
cache-control: public, max-age=31536000
age: 387413
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

142.250.74.163

200 OK

7.7 kB

URL HTTP/2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 7748, version 1.0\012- data
Size
7.7 kB (7748 bytes)
Hash
a09f2fccfee35b7247b08a1a266f0328
0da2d17e738f46d2a09e6fb7969da451719a9820
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

HTTP Headers

GET /s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.fortgift.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7748
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:30:59 GMT
expires: Thu, 31 Aug 2023 19:30:59 GMT
cache-control: public, max-age=31536000
age: 387483
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.fortgift.com/img/track_trace_v2/icons.svg

104.21.43.29

200 OK

2.4 kB

URL HTTP/1.1
www.fortgift.com/img/track_trace_v2/icons.svg
IP
104.21.43.29:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1709)
Size
2.4 kB (2442 bytes)
Hash
79f1ad76e914485e430e1ccc99de35bb
9177c780e021783b35a9bf042e270cd0ee2d8695
a8535540533a4ce82b08367042df5ed004331fa10f5dc9db10b601be0159060b

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /img/track_trace_v2/icons.svg HTTP/1.1
Host: www.fortgift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.fortgift.com/survey/44472/source=10-908/subid=10/nrp=7b5ce34fca2946469114cd14dbd412d9
Cookie: laravel_session=eyJpdiI6InpFcjdEYWFTVUdOd2o4MGozc0R2TkE9PSIsInZhbHVlIjoiWHdJVUFLVFwvM1JPSmNoUlhEU1ZJZjRlMjRMUk1oUmtocmhSYlFKZXYwUlNcL2M1ZkVSUUxBaXl0czZ1VnhiY1dzZlNBZHV4UHJVS1VxM3M4VFVKaGN6dz09IiwibWFjIjoiNjY4NGNkOGFjMjI4ZjM3ZWExMWIxZWY5OWU0NzE1NWJhOTBjNzc3M2E2YWRiZTljYjM0MzI4MTRhNTM5NjQyYyJ9

HTTP/1.1 200 OK
Date: Mon, 05 Sep 2022 07:09:02 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 18 Jun 2019 10:45:08 GMT
Vary: Accept-Encoding
ETag: W/"5d08c0b4-1a9c"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I8RHZWZ8lZwom0wQIZhFsdJmZWq0QBZftQPMbrOCiob8iZH3fRlKBIq3Wau5d5Q%2BJMbLfGXRi0FilbbHuvYHaBXL3Uzl37Zk%2BKYt7qHF7ekUUSuYIxzhlmlejX0jzGrHFg2P"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 745d231b5c31b517-OSL
alt-svc: h2=":443"; ma=60

www.fortgift.com/uploads/20220715092752_cfd24c10f8270a7dfb8b83cd84ccefda.png

104.21.43.29

200 OK

12 kB

URL HTTP/1.1
www.fortgift.com/uploads/20220715092752_cfd24c10f8270a7dfb8b83cd84ccefda.png
IP
104.21.43.29:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1447 x 445, 8-bit/color RGBA, non-interlaced\012- data
Size
12 kB (11488 bytes)
Hash
8e1e5b0b1083fe16647aa86ba62f620c
6dbd179c6f0e6f1f7a88f64d563058473693f914
2bd9c32c309cdbd21a9d9ee1436e5b6e92cccc57e59918d88c1fe4cab59137c1

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /uploads/20220715092752_cfd24c10f8270a7dfb8b83cd84ccefda.png HTTP/1.1
Host: www.fortgift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.fortgift.com/survey/44472/source=10-908/subid=10/nrp=7b5ce34fca2946469114cd14dbd412d9
Cookie: laravel_session=eyJpdiI6InpFcjdEYWFTVUdOd2o4MGozc0R2TkE9PSIsInZhbHVlIjoiWHdJVUFLVFwvM1JPSmNoUlhEU1ZJZjRlMjRMUk1oUmtocmhSYlFKZXYwUlNcL2M1ZkVSUUxBaXl0czZ1VnhiY1dzZlNBZHV4UHJVS1VxM3M4VFVKaGN6dz09IiwibWFjIjoiNjY4NGNkOGFjMjI4ZjM3ZWExMWIxZWY5OWU0NzE1NWJhOTBjNzc3M2E2YWRiZTljYjM0MzI4MTRhNTM5NjQyYyJ9

HTTP/1.1 200 OK
Date: Mon, 05 Sep 2022 07:09:02 GMT
Content-Type: image/png
Content-Length: 11488
Connection: keep-alive
Last-Modified: Fri, 15 Jul 2022 07:27:52 GMT
ETag: "62d116f8-2ce0"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KAJIcyMD1rfzu1jkeVtVwwhTLbF5PHlwgI1wOuqursJZZBrG7G94ADWNXk4SOCbGmXUbTuSSKWYCitKayOe%2Fl9zKz5NZAaqzpPu96Mr91sAjNiRinpSMzJ8tgc%2FsgtYujTC2"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 745d231b5ad20b39-OSL
alt-svc: h2=":443"; ma=60

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
3958546039b436bd448017432b45c949
45aadab2339c0718b57200a1b2849073c04f08f5
903f9b9e0ccec46513fb56991790db64f79dd2548f6240c4905cf9f19bdaa783

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 07:09:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.fortgift.com/uploads/products/50636_20220715102437_cloned

104.21.43.29

200 OK

122 kB

URL HTTP/1.1
www.fortgift.com/uploads/products/50636_20220715102437_cloned
IP
104.21.43.29:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1100 x 730, 8-bit/color RGBA, non-interlaced\012- data
Size
122 kB (122436 bytes)
Hash
9112ef6888a45d1973e0d2bc06ce3083
4c41bfae2f654b1bddc0baa9e63bc51f79a0910c
2e7e23613260052d99ce6395e24259061ef0976b2300bf01f91b9dcea7b440c0

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /uploads/products/50636_20220715102437_cloned HTTP/1.1
Host: www.fortgift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.fortgift.com/survey/44472/source=10-908/subid=10/nrp=7b5ce34fca2946469114cd14dbd412d9
Cookie: laravel_session=eyJpdiI6InpFcjdEYWFTVUdOd2o4MGozc0R2TkE9PSIsInZhbHVlIjoiWHdJVUFLVFwvM1JPSmNoUlhEU1ZJZjRlMjRMUk1oUmtocmhSYlFKZXYwUlNcL2M1ZkVSUUxBaXl0czZ1VnhiY1dzZlNBZHV4UHJVS1VxM3M4VFVKaGN6dz09IiwibWFjIjoiNjY4NGNkOGFjMjI4ZjM3ZWExMWIxZWY5OWU0NzE1NWJhOTBjNzc3M2E2YWRiZTljYjM0MzI4MTRhNTM5NjQyYyJ9

HTTP/1.1 200 OK
Date: Mon, 05 Sep 2022 07:09:02 GMT
Content-Type: application/octet-stream
Content-Length: 122436
Connection: keep-alive
Last-Modified: Fri, 15 Jul 2022 08:24:37 GMT
ETag: "62d12445-1de44"
Accept-Ranges: bytes
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m4T3BhcgAF8aK8YfkjZTbzJ%2BBHFpMLn4XxQNrEg8YlWIors%2BTZju5q1uEuyQIoFkWKmRNxu4lttZmVnxNyXOadYyq6EpTpiFbiM9BY7Yt%2B1S%2F6TZ8qVInSUIwaMD9w55uDqg"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 745d231aca380b39-OSL
alt-svc: h2=":443"; ma=60

www.fortgift.com/survey/survey

104.21.43.29

200 OK

45 B

URL HTTP/1.1
www.fortgift.com/survey/survey
IP
104.21.43.29:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
45 B (45 bytes)
Hash
d88fef5a412e7cce7c705420a2d64cbc
e6d03282e5397b0d27957eec3f7f9b64a04ed9ce
f9c5b9c02235ec077e8a2a78b66d785661e88ef943d8e41cdbac8c8251269ded

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /survey/survey HTTP/1.1
Host: www.fortgift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 62
Origin: http://www.fortgift.com
Connection: keep-alive
Referer: http://www.fortgift.com/survey/44472/source=10-908/subid=10/nrp=7b5ce34fca2946469114cd14dbd412d9
Cookie: laravel_session=eyJpdiI6InpFcjdEYWFTVUdOd2o4MGozc0R2TkE9PSIsInZhbHVlIjoiWHdJVUFLVFwvM1JPSmNoUlhEU1ZJZjRlMjRMUk1oUmtocmhSYlFKZXYwUlNcL2M1ZkVSUUxBaXl0czZ1VnhiY1dzZlNBZHV4UHJVS1VxM3M4VFVKaGN6dz09IiwibWFjIjoiNjY4NGNkOGFjMjI4ZjM3ZWExMWIxZWY5OWU0NzE1NWJhOTBjNzc3M2E2YWRiZTljYjM0MzI4MTRhNTM5NjQyYyJ9; b2ZmZXJXYWxs=%7B%22campaign%22%3A%22Mjc0NDQ%3D%22%2C%22survey%22%3A49374%2C%22source%22%3A%2210-908%22%2C%22subid%22%3A%22subid%3D10%22%2C%22firstSession%22%3A%227f00eFKYFZmNCgin3Z7b54mvFPaRV95LCQp5p7f2_Mjc0NDQ%3D%22%7D; survey_id_49374=true

HTTP/1.1 200 OK
Date: Mon, 05 Sep 2022 07:09:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Origin: http://www.fortgift.com
Cache-Control: no-cache
Set-Cookie: laravel_session=eyJpdiI6Im5qQUxaRnFIY1Zha1orbFF6aXFCK1E9PSIsInZhbHVlIjoic1dYd2hlcWhBM0kwR2U5cDRNeHZlaWhSTUVQZVVSNHZ6MUg2aHU0SmNrTmJWSXNEam5VUjdxaE1FT21hR3l3Q2pXNnZcL25jN2FUTlpORkNoM2Yzc25RPT0iLCJtYWMiOiIyZmJkYzE4MzQ3ZGFkNzY3MmRjYTA0OTM3ZDliYzlhYTY1OTIwYjEzOGY3NWM2YzhiNDE1MWE1ZDY4MjA3NTA4In0%3D; expires=Mon, 12-Sep-2022 05:48:02 GMT; Max-Age=599940; path=/; httponly
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XwwTr0l3giULeSY2bGN%2F1xsL0hCfP3%2FLBRvvgfoGO7VPDqjxNjrMMgki594OEMF2VQOoJ70i6Ic6res2UVS2VR0DH%2BNUKfPtuRBlAkX7M6ES8nJLzu0DTVzJpyaxblTDYoS6"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 745d231b7f9cb512-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.fortgift.com/survey/survey

104.21.43.29

200 OK

150 B

URL HTTP/1.1
www.fortgift.com/survey/survey
IP
104.21.43.29:0
ASN
#13335 CLOUDFLARENET

File type
JSON data\012- , ASCII text, with no line terminators
Size
150 B (150 bytes)
Hash
d4de2b786bfd947f1a07a13e90aa0bf9
04ac41028e532910873d0563583dd5748ba4d3c0
50ce1e00b21bc818f2b3a3778f9a8708d7ac8b1112e075cf6a75792a3393dabc

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /survey/survey HTTP/1.1
Host: www.fortgift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 70
Origin: http://www.fortgift.com
Connection: keep-alive
Referer: http://www.fortgift.com/survey/44472/source=10-908/subid=10/nrp=7b5ce34fca2946469114cd14dbd412d9
Cookie: laravel_session=eyJpdiI6InpFcjdEYWFTVUdOd2o4MGozc0R2TkE9PSIsInZhbHVlIjoiWHdJVUFLVFwvM1JPSmNoUlhEU1ZJZjRlMjRMUk1oUmtocmhSYlFKZXYwUlNcL2M1ZkVSUUxBaXl0czZ1VnhiY1dzZlNBZHV4UHJVS1VxM3M4VFVKaGN6dz09IiwibWFjIjoiNjY4NGNkOGFjMjI4ZjM3ZWExMWIxZWY5OWU0NzE1NWJhOTBjNzc3M2E2YWRiZTljYjM0MzI4MTRhNTM5NjQyYyJ9; b2ZmZXJXYWxs=%7B%22campaign%22%3A%22Mjc0NDQ%3D%22%2C%22survey%22%3A49374%2C%22source%22%3A%2210-908%22%2C%22subid%22%3A%22subid%3D10%22%2C%22firstSession%22%3A%227f00eFKYFZmNCgin3Z7b54mvFPaRV95LCQp5p7f2_Mjc0NDQ%3D%22%7D; survey_id_49374=true

HTTP/1.1 200 OK
Date: Mon, 05 Sep 2022 07:09:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Origin: http://www.fortgift.com
Cache-Control: no-cache
Set-Cookie: laravel_session=eyJpdiI6IkZXSzFnTFRkOE1EZFwvNkU5UkUwS0pnPT0iLCJ2YWx1ZSI6IkxQNGh2citBeVRjT2I1dFwvR3VpWlZJdXRzR3B0Tit4VHpxaFNEeWt4MDF5MEpxNGNnWHEzaEdcL3VTcDdxSHQzOUpPbU93XC9HN2pQeklCUHkwWXdDdWFBPT0iLCJtYWMiOiJiYjVjNjU5NWUzODUxMWYzYjUyMjdiMjlhNDljMTA5ODdmOWQzODNkNjVkNGJjNTdjYzE3MjBiYmEzN2IzNGNjIn0%3D; expires=Mon, 12-Sep-2022 05:48:02 GMT; Max-Age=599940; path=/; httponly
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GgErvbHQEUN%2B0XfhqsIyP0ffQJn78IgkCkqwpEdLqMhArEpbkB4S%2Bt8Ld%2FFUa0sl2icKXOlZypkmEpyOOccw9DqXXZEcF89n1YBTmZdQRvG7%2BZOKHqrwtX3Ebyh5xNgb%2FJku"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 745d231b6aefb506-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

push.services.mozilla.com/

35.162.35.244

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.162.35.244:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: GEgCcJ/7bRKlLLVNxfEloA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ciFK8CgOqbIoxzR7Jt75Gdr2RhM=

www.fortgift.com/uploads/20220715092527_yes.ico

104.21.43.29

200 OK

1.7 kB

URL HTTP/1.1
www.fortgift.com/uploads/20220715092527_yes.ico
IP
104.21.43.29:0
ASN
#13335 CLOUDFLARENET

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
1.7 kB (1680 bytes)
Hash
bbfbce8bd892eb52b9ab46f954849cb8
3beb9287ec4a24e4752769d1b8df98e0a244bd58
5684c9dabbc7f208e285370a8f8c071c061006eedade82125fd31f9149d9d87d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /uploads/20220715092527_yes.ico HTTP/1.1
Host: www.fortgift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.fortgift.com/survey/44472/source=10-908/subid=10/nrp=7b5ce34fca2946469114cd14dbd412d9
Cookie: laravel_session=eyJpdiI6IkZXSzFnTFRkOE1EZFwvNkU5UkUwS0pnPT0iLCJ2YWx1ZSI6IkxQNGh2citBeVRjT2I1dFwvR3VpWlZJdXRzR3B0Tit4VHpxaFNEeWt4MDF5MEpxNGNnWHEzaEdcL3VTcDdxSHQzOUpPbU93XC9HN2pQeklCUHkwWXdDdWFBPT0iLCJtYWMiOiJiYjVjNjU5NWUzODUxMWYzYjUyMjdiMjlhNDljMTA5ODdmOWQzODNkNjVkNGJjNTdjYzE3MjBiYmEzN2IzNGNjIn0%3D; b2ZmZXJXYWxs=%7B%22campaign%22%3A%22Mjc0NDQ%3D%22%2C%22survey%22%3A49374%2C%22source%22%3A%2210-908%22%2C%22subid%22%3A%22subid%3D10%22%2C%22firstSession%22%3A%227f00eFKYFZmNCgin3Z7b54mvFPaRV95LCQp5p7f2_Mjc0NDQ%3D%22%7D; survey_id_49374=true

HTTP/1.1 200 OK
Date: Mon, 05 Sep 2022 07:09:02 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 15 Jul 2022 07:25:27 GMT
ETag: W/"62d11667-3c2e"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xn5uLm6wybEPek43J6J1C1LhaoCHBRP6CKtqI0XUCe1Z9OjUXn802O%2FwSQQFaijtzYVc407vBvhVKxRo75htwicF6H9Tyr8Lqy97CZxLx0a6UoOVAdGM0Z3YlGgX0s4%2BbmgD"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 745d231c5bfe0b39-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12099
Expires: Mon, 05 Sep 2022 10:30:43 GMT
Date: Mon, 05 Sep 2022 07:09:04 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12099
Expires: Mon, 05 Sep 2022 10:30:43 GMT
Date: Mon, 05 Sep 2022 07:09:04 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12099
Expires: Mon, 05 Sep 2022 10:30:43 GMT
Date: Mon, 05 Sep 2022 07:09:04 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12099
Expires: Mon, 05 Sep 2022 10:30:43 GMT
Date: Mon, 05 Sep 2022 07:09:04 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12099
Expires: Mon, 05 Sep 2022 10:30:43 GMT
Date: Mon, 05 Sep 2022 07:09:04 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0855d1b6-f16d-4dd0-9fde-a9453425f201.jpeg

34.120.237.76

200 OK

7.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0855d1b6-f16d-4dd0-9fde-a9453425f201.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.4 kB (7431 bytes)
Hash
c96c8c1d4fe4a550a59dd4ba09843a7c
99ece60b2c12ebc34512a58c886c997e273ad1ad
78157b35e481a8d31e3fbdf60d01332ae97a4bb939235e8ba566b1bd4e1d8d7b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0855d1b6-f16d-4dd0-9fde-a9453425f201.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7431
x-amzn-requestid: 0953983e-8c57-49ae-9b52-fe127c73a4a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XaH8IGUmIAMFY1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6307204d-06266aa31b508580324f07ab;Sampled=0
x-amzn-remapped-date: Thu, 25 Aug 2022 07:10:05 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: NkadqENBWW1-qAK4_05zp0mUJ7lBApClnUDaojmgPEzZuiOZQ2lXsQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 03:44:55 GMT
age: 12249
etag: "99ece60b2c12ebc34512a58c886c997e273ad1ad"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13d7f0db-89d6-4166-b182-85e35e518df9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8469 bytes)
Hash
30bf854fd3e27e2313a3d26fc43b9990
032acf1bfb0c8e2cbce8f2ff4d2964424b044951
7641be64dd25487edf4f845d1fbb0b07daa80fa8fb58863dd09081d9d169bd13

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13d7f0db-89d6-4166-b182-85e35e518df9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8469
x-amzn-requestid: de0e8998-4a52-4651-bcd6-3068c50193b6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X9Ey2Eq4oAMFZlQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63151b45-15da44d87bf486cb1738fe18;Sampled=0
x-amzn-remapped-date: Sun, 04 Sep 2022 21:40:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: GuATNx2xnWnEl0cr_2ZWZo_jOWbHlSBYksIeHFDoHAK9o5Tf0PPliQ==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 22:03:29 GMT
etag: "032acf1bfb0c8e2cbce8f2ff4d2964424b044951"
content-type: image/jpeg
age: 32735
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5b72072c-e8d1-4d87-8b3d-88a344002b6a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.6 kB (9632 bytes)
Hash
3fa914e288ca54908967c65ae6000607
b470ee66546236df6932247b8de7982a081e3170
04dc2796377fdd129e03e1a1902207ba57f23933f4296908794097353f2de13f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5b72072c-e8d1-4d87-8b3d-88a344002b6a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9632
x-amzn-requestid: aee8c394-86b7-4b7e-8a1b-134b4de8454f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XnTxZF0rIAMFodg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630c666f-2f2a9e20556d8899447fc662;Sampled=0
x-amzn-remapped-date: Mon, 29 Aug 2022 07:10:39 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 77bXbuBtQ1AUHqlplB8HwTfSd83WZTTsmHsN2hZiTk83XvP5Bdpfhg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 19:05:29 GMT
age: 43415
etag: "b470ee66546236df6932247b8de7982a081e3170"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F022243d2-ac74-4a81-b31f-104b203bf550.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.5 kB (5459 bytes)
Hash
7fe061740ad833cfe7ff0fe078d6810d
15d0fc3fdced758b5797361bae0fd53341e0581d
5409b6775bca5afd03901975c61c27f267efe2c8a8e739f05ebc52a938c5a368

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F022243d2-ac74-4a81-b31f-104b203bf550.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5459
x-amzn-requestid: a75bf8a5-dc96-4a88-9de5-b79d1d62ff21
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XxB_bFMFoAMFkEg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631049fc-2685c90962d8af5f4a7b5908;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 05:58:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rZh0s85w1Nt6qZdZybNBcQHEXMWQIJvtAyCbF4oWsYUOlIKuNS5Fpg==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 22:38:48 GMT
age: 30616
etag: "15d0fc3fdced758b5797361bae0fd53341e0581d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1944c2a5-23d6-45f7-ab9f-78685b5e5be8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.5 kB (4452 bytes)
Hash
e1556a0afcd327679e471ac6373ca29f
15ac095f9a744d85d7054d6c48af8a3f9ec9fc3a
d3537c985a20cf69290064fbd46778a6fbe6604cb6b37b272c8058142f02ffdf

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1944c2a5-23d6-45f7-ab9f-78685b5e5be8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4452
x-amzn-requestid: 882486d7-8cdc-4986-8562-6ec196c2a8e0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xt-dIFk7IAMFs4A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630f1120-5a4edfae33e2ef3f133e22f6;Sampled=0
x-amzn-remapped-date: Wed, 31 Aug 2022 07:43:28 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dmOD872bprnv74JVQ9X7Te_N8O5MQZQIv5a_svfRf_SkYMJNu3g07g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 04:32:13 GMT
age: 9411
etag: "15ac095f9a744d85d7054d6c48af8a3f9ec9fc3a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19cfd495-15a1-4f00-830a-847f2f2dd961.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.4 kB (7369 bytes)
Hash
1e2e5ba9413ee60c9e54787384c04f06
cae52e3364fe3b9ccc3c4c3477452d7a52835cd7
3ef1d513413b4a19adb7bbf302c1cea3e16e805e1e2e35ce6bcf40003d81d5db

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19cfd495-15a1-4f00-830a-847f2f2dd961.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7369
x-amzn-requestid: 6fecc130-8646-4700-bbc7-8e63b7a91330
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XqUKNG9gIAMF2qg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630d9a41-6cd70c1565bbab583d4d0642;Sampled=0
x-amzn-remapped-date: Tue, 30 Aug 2022 05:04:01 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: GrR7xCd0iP38mxB11MgI4o6ncLmfASttA_9EGF7yZH8xleO1KfkErw==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 07:16:46 GMT
age: 85938
etag: "cae52e3364fe3b9ccc3c4c3477452d7a52835cd7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Poppins:400,500,600,700

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Poppins:400,500,600,700
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Poppins:400,500,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.fortgift.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 05 Sep 2022 07:09:02 GMT
date: Mon, 05 Sep 2022 07:09:02 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

your-choice-center.com/embed.js

104.21.90.72

200 OK

0 B

URL HTTP/2
your-choice-center.com/embed.js
IP
104.21.90.72:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /embed.js HTTP/1.1
Host: your-choice-center.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.fortgift.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 05 Sep 2022 07:09:02 GMT
content-type: application/javascript
etag: W/"61ade779-58b1"
last-modified: Mon, 06 Dec 2021 10:35:37 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 1340
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CCwuRc%2FX%2F4BSnLYyHCe8WE5bIf10%2BLn9Vk3CoR0PNwRKDI%2Be3b7F9m3LLFdQUumuVtT7tFmS%2FynbgnkLr1NBSkQiauNEYZUFApagSZfJ1qTpmqUMHIBlpsncMX1VbfqlfvgucIScAFk%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 745d2319cd08b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP