Overview

URL cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784=&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
IP163.44.198.59
ASNGMO-Z com NetDesign Holdings Co., Ltd.
Location Thailand
Report completed2022-08-29 13:57:31 UTC
StatusLoading report..
urlquery Alerts Phishing - Spotify


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-08-29 2 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/script.min.js.download Phishing
2022-08-29 2 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/download.ico Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (22)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS adservice.google.com (1) 76 2017-09-26 14:24:07 UTC 2022-08-29 08:19:12 UTC 142.250.74.2
mnemonic passive DNS adservice.google.no (1) 96969 2017-09-26 14:23:08 UTC 2022-08-29 04:31:32 UTC 216.58.207.194
mnemonic passive DNS googleads.g.doubleclick.net (1) 42 2012-05-21 07:15:40 UTC 2022-08-29 12:07:33 UTC 142.250.74.2
mnemonic passive DNS www.google.no (1) 25607 2012-05-21 14:04:11 UTC 2022-08-29 07:08:19 UTC 142.250.74.3
mnemonic passive DNS www.google.com (1) 7 2012-05-22 04:23:54 UTC 2022-08-29 05:11:28 UTC 142.250.74.164
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2016-03-17 08:25:01 UTC 2022-08-29 09:23:19 UTC 143.204.55.36
mnemonic passive DNS r3.o.lencr.org (6) 344 2020-12-02 08:52:13 UTC 2022-08-29 04:32:12 UTC 23.36.77.32
mnemonic passive DNS www.scdn.co (2) 37159 2017-06-28 16:47:14 UTC 2022-08-29 04:55:45 UTC 151.101.86.248
mnemonic passive DNS insight.adsrvr.org (1) 631 2012-05-30 14:03:18 UTC 2022-08-29 05:03:03 UTC 15.197.193.217
mnemonic passive DNS connect.facebook.net (1) 139 2012-05-22 02:51:28 UTC 2022-08-29 04:31:32 UTC 31.13.72.12
mnemonic passive DNS cpanel10wh.bkk1.cloud.z.com (18) 0 2018-04-15 08:04:34 UTC 2022-08-29 03:44:50 UTC 163.44.198.59 Domain (z.com) ranked at: 166397
mnemonic passive DNS ocsp.pki.goog (11) 175 2017-06-14 07:23:31 UTC 2022-08-29 04:31:13 UTC 142.250.74.3
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-08-29 04:31:28 UTC 34.120.237.76
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-08-29 04:39:36 UTC 143.204.55.25
mnemonic passive DNS 4721227.fls.doubleclick.net (2) 34921 2015-06-18 14:05:06 UTC 2022-08-29 12:09:13 UTC 142.250.74.70
mnemonic passive DNS www.googleadservices.com (1) 107 2012-06-26 14:53:06 UTC 2022-08-29 13:47:04 UTC 216.58.207.194
mnemonic passive DNS ocsp.globalsign.com (1) 2075 2012-05-25 06:20:55 UTC 2022-08-29 04:54:43 UTC 104.18.20.226
mnemonic passive DNS sp-bootstrap.global.ssl.fastly.net (5) 319464 2015-03-02 13:51:10 UTC 2022-08-29 03:44:41 UTC 151.101.85.194
mnemonic passive DNS bat.bing.com (3) 387 2014-04-08 09:23:16 UTC 2022-08-29 04:34:32 UTC 13.107.21.200
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-08-29 04:31:25 UTC 34.117.237.239
mnemonic passive DNS ocsp.digicert.com (3) 86 2012-05-21 07:02:23 UTC 2022-08-29 09:50:58 UTC 93.184.220.29
mnemonic passive DNS push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2022-08-29 04:55:44 UTC 34.211.241.174


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 163.44.198.59

Date UQ / IDS / BL URL IP
2022-12-06 21:46:10 +0000
0 - 0 - 6 thanlyinasu.com/ee/index.php?QBOT.zip 163.44.198.59
2022-12-04 14:35:08 +0000
43 - 0 - 13 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Lo (...) 163.44.198.59
2022-11-12 00:37:06 +0000
23 - 0 - 11 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Lo (...) 163.44.198.59
2022-11-12 00:36:30 +0000
23 - 0 - 11 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Lo (...) 163.44.198.59
2022-11-12 00:36:02 +0000
23 - 0 - 11 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Lo (...) 163.44.198.59

Last 5 reports on ASN: GMO-Z com NetDesign Holdings Co., Ltd.

Date UQ / IDS / BL URL IP
2022-12-09 02:01:41 +0000
0 - 0 - 1 adrs.ac.th/ 150.95.29.62
2022-12-08 17:53:37 +0000
0 - 0 - 2 imexinter.com/record/vantagewest/vantagewest/ (...) 163.44.197.16
2022-12-08 16:31:20 +0000
0 - 0 - 2 www.imexinter.com/made/vantagewestv5/vantagew (...) 163.44.197.16
2022-12-08 16:30:55 +0000
0 - 0 - 3 imexinter.com/made/vantagewestv5/vantagewestv (...) 163.44.197.16
2022-12-08 16:27:42 +0000
0 - 0 - 2 www.imexinter.com/made/vantagewestv5/vantagew (...) 163.44.197.16

Last 5 reports on domain: z.com

Date UQ / IDS / BL URL IP
2022-12-04 14:35:08 +0000
43 - 0 - 13 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Lo (...) 163.44.198.59
2022-11-12 00:37:06 +0000
23 - 0 - 11 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Lo (...) 163.44.198.59
2022-11-12 00:36:30 +0000
23 - 0 - 11 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Lo (...) 163.44.198.59
2022-11-12 00:36:02 +0000
23 - 0 - 11 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Lo (...) 163.44.198.59
2022-11-12 00:35:52 +0000
23 - 0 - 12 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Lo (...) 163.44.198.59

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-12-04 14:35:08 +0000
43 - 0 - 13 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Lo (...) 163.44.198.59
2022-11-12 00:37:06 +0000
23 - 0 - 11 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Lo (...) 163.44.198.59
2022-11-12 00:36:30 +0000
23 - 0 - 11 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Lo (...) 163.44.198.59
2022-11-12 00:36:02 +0000
23 - 0 - 11 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Lo (...) 163.44.198.59
2022-11-12 00:35:52 +0000
23 - 0 - 12 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Lo (...) 163.44.198.59


JavaScript

Executed Scripts (19)


Executed Evals (0)


Executed Writes (1)

#1 JavaScript::Write (size: 0, repeated: 1) - SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        
                                    


HTTP Transactions (70)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 29 Aug 2022 13:25:19 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: HNiX8YZsF7VnaqHLg9vqti38asjdc-9jnE9w4SC4gVsYHMR3K81l7A==
Age: 1922


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    91dd975a7b17b2922dd23c0e49314e40
Sha1:   57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
Sha256: 09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7EBE5D06EFE28C8507B4CDFBF68C6E5BBD9919BA776990FB8A22D90CCA0C1C1B"
Last-Modified: Sat, 27 Aug 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7626
Expires: Mon, 29 Aug 2022 16:04:27 GMT
Date: Mon, 29 Aug 2022 13:57:21 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.25
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 28 Aug 2022 22:35:59 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 2N9-f6_Deg6R3OpdIG0qkBSZCaGasO_S_Sxgfplb5Synrbzii-mX-Q==
age: 55283
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    742edb4038f38bc533514982f3d2e861
Sha1:   cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
Sha256: b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Mon, 29 Aug 2022 13:57:21 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Cache-Control, Pragma, Backoff, Last-Modified, ETag, Expires, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Mon, 29 Aug 2022 13:17:12 GMT
Expires: Mon, 29 Aug 2022 14:04:47 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: hPuEZLV6rnO8Dmj79dMD_4LNrProGYT3RnogJRbaZJA_IhckKtvMJQ==
Age: 2409


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /activityi;src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html? HTTP/1.1 
Host: 4721227.fls.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Upgrade-Insecure-Requests: 1

                                         
                                         142.250.74.70
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Date: Mon, 29 Aug 2022 13:57:21 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Strict-Transport-Security: max-age=21600
Pragma: no-cache
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 386
X-XSS-Protection: 0


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (514), with no line terminators
Size:   386
Md5:    296deb3695167c3c5554400fac013f71
Sha1:   6d2e86f0cae8fecc3f6e86fe5c749a687a681ec6
Sha256: 7e5eb591696539bfc010e9c16144f877f6b027804491e4910fce2068bdbff984
                                        
                                            GET /build/js/sp-analytics-a3e2493d01.js HTTP/1.1 
Host: www.scdn.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/

                                         
                                         151.101.86.248
HTTP/1.1 301 Moved Permanently
                                        
Retry-After: 0
Location: https://www.scdn.co/build/js/sp-analytics-a3e2493d01.js
Content-Length: 0
Accept-Ranges: bytes
Date: Mon, 29 Aug 2022 13:57:21 GMT
Connection: close
X-Served-By: cache-bma1674-BMA
X-Cache: HIT
X-Cache-Hits: 0
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000

                                        
                                            GET /~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784=&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Mon, 29 Aug 2022 13:57:21 GMT
Server: Apache
X-Powered-By: PHP/5.6.40
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=k3uveuq3vplk8ss0m744c1pds3; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (743)
Size:   28977
Md5:    08ce35e754d2234cd96dd99e7ff451d6
Sha1:   d143e70cbb9cad1cb08d702eed9c556e69da4b1a
Sha256: 1ece5ebafae25c9db69d85036fb6e7a1960d115b980ac2b1716e0d0e5d6ad0f0

Alerts:
  urlquery:
    - Phishing - Spotify
                                        
                                            GET /build/js/sp-analytics-a3e2493d01.js HTTP/1.1 
Host: www.scdn.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.86.248
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Connection: keep-alive
Content-Length: 2934
Last-Modified: Thu, 09 Aug 2018 08:55:55 GMT
ETag: "3b8ea9b9fed8d12d22fd1c7b7c4367b8"
x-goog-generation: 1533804955085745
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 7969
x-amz-meta-goog-reserved-file-mtime: 1533804724
Content-Encoding: gzip
Accept-Ranges: bytes
Date: Mon, 29 Aug 2022 13:57:21 GMT
Age: 4763746
Timing-Allow-Origin: *
X-Served-By: cache-chi-klot8100058-CHI, cache-bma1681-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000


--- Additional Info ---
Magic:  ASCII text, with very long lines (7916)
Size:   2934
Md5:    46f7394944aba4665f842d75ef972bb3
Sha1:   65046fbc4dc0c4d397210e6141702bb70873e273
Sha256: 602d76b0de139658e9c504c4e8f7f1c5858d33d2da30040766d78fb1c9702964
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5757
Cache-Control: 'max-age=158059'
Date: Mon, 29 Aug 2022 13:57:21 GMT
Last-Modified: Mon, 29 Aug 2022 12:21:24 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 29 Aug 2022 13:57:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /~cp785288/hlep/Login/files/activityi(2).html HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784=&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
Cookie: PHPSESSID=k3uveuq3vplk8ss0m744c1pds3
Upgrade-Insecure-Requests: 1

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Mon, 29 Aug 2022 13:57:21 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "20e-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 526
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size:   526
Md5:    4111ba0635356cb00c95c1e7df71bc7a
Sha1:   478e66ccd3ea1606c21b0bc2dc7be11fb4980c81
Sha256: 368050e24650d085ae45ff96cb255eafd8196154f484969f0492ceaab7d9d9c5

Alerts:
  urlquery:
    - Phishing - Spotify
                                        
                                            GET /ddm/fls/i/src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html HTTP/1.1 
Host: adservice.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://4721227.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.2
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 29 Aug 2022 13:57:21 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 385
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (513), with no line terminators
Size:   385
Md5:    6da5969356df80d83312d6b0bca604e8
Sha1:   a352bd59cfe4068c776cc9d3acb723eb4e1609af
Sha256: 4514880eba4798114d09a67b93f1433cf06ece4beeee8266b101fd27b3070d5e
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 29 Aug 2022 13:57:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 29 Aug 2022 13:57:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /ddm/fls/i/src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html HTTP/1.1 
Host: adservice.google.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         216.58.207.194
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 29 Aug 2022 13:57:21 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://4721227.fls.doubleclick.net/ddm/fls/r/src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 29 Aug 2022 13:57:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 29 Aug 2022 13:57:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /~cp785288/hlep/Login/files/jquery.maskedinput.js HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784=&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
Cookie: PHPSESSID=k3uveuq3vplk8ss0m744c1pds3

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Mon, 29 Aug 2022 13:57:21 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "2805-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 10245
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   10245
Md5:    6f7c106ad7a91b4d75ffbdce35b1907b
Sha1:   e1937b367daea561b96d7f47be85132a5a8ad55b
Sha256: b63e5bcbf53f3f1ab4bcf0845a900fab7b25981693e753d73cfd2784a8046446

Alerts:
  urlquery:
    - Phishing - Spotify
                                        
                                            GET /ddm/fls/r/src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html HTTP/1.1 
Host: 4721227.fls.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://adservice.google.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.70
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 29 Aug 2022 13:57:22 GMT
expires: Mon, 29 Aug 2022 13:57:22 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 810
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 29-Aug-2022 14:12:22 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (605)
Size:   810
Md5:    491829d94d11c593c5e13c746519b674
Sha1:   676caaca2116a50807fe27a04675afdead57f8a2
Sha256: 91b4b4087bafc56e81cd7586ea02acf165671395e607698d4d0f78c7e37eeccd
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 29 Aug 2022 13:57:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 29 Aug 2022 13:57:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /pagead/conversion.js HTTP/1.1 
Host: www.googleadservices.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.207.194
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 29 Aug 2022 13:57:22 GMT
expires: Mon, 29 Aug 2022 13:57:22 GMT
cache-control: private, max-age=3600
etag: 1539969826466411073
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 17441
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1886)
Size:   17441
Md5:    3359b3ea2b9ee2ebf5858193807a74d2
Sha1:   9d8882f374553f1290d84b896c88a531d16292b9
Sha256: ad38c8550f4857f7a2ae78cf8cae73c77aceb2bfeb0e4681549a992fec14faf7
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 29 Aug 2022 13:57:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: R1mS7ZgqYH0WFBhK6d+JOg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         34.211.241.174
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: PYu8n9UyamPTnq/1BlqjVXYdkt4=

                                        
                                            GET /~cp785288/hlep/Login/files/embedded-checkout-7f51b6350a.css HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784=&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
Cookie: PHPSESSID=k3uveuq3vplk8ss0m744c1pds3

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Mon, 29 Aug 2022 13:57:21 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "3f72-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 16242
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (16242), with no line terminators
Size:   16242
Md5:    7f51b6350a9a704d466a234099088106
Sha1:   c86c363d221743f1fd094dc449ebd173c9978998
Sha256: c98fd9d8e74817c15654a9bc1381f9cd3850b87fc5da82d92f1f6aa7558ba09f

Alerts:
  urlquery:
    - Phishing - Spotify
                                        
                                            GET /~cp785288/hlep/Login/files/jquery.v-form.js HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784=&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
Cookie: PHPSESSID=k3uveuq3vplk8ss0m744c1pds3

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Mon, 29 Aug 2022 13:57:22 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "1bc7-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 7111
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   7111
Md5:    8d3893b549d0d074acd24a67fa6bb19c
Sha1:   e1612052c6092b2ed31a89bd4f2657fd7ca960f6
Sha256: 4e5b8d16044077193472b2bad96dabf3f322452461b533f469846de23b94995f

Alerts:
  urlquery:
    - Phishing - Spotify
                                        
                                            GET /~cp785288/hlep/Login/files/jquery.additional-methods.js HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784=&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
Cookie: PHPSESSID=k3uveuq3vplk8ss0m744c1pds3

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Mon, 29 Aug 2022 13:57:22 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "56ed-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 22253
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (1231)
Size:   22253
Md5:    90ea2fdca7a2817e04c6f508fc70fc82
Sha1:   8ea4223a744c83d354c257bbce3e85e6804e9147
Sha256: 72d04d4e4fec062d1c4ef989026f021267b61ffa1d0350855a7007e81f49bba6

Alerts:
  urlquery:
    - Phishing - Spotify
                                        
                                            GET /~cp785288/hlep/Login/files/jquery.js HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784=&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
Cookie: PHPSESSID=k3uveuq3vplk8ss0m744c1pds3

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Mon, 29 Aug 2022 13:57:21 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "15147-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 86343
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (32034), with CRLF line terminators
Size:   86343
Md5:    1a0d5be2d25ff036a0e088e0ec0b3600
Sha1:   7a9ae64f46b3c59ab06648d5681434a89c3d605c
Sha256: 2a1f1370eb7b24a307312112427dfd544fb838a8bef66babc936f5e870a22e52

Alerts:
  urlquery:
    - Phishing - Spotify
                                        
                                            GET /~cp785288/hlep/Login/files/jquery.validate.js HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784=&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
Cookie: PHPSESSID=k3uveuq3vplk8ss0m744c1pds3

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Mon, 29 Aug 2022 13:57:22 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "b4bb-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 46267
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (511)
Size:   46267
Md5:    17836a76e9a044bc7dad83f6dcef42ef
Sha1:   3467edcee0e9cecd3e5be5bfd21227c8676c05ac
Sha256: d030f6633a5d0efd3f76fcf5ec98a0468c76770e618a401ffe5ddc7f6ccc844b

Alerts:
  urlquery:
    - Phishing - Spotify
                                        
                                            GET /~cp785288/hlep/Login/files/jquery.CardValidator.js HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784=&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
Cookie: PHPSESSID=k3uveuq3vplk8ss0m744c1pds3

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Mon, 29 Aug 2022 13:57:22 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "18df-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 6367
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   6367
Md5:    27c724fa448269f77118494361b0fc0c
Sha1:   7455679ba0a9811fd31ab5ea8f76ebfe4ba22ec9
Sha256: 8802adf5641c1056fcf4feeeabb83be1b1e3724d9b460cecc791dfdd6422bc3b

Alerts:
  urlquery:
    - Phishing - Spotify
                                        
                                            GET /~cp785288/hlep/Login/files/jquery.mask.js HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784=&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
Cookie: PHPSESSID=k3uveuq3vplk8ss0m744c1pds3

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Mon, 29 Aug 2022 13:57:22 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "47fe-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 18430
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   18430
Md5:    219d169a80568884a3d6baab3e5e7def
Sha1:   61d00104de8c972c820cd9b527d8e2edb30e5c4a
Sha256: cf1f0d954cbbbcb32d170b1ff68c5b082a1086f34f2bbee825ca88b7c9fb213a
                                        
                                            GET /~cp785288/hlep/Login/files/form_offer_panel.html HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784=&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
Cookie: PHPSESSID=k3uveuq3vplk8ss0m744c1pds3
Upgrade-Insecure-Requests: 1

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Mon, 29 Aug 2022 13:57:22 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "1489-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 5257
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (993)
Size:   5257
Md5:    c118ac3a4ba997458c78eade2e1fdac4
Sha1:   faf216d9d3d102571af688fa9aa4b52da44257fb
Sha256: cfa2f7dc5b0d7b3bc7190aab46525cefb46185c2c0251de98a3290440b5282d1

Alerts:
  urlquery:
    - Phishing - Spotify
                                        
                                            POST /gsgccr3dvtlsca2020 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 29 Aug 2022 13:57:22 GMT
Content-Length: 1414
Connection: keep-alive
Expires: Fri, 02 Sep 2022 09:36:40 GMT
ETag: "ca652c528bc8f722c39fe31f5897450ad9aee5ea"
Last-Modified: Mon, 29 Aug 2022 09:36:41 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1551
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7425cba1dc280b55-OSL


--- Additional Info ---
Magic:  data
Size:   1414
Md5:    1a337db96245e8e52de6d3564caff1a4
Sha1:   ca652c528bc8f722c39fe31f5897450ad9aee5ea
Sha256: ac5672fd60731b801cdc95288c1618c50af136edbb55b93d47816e70ba030002
                                        
                                            GET /~cp785288/hlep/Login/files/account-4445741da9.css HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784=&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
Cookie: PHPSESSID=k3uveuq3vplk8ss0m744c1pds3

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Mon, 29 Aug 2022 13:57:21 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "1ba27-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 113191
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   113191
Md5:    4445741da9c2fcc072a15b124aca043b
Sha1:   6496e6d22375b3c56470b0d163a704e5f5a1dd72
Sha256: 279c2837ecb9591e8dcfd0d1da12755faf0360ff9154f5a2dfde51f138c09489

Alerts:
  urlquery:
    - Phishing - Spotify
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5E07E7BBF5DD7A48F9330DBC0248B7A1AA69DFF7A9A913F493A384D2EC332F74"
Last-Modified: Sun, 28 Aug 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3678
Expires: Mon, 29 Aug 2022 14:58:41 GMT
Date: Mon, 29 Aug 2022 13:57:23 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5E07E7BBF5DD7A48F9330DBC0248B7A1AA69DFF7A9A913F493A384D2EC332F74"
Last-Modified: Sun, 28 Aug 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3678
Expires: Mon, 29 Aug 2022 14:58:41 GMT
Date: Mon, 29 Aug 2022 13:57:23 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5E07E7BBF5DD7A48F9330DBC0248B7A1AA69DFF7A9A913F493A384D2EC332F74"
Last-Modified: Sun, 28 Aug 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3678
Expires: Mon, 29 Aug 2022 14:58:41 GMT
Date: Mon, 29 Aug 2022 13:57:23 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5E07E7BBF5DD7A48F9330DBC0248B7A1AA69DFF7A9A913F493A384D2EC332F74"
Last-Modified: Sun, 28 Aug 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3678
Expires: Mon, 29 Aug 2022 14:58:41 GMT
Date: Mon, 29 Aug 2022 13:57:23 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5E07E7BBF5DD7A48F9330DBC0248B7A1AA69DFF7A9A913F493A384D2EC332F74"
Last-Modified: Sun, 28 Aug 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3678
Expires: Mon, 29 Aug 2022 14:58:41 GMT
Date: Mon, 29 Aug 2022 13:57:23 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F849c6deb-3aba-41f7-a257-bf54249182ba.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11042
x-amzn-requestid: c92cef27-0a2c-4f5e-86b7-eafa048932b4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XgUlVFdJIAMFRKg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63099aee-794a2c5c54fe181b5756e5f6;Sampled=0
x-amzn-remapped-date: Sat, 27 Aug 2022 04:17:50 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: v9mkgh5wKAcOaXP3AGDltgHFx1eioExP7zqPee5KQugX9SjdEhMkjg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 28 Aug 2022 21:35:55 GMT
age: 58888
etag: "9d37dd425e3319fbb4248718f58371b43d513ce7"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11042
Md5:    5e0dc790ca607928d609e38f37c012d0
Sha1:   9d37dd425e3319fbb4248718f58371b43d513ce7
Sha256: 7f8ce6d77cbb4be87fb06ffd8f72ae997e006b933382c44b8b4e0a61743f24e9
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd661acf9-c387-4bb0-bdc5-10e4abb78bf1.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10433
x-amzn-requestid: 30849103-3a8a-4b58-9d12-2e7d76054d29
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XaJ7wFd0IAMF2PQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6307237e-3d931fee17b392cc6785e73d;Sampled=0
x-amzn-remapped-date: Thu, 25 Aug 2022 07:23:42 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: DxyqrxwTW6jEwEMuxf4DjFp-UbJLnrFhSzYBXnSF8yjqJAc-qKlxYQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 28 Aug 2022 21:45:17 GMT
age: 58326
etag: "ab86ca73ca4064306448863d32a1428a63df41a0"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10433
Md5:    57d1f9745ba671f8688c7d96a041cd2b
Sha1:   ab86ca73ca4064306448863d32a1428a63df41a0
Sha256: d931268e003d82739af5c9ab9e91b11a892672c8ae82cbbb2f4b92a94cc2bddc
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc2b0d146-88a6-4ec6-a71c-bb9dd4314497.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7505
x-amzn-requestid: 66ed5a9b-1b9c-40c4-b757-7c13e9dc6410
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XitJxFFSIAMFhrQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630a8f0b-24404d4f7a2cae8f4c3bcb97;Sampled=0
x-amzn-remapped-date: Sat, 27 Aug 2022 21:39:23 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: UFJ0DtBufSFfM1vFxdagMV5tpP5ZEH2NbdduFvVM6sL7UVpdhSBhGQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Sun, 28 Aug 2022 22:11:51 GMT
age: 56732
etag: "ec62fa681d45d696fc7308fede11cd16979594fd"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7505
Md5:    ef5729bf444dd3cc7b8e7945187e09ee
Sha1:   ec62fa681d45d696fc7308fede11cd16979594fd
Sha256: 34d5df4a669399f171489c9cd0f90a53eea21c35c1ccd310df39cc356c9922cd
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F94e91b9b-1206-4aed-8c83-18cf70edf32e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9077
x-amzn-requestid: 31843c8e-9da2-4224-b6ee-d10b24f7843b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XeDpCGSXIAMFvkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6308b306-6fb8cb2d5ca067d656eccf6a;Sampled=0
x-amzn-remapped-date: Fri, 26 Aug 2022 11:48:22 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: U3xEJN3HT7wy2SfNWvQKEOaex1-0WveBBWUyRuIb0nUXcLXw2grJjg==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 28 Aug 2022 21:35:43 GMT
age: 58900
etag: "6539155ae2528248dd6de37fb5ff1440c9692b39"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9077
Md5:    ad06ed828f693139341ccfe48f97115d
Sha1:   6539155ae2528248dd6de37fb5ff1440c9692b39
Sha256: 9e05359e4c15e9e1a4be5e4a23cb55b2b894c7f4e9a1af9a451eaa938c908760
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d6fc243-1f36-4e7f-8ae5-c9926e27d40b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7384
x-amzn-requestid: 8c864d07-cb4e-44db-85f0-ebea10e67aaa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XV7EPG0mIAMFRGw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6305721a-32398abd1da8b41f48b4755c;Sampled=0
x-amzn-remapped-date: Wed, 24 Aug 2022 00:34:34 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 6aiAJzrFSh5oLa_mpPgX71BUSwjCS0NoNruUV_4tSPwpnphPE2DWGA==
via: 1.1 759bceededb9469e75c24a46c03d64bc.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Sun, 28 Aug 2022 21:49:06 GMT
age: 58097
etag: "0909d2250d8efc3093f15401713da4c74ba6707b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7384
Md5:    182339e49eb50a6d89fed9b4ac4bc39f
Sha1:   0909d2250d8efc3093f15401713da4c74ba6707b
Sha256: bc6fac01cec90f56f665671e2abab894752b9d8f1b1d5551e4d83cc53f0d4251
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f5771bc-3891-4ec9-b56a-804acdb8d29a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7077
x-amzn-requestid: 4199ead1-dfea-4c8a-b433-268fbede8266
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xl_YNFOrIAMFuVw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630bdf67-727ca0da6e0132e941c3e32b;Sampled=0
x-amzn-remapped-date: Sun, 28 Aug 2022 21:34:31 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: LnCaT2J4iiyHbZHAiIC99ekj6w6BDxenRRfY-WdzCbwQElYb9ci2RQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Sun, 28 Aug 2022 22:15:34 GMT
age: 56509
etag: "6f10d5d1ea10ad62e9a684cf1b4a61bb6eac51fb"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7077
Md5:    ca289248deced995edf106fa6ec4184e
Sha1:   6f10d5d1ea10ad62e9a684cf1b4a61bb6eac51fb
Sha256: dc946020572b873e5cbab2c48b729501cddc676fff98ef3f307c3596b7324c30
                                        
                                            GET /~cp785288/hlep/Login/files/script.min.js.download HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/form_offer_panel.html
Cookie: PHPSESSID=k3uveuq3vplk8ss0m744c1pds3

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Mon, 29 Aug 2022 13:57:22 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "19066-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 102502
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (606)
Size:   102502
Md5:    97a4272e14f1f22426b66cf76d35cb6c
Sha1:   37b019ee762cf810d1f7afb2093759555a7b9a82
Sha256: 5eac9ca987f8ea95d31583f360ea2211f3cd58afda19ead30f9e890106d460b2

Alerts:
  urlquery:
    - Phishing - Spotify
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /~cp785288/hlep/Login/files/spotify-543b91ee3c.css HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784=&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
Cookie: PHPSESSID=k3uveuq3vplk8ss0m744c1pds3

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Mon, 29 Aug 2022 13:57:21 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "51795-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 333717
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65371)
Size:   333717
Md5:    543b91ee3c2476d8cef5ea60c31e9c89
Sha1:   6d966ee2076be0b1497de6584b2f4b03b4dfcdc2
Sha256: 758ad9846aa8db4fd6d7958b03c8db3a2416c1e200fd203c4da5d0129f701e94

Alerts:
  urlquery:
    - Phishing - Spotify
                                        
                                            GET /8.2.0/images/flags/int.svg HTTP/1.1 
Host: sp-bootstrap.global.ssl.fastly.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.85.194
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Connection: keep-alive
Content-Length: 20408
Last-Modified: Mon, 21 Mar 2022 12:56:04 GMT
ETag: "d15d3150af5b38c95ccbe16ba344d47f"
x-goog-generation: 1647867364791394
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 48095
x-amz-meta-goog-reserved-file-mtime: 1504812661
Content-Encoding: gzip
Accept-Ranges: bytes
Date: Mon, 29 Aug 2022 13:57:23 GMT
Age: 3536462
X-Served-By: cache-chi-klot8100120-CHI, cache-bma1671-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 1
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (48095), with no line terminators
Size:   20408
Md5:    f0502bfcc1f3e782c835f8451b65b007
Sha1:   121a2c65c3081cfbc124f475b411adb92b2bc1bc
Sha256: 4d148629e85b4da29493dd19bd6d02acfcf63b3085475b7154e3279811cdfa56

Alerts:
  urlquery:
    - Phishing - Spotify
                                        
                                            GET /8.2.0/fonts/circular-book.woff2 HTTP/1.1 
Host: sp-bootstrap.global.ssl.fastly.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://cpanel10wh.bkk1.cloud.z.com
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.85.194
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Connection: keep-alive
Content-Length: 64512
Last-Modified: Mon, 21 Mar 2022 12:56:03 GMT
ETag: "0c0dfc4df72c07c84b15651ab6f951a6"
x-goog-generation: 1647867363540028
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 64512
x-amz-meta-goog-reserved-file-mtime: 1504812661
Accept-Ranges: bytes
Date: Mon, 29 Aug 2022 13:57:23 GMT
Age: 2603458
X-Served-By: cache-chi-kigq8000061-CHI, cache-bma1634-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 2
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 64512, version 1.66\012- data
Size:   64512
Md5:    0c0dfc4df72c07c84b15651ab6f951a6
Sha1:   06d7669306b19fffec534f47b18eedce61c5aa73
Sha256: 16f860a080d405f412750f83c4ee2168302cd1f3347416b5b3ae50bae3571b28

Alerts:
  urlquery:
    - Phishing - Spotify
                                        
                                            GET /8.2.0/fonts/circular-black.woff2 HTTP/1.1 
Host: sp-bootstrap.global.ssl.fastly.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://cpanel10wh.bkk1.cloud.z.com
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.85.194
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Connection: keep-alive
Content-Length: 69188
Last-Modified: Mon, 21 Mar 2022 12:56:03 GMT
ETag: "9e0ddf791ff8bdc860603330b6b1c88e"
x-goog-generation: 1647867363538571
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 69188
x-amz-meta-goog-reserved-file-mtime: 1504812660
Accept-Ranges: bytes
Date: Mon, 29 Aug 2022 13:57:23 GMT
Age: 1752043
X-Served-By: cache-chi-kigq8000179-CHI, cache-bma1645-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 1
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 69188, version 1.66\012- data
Size:   69188
Md5:    9e0ddf791ff8bdc860603330b6b1c88e
Sha1:   9a721a21c1928f089ee0eae1988acd8c83fa1a33
Sha256: 769dae020149617e3d70328c3e1557fa3ca53fa128a9743ab389b2bfcb5327f1

Alerts:
  urlquery:
    - Phishing - Spotify
                                        
                                            GET /8.2.0/fonts/circular-medium.woff2 HTTP/1.1 
Host: sp-bootstrap.global.ssl.fastly.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://cpanel10wh.bkk1.cloud.z.com
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.85.194
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Connection: keep-alive
Content-Length: 66268
Last-Modified: Mon, 21 Mar 2022 12:56:03 GMT
ETag: "251eb282f9ea3a40421d0ae5a549fb92"
x-goog-generation: 1647867363628825
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 66268
x-amz-meta-goog-reserved-file-mtime: 1504812661
Accept-Ranges: bytes
Date: Mon, 29 Aug 2022 13:57:23 GMT
Age: 2584866
X-Served-By: cache-chi-klot8100025-CHI, cache-bma1640-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 1
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 66268, version 1.66\012- data
Size:   66268
Md5:    251eb282f9ea3a40421d0ae5a549fb92
Sha1:   1a82cf4b6869398509c5bd982495e461c1eb3823
Sha256: a9d8ae96f7d8b1c672c9cdf8709e876e76172e41c2d9f15a842fc6d9c6f5573d

Alerts:
  urlquery:
    - Phishing - Spotify
                                        
                                            GET /8.2.0/fonts/circular-bold.woff2 HTTP/1.1 
Host: sp-bootstrap.global.ssl.fastly.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://cpanel10wh.bkk1.cloud.z.com
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.85.194
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Connection: keep-alive
Content-Length: 69140
Last-Modified: Mon, 21 Mar 2022 12:56:03 GMT
ETag: "14bfce9501e5a5dc0adbe559dd630bc6"
x-amz-meta-goog-reserved-file-mtime: 1504812661
Accept-Ranges: bytes
Date: Mon, 29 Aug 2022 13:57:23 GMT
Age: 5982426
X-Served-By: cache-ord1722-ORD, cache-chi-klot8100023-CHI, cache-bma1671-BMA
X-Cache: HIT, HIT, HIT
X-Cache-Hits: 32, 1, 1
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 69140, version 1.66\012- data
Size:   69140
Md5:    14bfce9501e5a5dc0adbe559dd630bc6
Sha1:   1347f73fa1907fd9762431cbcfc1e14918cdbddc
Sha256: 0e1e4f36fc8076dd1b5f30ac8aeaeed4b5927e475d0d4e7b8d63a33beb2fd0b5

Alerts:
  urlquery:
    - Phishing - Spotify
                                        
                                            GET /build/i/sprite/icon-provider-9b3624f0bb.png HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/account-4445741da9.css
Cookie: PHPSESSID=k3uveuq3vplk8ss0m744c1pds3

                                         
                                         163.44.198.59
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Mon, 29 Aug 2022 13:57:23 GMT
Server: Apache
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4070)
Size:   10179
Md5:    e6293af223cc82bcb008381cb24afad6
Sha1:   5d222b58abee4ba7a756d35f565c6a0404b24244
Sha256: a322d1e828c7e4649f3bfd732f9e6b0c6d1ae7911b926a9255a7b6db7da35f5a
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 29 Aug 2022 13:57:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /pagead/viewthroughconversion/938675917/?random=1661781443706&cv=9&fst=1661781443706&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F4721227.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D4721227%3Btype%3Duidfq0%3Bcat%3Dspoti0%3Bord%3D5160187481151%3Bgtm%3DG1u%3Bu2%3Dundefined%3B~oref%3Dfile%253A%252F%252F%252FC%253A%252FAppServ%252Fwww%252FOVO%252520v2.7%252FSpotify%252FSubscription%252520and%252520payment%252520-%252520Spotify.html&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&rfmt=3&fmt=4 HTTP/1.1 
Host: googleads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

                                         
                                         142.250.74.2
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 29 Aug 2022 13:57:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1155
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 29-Aug-2022 14:12:23 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2718), with no line terminators
Size:   1155
Md5:    d9fbdf5016de3ff03338e1e8e4f5fcf1
Sha1:   93d6aa206c5012fd39011440a8a1113544f04768
Sha256: 5cf3ae0cf8b48aacb240dd3b100f93d8443d3a2a8876e6adbe1b17be5e60c888
                                        
                                            GET /bat.js HTTP/1.1 
Host: bat.bing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         13.107.21.200
HTTP/2 200 OK
content-type: application/javascript
                                        
cache-control: private,max-age=1800
content-length: 11367
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ranges: bytes
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
set-cookie: MUID=16A755AEEEA96528364047A1EF5C642B; domain=.bing.com; expires=Sat, 23-Sep-2023 13:57:23 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D29F4494C4B4472EBF93F8CFA32877E0 Ref B: OSL30EDGE0519 Ref C: 2022-08-29T13:57:23Z
date: Mon, 29 Aug 2022 13:57:23 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (38826), with no line terminators
Size:   11367
Md5:    293ae3e0fc8b0d5c143fdf9d8490228d
Sha1:   3976c659b908e70818a3a1ac71860b497fe2d1a9
Sha256: 04a840d967ae836e14179bde574cabf14a1fc871182ca0f8193e7a0b06c727ab
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 29 Aug 2022 13:57:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /~cp785288/hlep/Login/vv.gif HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784=&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
Cookie: PHPSESSID=k3uveuq3vplk8ss0m744c1pds3

                                         
                                         163.44.198.59
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Mon, 29 Aug 2022 13:57:23 GMT
Server: Apache
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (4070)
Size:   10147
Md5:    76789b399949669722cce9e4e124d635
Sha1:   756bdf67265095941d6e09853c732be567fa5857
Sha256: 886cb9a1cc361e5c355f8b083cc2a9c7e1646338b1f52093736b0c8571baefaa
                                        
                                            GET /pagead/1p-user-list/938675917/?random=1661781443706&cv=9&fst=1661778000000&num=1&guid=ON&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=2&url=https%3A%2F%2F4721227.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D4721227%3Btype%3Duidfq0%3Bcat%3Dspoti0%3Bord%3D5160187481151%3Bgtm%3DG1u%3Bu2%3Dundefined%3B~oref%3Dfile%253A%252F%252F%252FC%253A%252FAppServ%252Fwww%252FOVO%252520v2.7%252FSpotify%252FSubscription%252520and%252520payment%252520-%252520Spotify.html&ref=https%3A%2F%2Fadservice.google.com%2F&fmt=3&is_vtc=1&random=1226265080&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1 
Host: www.google.no
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.3
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 29 Aug 2022 13:57:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 29 Aug 2022 13:57:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /action/0?ti=5489004&Ver=2&mid=f77e340f-886f-4a79-bd56-57d03d79c8f4&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&p=https%3A%2F%2Fadservice.google.com%2F&r=&lt=1951&evt=pageLoad&ifm=1&sv=1&rn=341638 HTTP/1.1 
Host: bat.bing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         13.107.21.200
HTTP/2 204 No Content
                                        
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=1CF1D47583A5603E29AAC67A825061FA; domain=.bing.com; expires=Sat, 23-Sep-2023 13:57:23 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 32B29CC859C1474CAA0539F570C37BF8 Ref B: OSL30EDGE0519 Ref C: 2022-08-29T13:57:23Z
date: Mon, 29 Aug 2022 13:57:23 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /pagead/1p-user-list/938675917/?random=1661781443706&cv=9&fst=1661778000000&num=1&guid=ON&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=2&url=https%3A%2F%2F4721227.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D4721227%3Btype%3Duidfq0%3Bcat%3Dspoti0%3Bord%3D5160187481151%3Bgtm%3DG1u%3Bu2%3Dundefined%3B~oref%3Dfile%253A%252F%252F%252FC%253A%252FAppServ%252Fwww%252FOVO%252520v2.7%252FSpotify%252FSubscription%252520and%252520payment%252520-%252520Spotify.html&ref=https%3A%2F%2Fadservice.google.com%2F&fmt=3&is_vtc=1&random=1226265080&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y HTTP/1.1 
Host: www.google.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.164
HTTP/2 200 OK
content-type: image/gif
                                        
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 29 Aug 2022 13:57:24 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   42
Md5:    d89746888da2d9510b64a9f031eaecd5
Sha1:   d5fceb6532643d0d84ffe09c40c481ecdf59e15a
Sha256: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
                                        
                                            GET /~cp785288/hlep/Login/files/sprites_cc_logos.png HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784=&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
Cookie: PHPSESSID=k3uveuq3vplk8ss0m744c1pds3

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Mon, 29 Aug 2022 13:57:23 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "5e74-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 24180
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 37 x 948, 8-bit/color RGBA, non-interlaced\012- data
Size:   24180
Md5:    0cc5525016888556c3fb82f2cdab246a
Sha1:   f7fbe9b43f6d01cad02f9b016d4b0f0abb8c4423
Sha256: a47f9feda7682c5085fa780e2560144c5bc70caa592a8d1a345a852948efa94a

Alerts:
  urlquery:
    - Phishing - Spotify
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4142
Cache-Control: max-age=171395
Date: Mon, 29 Aug 2022 13:57:24 GMT
Etag: "630cb019-1d7"
Expires: Wed, 31 Aug 2022 13:33:59 GMT
Last-Modified: Mon, 29 Aug 2022 12:24:57 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /p/action/5489004.js HTTP/1.1 
Host: bat.bing.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         13.107.21.200
HTTP/2 204 No Content
                                        
cache-control: private,max-age=1800
set-cookie: MUID=206ECE92B202686F2C59DC9DB3F769BB; domain=.bing.com; expires=Sat, 23-Sep-2023 13:57:23 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 090A96D4EDDD449FADB04F0292176804 Ref B: OSL30EDGE0519 Ref C: 2022-08-29T13:57:23Z
date: Mon, 29 Aug 2022 13:57:23 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /~cp785288/hlep/Login/files/download.ico HTTP/1.1 
Host: cpanel10wh.bkk1.cloud.z.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784=&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
Cookie: PHPSESSID=k3uveuq3vplk8ss0m744c1pds3

                                         
                                         163.44.198.59
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Date: Mon, 29 Aug 2022 13:57:24 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "1536-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 5430
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size:   5430
Md5:    ace4d8543bbb017893402a1e9d1ac1fa
Sha1:   70a0e66f27ae1b004628117d4d9e9b4110f91651
Sha256: d2534e9fb333a6e277f1edf9b9843564e094027fb79979081e41fd778c339ae5

Alerts:
  urlquery:
    - Phishing - Spotify
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 759
Cache-Control: max-age=168012
Date: Mon, 29 Aug 2022 13:57:24 GMT
Etag: "630cb019-1d7"
Expires: Wed, 31 Aug 2022 12:37:36 GMT
Last-Modified: Mon, 29 Aug 2022 12:24:57 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /track/conv/?adv=3ysyqec&ct=0:2azffrr&fmt=3 HTTP/1.1 
Host: insight.adsrvr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         15.197.193.217
HTTP/2 200 OK
content-type: image/gif
                                        
date: Mon, 29 Aug 2022 13:57:22 GMT
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
set-cookie: TDID=c1faec3a-5a8d-49f0-84bf-46291c162500; domain=.adsrvr.org; expires=Tue, 29-Aug-2023 13:57:23 GMT; path=/; secure; SameSite=None TDCPM=CAEYBTgBQgQiAggB; domain=.adsrvr.org; expires=Tue, 29-Aug-2023 13:57:23 GMT; path=/; secure; SameSite=None
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /signals/config/1483047915331997?v=2.8.12&r=stable HTTP/1.1 
Host: connect.facebook.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         31.13.72.12
HTTP/2 200 OK
content-type: application/x-javascript; charset=utf-8
                                        
vary: Accept-Encoding
content-encoding: gzip
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: pu+xNZ+Pg6rPP+n+HJbZY8SIcI1aMR55mDsV9hAPNCYF9QGaTxpLD/2MyT9PB4XvQv5DqZmA4nA9DaMu4cvF9g==
x-content-cdn-origin-ts: 1661781444564
x-fb-trip-id: 1904183273
date: Mon, 29 Aug 2022 13:57:24 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---