Overview

URL glamorouscrookedsquares.galicia092.repl.co/zxdaklxmapoiqlaurtreymnxlapz.php
IP34.149.204.188
ASNGOOGLE
Location United States
Report completed2022-09-15 09:32:59 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-09-14 2 glamorouscrookedsquares.galicia092.repl.co/zxdaklxmapoiqlaurtreymnxlapz.php Banco Galicia
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-15 2 glamorouscrookedsquares.galicia092.repl.co/js/functions.js Phishing
2022-09-15 2 glamorouscrookedsquares.galicia092.repl.co/img/logo.svg Phishing
2022-09-15 2 glamorouscrookedsquares.galicia092.repl.co/fonts/Inter-Regular.woff2 Phishing
2022-09-15 2 glamorouscrookedsquares.galicia092.repl.co/fonts/Inter-Regular.woff Phishing
2022-09-15 2 glamorouscrookedsquares.galicia092.repl.co/fonts/Inter-Regular.ttf Phishing
2022-09-15 2 glamorouscrookedsquares.galicia092.repl.co/zxdaklxmapoiqlaurtreymnxlapz.php Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (14)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS des.smartclip.net (2) 26174 2017-01-31 12:50:39 UTC 2022-09-15 05:06:17 UTC 35.186.194.101
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-15 05:55:58 UTC 34.213.140.56
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-15 04:47:36 UTC 34.120.237.76
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-27 20:08:30 UTC 2022-09-15 06:12:00 UTC 143.204.55.36
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-15 04:50:53 UTC 34.117.237.239
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-15 06:27:39 UTC 93.184.220.29
mnemonic passive DNS hosting.miarroba.info (1) 0 2012-10-16 10:04:14 UTC 2022-09-14 09:37:31 UTC 172.67.187.70 Unknown ranking
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-15 05:55:39 UTC 143.204.55.49
mnemonic passive DNS ocsp.pki.goog (3) 175 2017-06-14 07:23:31 UTC 2022-09-15 04:51:27 UTC 142.250.74.3
mnemonic passive DNS ajax.googleapis.com (1) 12905 2019-10-15 17:52:08 UTC 2022-09-15 05:07:02 UTC 142.250.74.138
mnemonic passive DNS glamorouscrookedsquares.galicia092.repl.co (12) 0 2022-09-14 17:06:49 UTC 2022-09-15 05:52:30 UTC 34.149.204.188 Unknown ranking
mnemonic passive DNS quantcast.mgr.consensu.org (1) 2151 2018-05-26 17:23:53 UTC 2022-09-15 06:04:50 UTC 143.204.55.17
mnemonic passive DNS r3.o.lencr.org (8) 344 2020-12-02 08:52:13 UTC 2022-09-15 04:51:36 UTC 23.36.77.32
mnemonic passive DNS cdn.smartclip-services.com (1) 171570 2018-06-15 19:21:53 UTC 2022-09-15 02:32:36 UTC 130.61.96.156


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 34.149.204.188

Date UQ / IDS / BL URL IP
2022-12-06 18:53:37 +0000
8 - 0 - 0 bancolombiaprotegetucuenta.daryerh.repl.co/In (...) 34.149.204.188
2022-12-06 13:49:52 +0000
0 - 0 - 8 mobilewigglyrelationalmodel.fredy22.repl.co/ 34.149.204.188
2022-12-06 11:59:34 +0000
0 - 0 - 4 middlemanparts.newsletter147.repl.co/ 34.149.204.188
2022-12-06 11:03:13 +0000
0 - 0 - 8 mobilewigglyrelationalmodel.fredy22.repl.co/ 34.149.204.188
2022-12-06 09:12:57 +0000
0 - 0 - 4 middlemanparts.newsletter147.repl.co/ 34.149.204.188

Last 5 reports on ASN: GOOGLE

Date UQ / IDS / BL URL IP
2022-12-06 19:19:09 +0000
0 - 0 - 5 ow5dirasuek.com/332/953.html 35.205.61.67
2022-12-06 19:16:51 +0000
0 - 0 - 1 bookworm-bilgeadam.blogspot.ru/2013/11/tum-ki (...) 142.250.74.33
2022-12-06 19:14:35 +0000
0 - 0 - 2 ow5dirasuek.com/417/701.html 35.205.61.67
2022-12-06 19:08:26 +0000
0 - 0 - 1 georgiatechhts.blogspot.ca/search/label/mentor 172.217.21.161
2022-12-06 19:07:56 +0000
0 - 0 - 2 yesilcam-sinema-video-izle-vizyon.blogspot.co (...) 172.217.21.161

Last 1 reports on domain: galicia092.repl.co

Date UQ / IDS / BL URL IP
2022-09-15 09:32:59 +0000
0 - 0 - 7 glamorouscrookedsquares.galicia092.repl.co/zx (...) 34.149.204.188

No other reports with similar screenshot



JavaScript

Executed Scripts (14)


Executed Evals (0)


Executed Writes (1)

#1 JavaScript::Write (size: 1393, repeated: 1) - SHA256: a6cf63153eea5ba786331c3ac8bc23e3fb39ab9c57f55f205ed1ab1f20ffceae

                                        < form action = "//hosting.miarroba.info/607f6b0b381bbc1f64fa027d62891072_cookie.php"
method = "POST"
id = "setCookie3a79aa43"
enctype = "application/x-www-form-urlencoded"
style = "background:none;border:none;margin:0px;padding:0px;overflow:hidden;position:absolute;top:-10000px;left:-10000px;height:1px;width:1px;display:block;"
target = "tpc3a79aa43" > < input type = "hidden"
name = "setcookie"
value = "1663234368" / > < input type = "hidden"
name = "name"
value = "__weslvu" / > < input type = "hidden"
name = "value"
value = "1663234368" / > < input type = "hidden"
name = "expire"
value = "1663237968" / > < input type = "hidden"
name = "path"
value = "/" / > < input type = "hidden"
name = "domain"
value = "hosting.miarroba.info" / > < input type = "hidden"
name = "secure"
value = "" / > < input type = "hidden"
name = "httponly"
value = "" / > < input type = "hidden"
name = "key"
value = "b1e29ff4fb4af58c3b415fd6b4524476" / > < /form><iframe id="tpc3a79aa43" name="tpc3a79aa43" AllowTransparency="1" onload="if( document.getElementById('setCookie3a79aa43') ){document.getElementById('setCookie3a79aa43').submit();document.getElementById('setCookie3a79aa43').parentNode.removeChild(document.getElementById('setCookie3a79aa43'));}" frameborder="0" marginheight="0" marginwidth="0" scrolling="0" src="about:blank" style="background:none;border:none;margin:0px;padding:0px;overflow:hidden;position:absolute;top:-10000px;left:-10000px;height:1px;width:1px;display:block;"></iframe >
                                    


HTTP Transactions (41)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F06964E0B586CD549172C27F62908C43C417612BE23EA2746332EB26FADDC477"
Last-Modified: Wed, 14 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18879
Expires: Thu, 15 Sep 2022 14:47:27 GMT
Date: Thu, 15 Sep 2022 09:32:48 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "B5F178D23E633283F226CCA7A9AE79B01E6CAB2299FF7065C980D3A9953212FD"
Last-Modified: Tue, 13 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11757
Expires: Thu, 15 Sep 2022 12:48:45 GMT
Date: Thu, 15 Sep 2022 09:32:48 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 15 Sep 2022 09:10:23 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: FDlf3V-t9OS3qdeQvVUR15tiyUxScsPabf-tlOQ-B2xfg5Z5HFUPiQ==
Age: 1345


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    91dd975a7b17b2922dd23c0e49314e40
Sha1:   57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
Sha256: 09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.49
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 15 Sep 2022 04:35:16 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Kh_WhIFiqC7P5AYcfTndypd87dj-lukQ6uP1khWSeTXIZuwXOWR8nQ==
age: 17853
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    742edb4038f38bc533514982f3d2e861
Sha1:   cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
Sha256: b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Thu, 15 Sep 2022 09:32:48 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /css/normalize.min.css HTTP/1.1 
Host: glamorouscrookedsquares.galicia092.repl.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glamorouscrookedsquares.galicia092.repl.co/zxdaklxmapoiqlaurtreymnxlapz.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         34.149.204.188
HTTP/2 200 OK
content-type: text/css; charset=UTF-8
                                        
date: Thu, 15 Sep 2022 09:32:48 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7692655; includeSubDomains
content-length: 2386
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   2386
Md5:    2670d06cb23c29db8be75f810764e996
Sha1:   3f812ee651eb5626d9d0d8246944e97762aa383c
Sha256: 4415368784b5fc2bbb8432eb643ce22df57fdabb5c294952bed6d6edde345e14
                                        
                                            GET /css/estyle.css HTTP/1.1 
Host: glamorouscrookedsquares.galicia092.repl.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glamorouscrookedsquares.galicia092.repl.co/zxdaklxmapoiqlaurtreymnxlapz.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         34.149.204.188
HTTP/2 200 OK
content-type: text/css; charset=UTF-8
                                        
date: Thu, 15 Sep 2022 09:32:48 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7692655; includeSubDomains
content-length: 8015
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   8015
Md5:    0327b3ffc39052f967ecf0b9965ef0ae
Sha1:   2477552fb6b86ee77d407ed497b6140a2c6c90de
Sha256: 4b45e9ab7604c8250bc77ec53092a49dd4685880992ef1fe79c3af4d9d0029ba
                                        
                                            GET /img/error.png HTTP/1.1 
Host: glamorouscrookedsquares.galicia092.repl.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glamorouscrookedsquares.galicia092.repl.co/zxdaklxmapoiqlaurtreymnxlapz.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         34.149.204.188
HTTP/2 200 OK
content-type: image/png
                                        
date: Thu, 15 Sep 2022 09:32:48 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7692655; includeSubDomains
content-length: 345
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 18 x 19, 8-bit colormap, non-interlaced\012- data
Size:   345
Md5:    b64aa8ac588f2e81cc84aad4db5ab2b7
Sha1:   37b6930adaba2185f9f85e081ed95d79bcd69a1e
Sha256: f438c3df67725a63f6016848672235489f0734b896d2da16f95476d7a36e4d36
                                        
                                            GET /img/keyboard.png HTTP/1.1 
Host: glamorouscrookedsquares.galicia092.repl.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glamorouscrookedsquares.galicia092.repl.co/zxdaklxmapoiqlaurtreymnxlapz.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         34.149.204.188
HTTP/2 200 OK
content-type: image/png
                                        
date: Thu, 15 Sep 2022 09:32:48 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7692655; includeSubDomains
content-length: 224
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 24 x 14, 8-bit colormap, non-interlaced\012- data
Size:   224
Md5:    420eea97fa014414d09a29740eccaa09
Sha1:   d57c6f80501f5daa83554fab5233ce16880bc806
Sha256: f71a82529ba108a5a2f355554070b6b851b03fd114a17c763e4b1a71f089d77b
                                        
                                            GET /js/functions.js HTTP/1.1 
Host: glamorouscrookedsquares.galicia092.repl.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glamorouscrookedsquares.galicia092.repl.co/zxdaklxmapoiqlaurtreymnxlapz.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         34.149.204.188
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Thu, 15 Sep 2022 09:32:48 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7692655; includeSubDomains
content-length: 7138
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with CRLF line terminators
Size:   7138
Md5:    7fc16e4d9826e832ffd6acb6c3b1f449
Sha1:   af7322a2adfc44c0677730f571da5cd9e62b7820
Sha256: 1494a0446783b947cf66041b741126ac16fc722a27ec30c81abe7875cd9d9fb2

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Thu, 15 Sep 2022 09:03:22 GMT
Cache-Control: max-age=3600
Expires: Thu, 15 Sep 2022 09:56:56 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: gsLAdl_xo9dSb-L9WQpg454gSafH9JoPMcVu2v7U6ftySGmw2Rw19g==
Age: 1766


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST /s/gts1d4/ouYA9JHCAhA HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 15 Sep 2022 09:32:48 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /img/logo.svg HTTP/1.1 
Host: glamorouscrookedsquares.galicia092.repl.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glamorouscrookedsquares.galicia092.repl.co/css/estyle.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         34.149.204.188
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Thu, 15 Sep 2022 09:32:48 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7692655; includeSubDomains
content-length: 3079
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (3079), with no line terminators
Size:   3079
Md5:    705b8c02f934311328e0166e61e06895
Sha1:   06c1a6d396e9498a3e5da0fa5e08c3bc5afc932e
Sha256: a3ceaf7f0cf1400ed77bb7527703e4ba826152253da0ae8d0909e473c5650fec

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /fonts/Inter-Regular.woff2 HTTP/1.1 
Host: glamorouscrookedsquares.galicia092.repl.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://glamorouscrookedsquares.galicia092.repl.co/css/estyle.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         34.149.204.188
HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
                                        
date: Thu, 15 Sep 2022 09:32:48 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7692655; includeSubDomains
content-length: 558
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   558
Md5:    35f3645336a9d36e4cece2b4aa9eabf9
Sha1:   32df6af23d7f19423f46ad7c0e869d0c9edec07d
Sha256: 520f34e95c4fb382454347e8851449d16b94ffd495ca76a8ac85421a4c18b34c

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2755
Cache-Control: 'max-age=158059'
Date: Thu, 15 Sep 2022 09:32:48 GMT
Last-Modified: Thu, 15 Sep 2022 08:46:53 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /s/gts1d4/ouYA9JHCAhA HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 15 Sep 2022 09:32:48 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /choice/d5x2uDVHd7ALE/glamorouscrookedsquares.galicia092.repl.co/choice.js HTTP/1.1 
Host: quantcast.mgr.consensu.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glamorouscrookedsquares.galicia092.repl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.17
HTTP/2 204 No Content
                                        
cache-control: max-age=900
date: Thu, 15 Sep 2022 09:32:48 GMT
server: AmazonS3
cross-origin-resource-policy: cross-origin
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: SiIxN2jUqU0y4ky2Fe677J9-RIXAXbaTewfkGv4eRVPTJ3vnDJCn_g==
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A13B0A40BB992A69D15954216B63F54C93BE07EECD9D0C3F242620B242E5AD15"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13667
Expires: Thu, 15 Sep 2022 13:20:35 GMT
Date: Thu, 15 Sep 2022 09:32:48 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A13B0A40BB992A69D15954216B63F54C93BE07EECD9D0C3F242620B242E5AD15"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13702
Expires: Thu, 15 Sep 2022 13:21:10 GMT
Date: Thu, 15 Sep 2022 09:32:48 GMT
Connection: keep-alive

                                        
                                            GET /img/61-Angela-Scardigno_A-punto.jpg HTTP/1.1 
Host: glamorouscrookedsquares.galicia092.repl.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glamorouscrookedsquares.galicia092.repl.co/css/estyle.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         34.149.204.188
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Thu, 15 Sep 2022 09:32:48 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7692655; includeSubDomains
content-length: 46904
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 591x774, components 3\012- data
Size:   46904
Md5:    85bc2aee1604a97b1358e326581f275f
Sha1:   d61e790393ce64464feab788128ced0144792782
Sha256: 9dab84d0d9dbb5dbe14178e2e34bffe32afd8341abb3b009c791aafb5762676d
                                        
                                            GET /?__muid=b3c0a984eac6d95b1e5505e11852c918cd8760b5&h=2058268&t=1616556280&k=06bb27d44cecac922ecf9bd63add4895 HTTP/1.1 
Host: hosting.miarroba.info
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glamorouscrookedsquares.galicia092.repl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.67.187.70
HTTP/2 200 OK
content-type: application/javascript; charset=iso-8859-1
                                        
date: Thu, 15 Sep 2022 09:32:48 GMT
vary: Accept-Encoding
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Thu, 15 Sep 2022 09:32:48 GMT
cache-control: no-cache
pragma: no-cache
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
set-cookie: __weslvu=1663234368; expires=Thu, 15-Sep-2022 10:32:48 GMT; Max-Age=3600
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BWPAiodoIUZcdqdFjm0MiaG1qnJlGHacpx6hD0afM7Y3SbbqfZmyQrTPcb1ZOh6xEhxa19JAh6wIX%2FkRSMsxBuBh9SA%2FtcJPJ0HX%2Bqjt%2FMeDsEqqUdFak9dr9oS8PF71lxF2zitFrg0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74b05b733de10b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1420), with no line terminators
Size:   38644
Md5:    7f3a22eded9b665d1e744d132d13d02a
Sha1:   2a49638246c9bae29a15fb93afa03ce869608b4e
Sha256: f34a068bfae44c7560f776d7fb30dc0816df94003e6601ec94a6682267989552
                                        
                                            GET /v1/Storage-a482323/smartclip-services/ava/ava.js HTTP/1.1 
Host: cdn.smartclip-services.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glamorouscrookedsquares.galicia092.repl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         130.61.96.156
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 15 Sep 2022 09:32:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 21 Jun 2022 15:40:47 GMT
ETag: W/"62b1e67f-6fb0e"
Expires: Sun, 18 Sep 2022 09:32:49 GMT
Pragma: public
Cache-Control: max-age=259200, public
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   128920
Md5:    b57151479fb31d1a2afa26339088d338
Sha1:   e58ef5ce764a78f960143639c4ed22287e987d4c
Sha256: e72aabae7e4b6b5ecbfdb001b9238acf75b8edfc26a5db4cfb1b9d7e60229e7c
                                        
                                            GET /fonts/Inter-Regular.woff HTTP/1.1 
Host: glamorouscrookedsquares.galicia092.repl.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://glamorouscrookedsquares.galicia092.repl.co/css/estyle.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         34.149.204.188
HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
                                        
date: Thu, 15 Sep 2022 09:32:49 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7692655; includeSubDomains
content-length: 557
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   557
Md5:    0fa319835b946679af164a9f5ccd3ef7
Sha1:   cf4857c98d5cf554ae925d7ee578449e774941fa
Sha256: 7f6b3244a9c7260e0520a1d10231bc3421ccd7a35afca4afe2dc5256447620d0

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /ads?type=dyn&plc=75133&elementId=b3c0a984eac6d95b1e5505e11852c918cd8760b5&sz=400x320&rnd=57309412 HTTP/1.1 
Host: des.smartclip.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glamorouscrookedsquares.galicia092.repl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         35.186.194.101
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
server: openresty/1.19.9.1
date: Thu, 15 Sep 2022 09:32:48 GMT
vary: Accept-Encoding
sc-device-type: PC
sc-supply-network: 999999
sc-uuid: e78c6e39-40f1-2263-655b-d80fb5649bef
access-control-allow-credentials: true
p3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   3749
Md5:    8c51cc13ea96ffb3fb710b2b43ec9e72
Sha1:   a68f004fa365067760cc09af163b6e56169d8611
Sha256: 141177badd75f67913378f30ac21506b31bb03f4bc6e7492a4a647c5043ee19f
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: UYDIfTMBaES3nsnsSnJmNQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         34.213.140.56
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: E3ynawjW15/7s24xoitK3mYxy6Q=

                                        
                                            GET /fonts/Inter-Regular.ttf HTTP/1.1 
Host: glamorouscrookedsquares.galicia092.repl.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glamorouscrookedsquares.galicia092.repl.co/css/estyle.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         34.149.204.188
HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
                                        
date: Thu, 15 Sep 2022 09:32:49 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7692654; includeSubDomains
content-length: 556
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   556
Md5:    b9ccb4351e37f91295a81e50c8a27f9f
Sha1:   a743f04c53dc2828031e75bcaa17d27364911807
Sha256: 1c78d9470764db3b09dc472941bdab742b1e34f5b96bd8ed1abdfb99ca327b5c

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /ads?type=dyn&plc=75133&elementId=b3c0a984eac6d95b1e5505e11852c918cd8760b5&sz=400x320&rnd=25247686 HTTP/1.1 
Host: des.smartclip.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glamorouscrookedsquares.galicia092.repl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         35.186.194.101
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
server: openresty/1.19.9.1
date: Thu, 15 Sep 2022 09:32:48 GMT
vary: Accept-Encoding
sc-device-type: PC
sc-supply-network: 999999
sc-uuid: 1b3a84e8-40f1-2263-2a80-9f8366f674d0
access-control-allow-credentials: true
p3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   1775
Md5:    bcd56cdc9947ed97f37f05a1d03b9fed
Sha1:   0d24ade649d29827464d8d8b68a66a91dc9e4850
Sha256: c046065ae1767835838fd79673a4ef4315459f1d14d826dd687e7758b544440b
                                        
                                            GET /ajax/libs/jquery/3.2.1/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glamorouscrookedsquares.galicia092.repl.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.138
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30306
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 13 Sep 2022 10:28:11 GMT
expires: Wed, 13 Sep 2023 10:28:11 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
age: 169478
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32058)
Size:   30306
Md5:    fc3fc31e5e7c0933dc18e562c1c071bf
Sha1:   a44c31323f6bd29e583cc585036e6eb39f7014a6
Sha256: ddad766fb94b23efeb5574cdedc5e8446d496fb91bd0b08cd80be212e001055d
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 15 Sep 2022 09:32:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /img/favicon.ico HTTP/1.1 
Host: glamorouscrookedsquares.galicia092.repl.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://glamorouscrookedsquares.galicia092.repl.co/zxdaklxmapoiqlaurtreymnxlapz.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         34.149.204.188
HTTP/2 200 OK
content-type: image/x-icon
                                        
date: Thu, 15 Sep 2022 09:32:49 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7692654; includeSubDomains
content-length: 1559
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size:   1559
Md5:    b700b544f2fa87e37e6b728fef00fcb0
Sha1:   c0735fa743392c2f3032c22d241854b88832cdb7
Sha256: f20a33fd40173f122bec15a105374059fb3ec612d51146485ed84ef0001f2f03
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11957
Expires: Thu, 15 Sep 2022 12:52:07 GMT
Date: Thu, 15 Sep 2022 09:32:50 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11957
Expires: Thu, 15 Sep 2022 12:52:07 GMT
Date: Thu, 15 Sep 2022 09:32:50 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11957
Expires: Thu, 15 Sep 2022 12:52:07 GMT
Date: Thu, 15 Sep 2022 09:32:50 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11957
Expires: Thu, 15 Sep 2022 12:52:07 GMT
Date: Thu, 15 Sep 2022 09:32:50 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e9a2626-acb3-4c73-9ff9-e09ad82d489e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8447
x-amzn-requestid: 3237c2fa-bc17-4b8d-8afd-bacfaa90ca71
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X7FypF7KIAMFd7A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63145010-7052273b184685c83569c712;Sampled=0
x-amzn-remapped-date: Sun, 04 Sep 2022 07:13:20 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: wzi_WnjJW5XjIfj8kyVL4LcQEjcuw1_zwrDiJegEZ2r8GOZcQahPEw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 21:46:45 GMT
age: 42365
etag: "14131148fda4e8d85b582fd20e76bcc814341bf1"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8447
Md5:    5a6939786c9343412c9af87efd3f44e0
Sha1:   14131148fda4e8d85b582fd20e76bcc814341bf1
Sha256: 8412c50f0fdc131d9c4422f2d7307fc1ee062c3580a1d754ef71cf84f9727d49
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc482abf3-9a0f-40ae-8d4b-c95977ab3e5f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9630
x-amzn-requestid: c48fade7-f2d1-480e-a411-9bfd080b4b92
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YXwx8Fe-oAMFtiQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631fc80c-20c8930c7269503e6195fe72;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 00:00:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: bFdVw0FZgpuFUOM1MQPSvXByye8bqcrEXDc6O3rFwQKgUOvLxoT7Xg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 21:46:22 GMT
age: 79183
etag: "fb0078b3be78ca41f46c102148b9e801cfacba8e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9630
Md5:    ebe7a0235de91cc1bf4cc6baecbf43f5
Sha1:   fb0078b3be78ca41f46c102148b9e801cfacba8e
Sha256: 6b35ef88d4ca58338480a87d0b0143fc4e1885427735d5ea48ba6e99aa882678
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F86bf6a5e-a3e5-479d-a052-fa843c45a3d9.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9400
x-amzn-requestid: 8cf35176-18a1-427b-870c-bdae465060c8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYM18E-iIAMFcmg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631ff4f2-427bc0ff6593e71e25b91589;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 03:11:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ZVnPAYUOBCRUYD3wEx79lIMjBJCKyVB9CmnTqMJIaFPbQGPoHwB73w==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 20:21:37 GMT
age: 47473
etag: "96ab8cd8e14350f730d26731f3445710324e24e2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9400
Md5:    4833535b1650b0ac875704023b650e66
Sha1:   96ab8cd8e14350f730d26731f3445710324e24e2
Sha256: d2b5a51e39a4890ba56e819d4d5d1d57d4d3cfc50dde42efdf23b8e9be17d1c7
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f370e89-6cc5-4da8-83dc-68d5a685ce0f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9340
x-amzn-requestid: 23ab295a-91a0-4a91-ba26-8302088a50c2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YNxvmEPIIAMFZlQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bc996-10ccfaf45b93ef066901573d;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 23:17:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: j_TffmLpWMBRCuHyrY6e6DuD3g8nOMX296pqnkra4KHsAwSkXj-3_w==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 22:00:43 GMT
age: 41527
etag: "b8ae9f4346fe63c5aa7a3b07ef84eac8fc63ca94"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9340
Md5:    a05eafb022d09a0c88432fe018f2c325
Sha1:   b8ae9f4346fe63c5aa7a3b07ef84eac8fc63ca94
Sha256: 91b3994632d954d1c93ee53a46d2d8850ebe387af40962aad787d341b742e9f0
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d547c90-3ccc-4c25-a8e5-de1d932a8cfb.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3951
x-amzn-requestid: 65c15365-1bff-4dd2-a651-33683a033e05
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YE9_oHP_oAMF3Fw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63184397-148253910e5cd21b0e436b09;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 07:09:11 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: _BTSN2zHd-FiETAJVrQhk9Odsn_M3GGs0nU0QpLrE9Rpin0VQPzy2w==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 22:19:41 GMT
age: 40389
etag: "cab4d850cd2bc5b3e1570ae837a58382e6eae5ec"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3951
Md5:    aaf675adec05212317877a5f479d11a7
Sha1:   cab4d850cd2bc5b3e1570ae837a58382e6eae5ec
Sha256: cb4eb5b406f1ec01e3094d0519d8e4e7a469056bb898e2c47d48378e4b2b261d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3545c74-7af3-4ad8-815b-6a50681a2362.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10633
x-amzn-requestid: 8dbc7f5f-1cb9-4b45-913d-2d4db71449fd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X7FSvG98IAMFeLQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63144f44-3094163533977c6d1ee90274;Sampled=0
x-amzn-remapped-date: Sun, 04 Sep 2022 07:09:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 5Gx5Pfp0fH7GtvITXwV1CVZlM6wbfIXmyk_4xZtIVf8qkmg0AyxBPQ==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 20:21:01 GMT
age: 47509
etag: "13d42d455f5131b7b861b97eb3f0e91236d4d222"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10633
Md5:    f42b72c3fd66a6758ebcf0ca8cc1a046
Sha1:   13d42d455f5131b7b861b97eb3f0e91236d4d222
Sha256: 4a07fcacde77dc890164fda9f295b61af6947b2d7f3f84f64749d93e3a1e5b99
                                        
                                            GET /zxdaklxmapoiqlaurtreymnxlapz.php HTTP/1.1 
Host: glamorouscrookedsquares.galicia092.repl.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         34.149.204.188
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Thu, 15 Sep 2022 09:32:48 GMT
expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
replit-cluster: global
strict-transport-security: max-age=7692655; includeSubDomains
x-powered-by: PHP/7.4.21
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - openphish: Banco Galicia
    - fortinet: Phishing