Report - ups-svip2.xyz/verification/index

Report Overview

Submitted URL

ups-svip2.xyz/verification/index
IP

172.96.137.233

ASN

#395092 SHOCK-1
Submitted

2023-04-04T21:26:27Z

Access

public
Website Title
Final URL
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

8

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org (8)	344	2020-12-02T09:52:13Z	2023-04-04T18:12:09Z	2704	7093	23.36.77.32
firefox.settings.services.mozilla.com (2)	867	2020-06-04T22:08:41Z	2023-04-04T18:13:55Z	782	2373	35.241.9.150
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03T13:26:46Z	2023-04-04T18:20:05Z	413	5894	34.160.144.191
contile.services.mozilla.com (1)	1114	2021-05-27T20:32:35Z	2023-04-04T18:13:50Z	333	391	34.117.237.239
ups-svip2.xyz (32)	unknown	2022-11-16T13:37:04Z	2023-04-01T19:06:15Z	32585	1590464	172.96.137.233
ocsp.pki.goog (7)	175	2018-07-01T08:43:07Z	2023-04-04T18:12:04Z	2401	4895	142.250.74.131
fonts.gstatic.com (3)	unknown	2014-09-09T02:40:21Z	2023-04-04T18:25:02Z	1513	72960	216.58.207.227
fonts.googleapis.com (1)	8877	2013-06-10T22:14:26Z	2023-04-04T22:35:31Z	445	630	142.250.74.106
push.services.mozilla.com (1)	2140	2014-10-24T10:27:06Z	2023-04-04T18:19:16Z	606	238	34.117.65.55
img-getpocket.cdn.mozilla.net (6)	1631	2018-06-22T01:36:00Z	2023-04-04T13:13:40Z	3246	52778	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-04-04	medium	ups-svip2.xyz/verification/index	Phishing
2023-04-04	medium	ups-svip2.xyz/js/bootstrap.min.js	Phishing
2023-04-04	medium	ups-svip2.xyz/js/jquery.scrollTo-min.js	Phishing
2023-04-04	medium	ups-svip2.xyz/js/jquery.magnific-popup.min.js	Phishing
2023-04-04	medium	ups-svip2.xyz/js/jquery.nav.js	Phishing
2023-04-04	medium	ups-svip2.xyz/js/jquery-3.6.0.min.js	Phishing
2023-04-04	medium	ups-svip2.xyz/js/plugins.js	Phishing
2023-04-04	medium	ups-svip2.xyz/js/custom.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (8)

Pretty

URL

ups-svip2.xyz/js/plugins.js
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-03-07 21:19:41

Last Seen2023-11-16 23:24:19

Times Seen84
Hash

a3f3664f0481fbc7b2c7e707a79d15e3

64dcb4b6c6e665a2d0a826fbe117a3151e9bd8bc

f5a8d2d3037fbfb20005a845c3481203683ffbd348080a69d4e776413817a8d4

Pretty

URL

ups-svip2.xyz/js/custom.js
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-03-07 21:19:41

Last Seen2023-11-16 23:24:19

Times Seen88
Hash

aa43023ea891a7101059d52cf270f0c0

bee8e4cf93776466d8f2b0f2c88636a24e2c2219

43549c7a8917bc467834f237520151b3b24c824bbe89723c8a6122bc90910883

Pretty

URL

ups-svip2.xyz/js/bootstrap.min.js
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-03-07 12:06:36

Last Seen2023-11-16 23:24:19

Times Seen91
Hash

1a7e36da4c4cd915dfacefb185bc9f25

8184e407a08e9b27b5c2f4fd5f7266a615eb87ba

92951c15245eb60d3b531ba80a2b79630bba6d2105a7bd55c2e9a42b1d86b66d

Pretty

URL

ups-svip2.xyz/js/jquery.magnific-popup.min.js
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-03-10 12:24:26

Last Seen2023-11-16 23:24:19

Times Seen94
Hash

a7d0d23891f463e6482fab8fc6934afd

5d3c63f76882b923a73e8ba17225d12f7f2b5db3

a5b81c9e0b55a826a0e4c4d8aed35fd8331b40debdfb0f72b5c9b5d3c2072545

Pretty

URL

ups-svip2.xyz/js/jquery.nav.js
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-03-07 21:19:41

Last Seen2023-11-16 23:24:19

Times Seen86
Hash

4e713f6ffc99ebf6f146b7c7f8ecb593

c4cbd95cb37cc2594a539094762db82f3fc3f16b

79d11571929358c900ebf7fa4a78f311f62b2f2432ef885bf65248dfdc21c354

Pretty

URL

ups-svip2.xyz/js/jquery-3.6.0.min.js
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-03-07 21:19:41

Last Seen2023-11-16 23:24:19

Times Seen110
Hash

cf1745e3b375c08f100d137cf2823f4b

bc2b008f2a78411197163e31a6bb0fbc55db3732

56345e300f9ece4fcc2e867d73fa7570b7b22a6394d0467370d0d8dec97bad79

Pretty

URL

ups-svip2.xyz/js/jquery.scrollTo-min.js
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-03-07 21:19:41

Last Seen2023-11-16 23:24:19

Times Seen85
Hash

34cfcda61968c482c83bf9eacf3a1e7c

89dad799a74eb068344de5ce06f07bccb81dbfcc

155fb3353250a7988b525186f78cc5295251047692a8eb438c873c0bf213157f

Pretty

URL

ups-svip2.xyz/js/wow.js
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Introduced by

scriptElement
Inline HTML

false

Observations

First Seen2023-03-07 21:19:41

Last Seen2023-11-16 23:24:19

Times Seen90
Hash

1a8fa52fad9ce0e272a94f3338c3c82a

9c55d236e0d6095a4c03d5f2f87b28fc53d1fdac

5f321dd07bb461819daedc14108807629b7033cb99426f8cbe009634597a37ad

HTTP Transactions (62)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

a4074549843769a3da3f055bcb5a78ff

f99062d34cf71bda6a9c64061fb9e61008f94021

895e3801806f031611a25bec5652cc1a46dfa76ea6784f5064d859c1a5b9ddf7

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "895E3801806F031611A25BEC5652CC1A46DFA76EA6784F5064D859C1A5B9DDF7"
Last-Modified: Tue, 04 Apr 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3766
Expires: Tue, 04 Apr 2023 22:29:02 GMT
Date: Tue, 04 Apr 2023 21:26:16 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

e50dac5108a698d61ca49516033d1a20

53d243b89fc00deb9bfae07351bbe36ddb7c1df3

e9e0ad98c485b56fe65ea0a8bc4974fff3f804fcf2d8f6266ada9acd27c7b7cc

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E9E0AD98C485B56FE65EA0A8BC4974FFF3F804FCF2D8F6266ADA9ACD27C7B7CC"
Last-Modified: Tue, 04 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17796
Expires: Wed, 05 Apr 2023 02:22:52 GMT
Date: Tue, 04 Apr 2023 21:26:16 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

7f03faaba3392caae6dae54467bfdf6d

57ea1f14e8bfbcca8190c706d708c9fda12442c1

02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Alert, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 04 Apr 2023 20:28:45 GMT
content-type: application/json
age: 3451
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

903ed2d58f1f33d069b70c4b53f1cb1f

0ef89cd6eb79a2ddd74434f9233cf486fffc1142

d8c984b50f04fcdb1ebc99d982502d85193302c85239ee7497666247edfc0061

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8C984B50F04FCDB1EBC99D982502D85193302C85239EE7497666247EDFC0061"
Last-Modified: Sun, 02 Apr 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7343
Expires: Tue, 04 Apr 2023 23:28:39 GMT
Date: Tue, 04 Apr 2023 21:26:16 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

95f61d351f5fc9533cc78e255ce9bc06

fba284117f347782ac23c51d141d7e3ec15a867e

7fcc5f9e52e389d8d7c6df7f1f2a1291ae0aaae8e554f3022239ab092b2ef3c3

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: Xdy6yUATRbPzQLOyg2DQyW0Vb67t38RX32C8P2782Ssv37n4M0+Q4YW9bUqX6aa3U3Op26iAfxuBjE5jXVglhg==
x-amz-request-id: 0JNNDSTPXCC8RBJ2
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 04 Apr 2023 20:53:21 GMT
age: 1975
last-modified: Fri, 31 Mar 2023 17:04:39 GMT
etag: "95f61d351f5fc9533cc78e255ce9bc06"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Tue, 04 Apr 2023 21:26:16 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ups-svip2.xyz/verification/index

172.96.137.233

200 OK

16697

URL HTTP/1.1

ups-svip2.xyz/verification/index
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text

Size

16697
Hash

1dc2fbf73e0e7cae873ec75a1502cf5f

5ad6d9b70994f5b9e8bcd385f3a0e53e2ae9f596

c46103a839c0d41d34e4f15613d0e48ef15860cfbee5ee85b533abb8c1cae58c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /verification/index HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:16 GMT
Server: Apache
Cache-Control: no-cache, private
Set-Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; expires=Tue, 04-Apr-2023 23:26:16 GMT; Max-Age=7200; path=/; samesite=lax
mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D; expires=Tue, 04-Apr-2023 23:26:16 GMT; Max-Age=7200; path=/; httponly; samesite=lax
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

4741fb0e250c9bcfbf5ecf935786156a

b5ee9286de89da804036335ad071bcdf0bd69b6f

0273c45d6b16ec9f44aef454cfcc190ac3e953899347c346effb38e335806309

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 21:26:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

4741fb0e250c9bcfbf5ecf935786156a

b5ee9286de89da804036335ad071bcdf0bd69b6f

0273c45d6b16ec9f44aef454cfcc190ac3e953899347c346effb38e335806309

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 21:26:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

1c682b982d1ecaa1d27cb4da560edd95

fa046ceed7b97d3893993b65490b24f718bd1d7a

4faa28c9a8c88aa88a28e8065763938a3cf81e62a244482b280a58e825f5a904

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4FAA28C9A8C88AA88A28E8065763938A3CF81E62A244482B280A58E825F5A904"
Last-Modified: Mon, 03 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5116
Expires: Tue, 04 Apr 2023 22:51:33 GMT
Date: Tue, 04 Apr 2023 21:26:17 GMT
Connection: keep-alive

ups-svip2.xyz/css/style.css

172.96.137.233

200 OK

37069

URL HTTP/1.1

ups-svip2.xyz/css/style.css
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

ASCII text

Size

37069
Hash

4f67af024e0c52515a1145bb9162652b

a086451d245309f3bfa473f6d5d50dc1e8ab969b

0dba7ce33145b44bebf069882cfa07dd63fe3ee94863f280888cbf7f56b042e3

HTTP Headers

                                        GET /css/style.css HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ups-svip2.xyz/verification/index
Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:17 GMT
Server: Apache
Last-Modified: Tue, 18 Jan 2022 10:04:36 GMT
ETag: "90cd-5d5d8657e9500"
Accept-Ranges: bytes
Content-Length: 37069
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

ups-svip2.xyz/css/style-magnific-popup.css

172.96.137.233

200 OK

8314

URL HTTP/1.1

ups-svip2.xyz/css/style-magnific-popup.css
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

ASCII text

Size

8314
Hash

668a10bc7870332839a79cd69e38fd1d

2685132d7a9a11e83b4919a1e14b7e4764d9b141

f231368efa5de5df8dfe05be0000196665ec91b3309e5816ed9ae9b40070835d

HTTP Headers

                                        GET /css/style-magnific-popup.css HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ups-svip2.xyz/verification/index
Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:17 GMT
Server: Apache
Last-Modified: Tue, 18 Jan 2022 10:05:02 GMT
ETag: "207a-5d5d8670b4f80"
Accept-Ranges: bytes
Content-Length: 8314
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, ETag, Cache-Control, Expires, Backoff, Last-Modified, Pragma, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 04 Apr 2023 21:14:45 GMT
age: 692
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ups-svip2.xyz/js/bootstrap.min.js

172.96.137.233

200 OK

61852

URL HTTP/1.1

ups-svip2.xyz/js/bootstrap.min.js
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

ASCII text, with very long lines (61608)

Size

61852
Hash

1a7e36da4c4cd915dfacefb185bc9f25

8184e407a08e9b27b5c2f4fd5f7266a615eb87ba

92951c15245eb60d3b531ba80a2b79630bba6d2105a7bd55c2e9a42b1d86b66d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /js/bootstrap.min.js HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ups-svip2.xyz/verification/index
Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:17 GMT
Server: Apache
Last-Modified: Tue, 18 Jan 2022 10:36:58 GMT
ETag: "f19c-5d5d8d93f2680"
Accept-Ranges: bytes
Content-Length: 61852
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

ups-svip2.xyz/js/jquery.scrollTo-min.js

172.96.137.233

200 OK

2439

URL HTTP/1.1

ups-svip2.xyz/js/jquery.scrollTo-min.js
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

ASCII text, with very long lines (2269)

Size

2439
Hash

34cfcda61968c482c83bf9eacf3a1e7c

89dad799a74eb068344de5ce06f07bccb81dbfcc

155fb3353250a7988b525186f78cc5295251047692a8eb438c873c0bf213157f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /js/jquery.scrollTo-min.js HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ups-svip2.xyz/verification/index
Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:17 GMT
Server: Apache
Last-Modified: Tue, 18 Jan 2022 10:03:34 GMT
ETag: "987-5d5d861cc8980"
Accept-Ranges: bytes
Content-Length: 2439
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

push.services.mozilla.com/

34.117.65.55

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

34.117.65.55:0
ASN

#15169 GOOGLE

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +ud8LhPrcfJ53yVC7UEJhw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 3AI6P2/03Jrz583SVZdeiUnUU7M=
Date: Tue, 04 Apr 2023 21:26:17 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ups-svip2.xyz/css/bootstrap.min.css

172.96.137.233

200 OK

154861

URL HTTP/1.1

ups-svip2.xyz/css/bootstrap.min.css
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

Unicode text, UTF-8 text, with very long lines (65300)

Size

154861
Hash

827bd63bcd7a8462b10403312152111b

a1fd51fb5df4696919557ffd7bb828058175c3e8

5b9c010eb24a0ea15eb1f4cdc08daf7c14312560c32177fd88f02650bde2d651

HTTP Headers

                                        GET /css/bootstrap.min.css HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ups-svip2.xyz/verification/index
Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:17 GMT
Server: Apache
Last-Modified: Tue, 18 Jan 2022 10:36:58 GMT
ETag: "25ced-5d5d8d93f2680"
Accept-Ranges: bytes
Content-Length: 154861
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

ups-svip2.xyz/css/bootstrap-icons.css

172.96.137.233

200 OK

64953

URL HTTP/1.1

ups-svip2.xyz/css/bootstrap-icons.css
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

ASCII text, with CRLF line terminators

Size

64953
Hash

a49a0ae10cc9200e69d5de02807207cc

ba2fbf6f9c58b9792bc2fbb6a8eaa7f6c98870e5

b3e77ca291a53417371172deaea9e99caf05c11224a070c2dca1272f48cfd2c6

HTTP Headers

                                        GET /css/bootstrap-icons.css HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ups-svip2.xyz/verification/index
Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:17 GMT
Server: Apache
Last-Modified: Sun, 28 Nov 2021 00:23:54 GMT
ETag: "fdb9-5d1ce56d7ba80"
Accept-Ranges: bytes
Content-Length: 64953
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

ups-svip2.xyz/js/jquery.magnific-popup.min.js

172.96.137.233

200 OK

21144

URL HTTP/1.1

ups-svip2.xyz/js/jquery.magnific-popup.min.js
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

ASCII text, with very long lines (21014)

Size

21144
Hash

a7d0d23891f463e6482fab8fc6934afd

5d3c63f76882b923a73e8ba17225d12f7f2b5db3

a5b81c9e0b55a826a0e4c4d8aed35fd8331b40debdfb0f72b5c9b5d3c2072545

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /js/jquery.magnific-popup.min.js HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ups-svip2.xyz/verification/index
Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:17 GMT
Server: Apache
Last-Modified: Tue, 18 Jan 2022 10:03:34 GMT
ETag: "5298-5d5d861cc8980"
Accept-Ranges: bytes
Content-Length: 21144
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

ups-svip2.xyz/css/animate.css

172.96.137.233

200 OK

63744

URL HTTP/1.1

ups-svip2.xyz/css/animate.css
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

ASCII text, with very long lines (460)

Size

63744
Hash

52e7eb444b0b93bf29679f28a124b593

52ff2099c3c949047ce09e866e72e9022d4841fc

53a34e5162729024c4e04a3b7042d5ae2d8f2e9782dc1f32a42b0b49bfe857ff

HTTP Headers

                                        GET /css/animate.css HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ups-svip2.xyz/verification/index
Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:17 GMT
Server: Apache
Last-Modified: Tue, 18 Jan 2022 10:04:00 GMT
ETag: "f900-5d5d863594400"
Accept-Ranges: bytes
Content-Length: 63744
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

ups-svip2.xyz/js/jquery.nav.js

172.96.137.233

200 OK

6754

URL HTTP/1.1

ups-svip2.xyz/js/jquery.nav.js
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

ASCII text

Size

6754
Hash

4e713f6ffc99ebf6f146b7c7f8ecb593

c4cbd95cb37cc2594a539094762db82f3fc3f16b

79d11571929358c900ebf7fa4a78f311f62b2f2432ef885bf65248dfdc21c354

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /js/jquery.nav.js HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ups-svip2.xyz/verification/index
Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:17 GMT
Server: Apache
Last-Modified: Tue, 18 Jan 2022 10:03:18 GMT
ETag: "1a62-5d5d860d86580"
Accept-Ranges: bytes
Content-Length: 6754
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

ups-svip2.xyz/js/jquery-3.6.0.min.js

172.96.137.233

200 OK

89502

URL HTTP/1.1

ups-svip2.xyz/js/jquery-3.6.0.min.js
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

ASCII text, with very long lines (65445), with CRLF, CR line terminators

Size

89502
Hash

cf1745e3b375c08f100d137cf2823f4b

bc2b008f2a78411197163e31a6bb0fbc55db3732

56345e300f9ece4fcc2e867d73fa7570b7b22a6394d0467370d0d8dec97bad79

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /js/jquery-3.6.0.min.js HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ups-svip2.xyz/verification/index
Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:17 GMT
Server: Apache
Last-Modified: Sun, 28 Nov 2021 00:24:16 GMT
ETag: "15d9e-5d1ce58276c00"
Accept-Ranges: bytes
Content-Length: 89502
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

d9209152015bce63ee2d21cc0d966532

7fb6b50059f25e76e0acd9f8ced75095ba7474fe

e3d734e1657051dfd33351e97078cf4e5210332ac63e0b104ff73e913011f024

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 21:26:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

d9209152015bce63ee2d21cc0d966532

7fb6b50059f25e76e0acd9f8ced75095ba7474fe

e3d734e1657051dfd33351e97078cf4e5210332ac63e0b104ff73e913011f024

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 21:26:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ups-svip2.xyz/js/wow.js

172.96.137.233

200 OK

16576

URL HTTP/1.1

ups-svip2.xyz/js/wow.js
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

ASCII text, with CRLF, CR line terminators

Size

16576
Hash

1a8fa52fad9ce0e272a94f3338c3c82a

9c55d236e0d6095a4c03d5f2f87b28fc53d1fdac

5f321dd07bb461819daedc14108807629b7033cb99426f8cbe009634597a37ad

HTTP Headers

                                        GET /js/wow.js HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ups-svip2.xyz/verification/index
Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:17 GMT
Server: Apache
Last-Modified: Sun, 28 Nov 2021 00:24:18 GMT
ETag: "40c0-5d1ce5845f080"
Accept-Ranges: bytes
Content-Length: 16576
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

ups-svip2.xyz/js/plugins.js

172.96.137.233

200 OK

2144

URL HTTP/1.1

ups-svip2.xyz/js/plugins.js
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

ASCII text

Size

2144
Hash

a3f3664f0481fbc7b2c7e707a79d15e3

64dcb4b6c6e665a2d0a826fbe117a3151e9bd8bc

f5a8d2d3037fbfb20005a845c3481203683ffbd348080a69d4e776413817a8d4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /js/plugins.js HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ups-svip2.xyz/verification/index
Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:17 GMT
Server: Apache
Last-Modified: Tue, 18 Jan 2022 10:01:52 GMT
ETag: "860-5d5d85bb82400"
Accept-Ranges: bytes
Content-Length: 2144
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

fonts.gstatic.com/s/nunito/v25/XRXV3I6Li01BKofINeaB.woff2

216.58.207.227

200 OK

35904

URL HTTP/2

fonts.gstatic.com/s/nunito/v25/XRXV3I6Li01BKofINeaB.woff2
IP

216.58.207.227:0
ASN

#15169 GOOGLE

Magic

Web Open Font Format (Version 2), TrueType, length 35904, version 1.0\012- data

Size

35904
Hash

c26b97e7f5bb7a34d190703522d75e16

69d9e5aea0544dbaf9b78c1b65139c03eceece8f

96217f1d27fb909f92b4a6b35a0d3d6775f2f0b4d136d27aee88547d3ed87357

HTTP Headers

                                        GET /s/nunito/v25/XRXV3I6Li01BKofINeaB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ups-svip2.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35904
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 04 Apr 2023 10:36:08 GMT
expires: Wed, 03 Apr 2024 10:36:08 GMT
cache-control: public, max-age=31536000
age: 39009
last-modified: Mon, 18 Jul 2022 19:34:47 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

d9209152015bce63ee2d21cc0d966532

7fb6b50059f25e76e0acd9f8ced75095ba7474fe

e3d734e1657051dfd33351e97078cf4e5210332ac63e0b104ff73e913011f024

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 21:26:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

d9209152015bce63ee2d21cc0d966532

7fb6b50059f25e76e0acd9f8ced75095ba7474fe

e3d734e1657051dfd33351e97078cf4e5210332ac63e0b104ff73e913011f024

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 21:26:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

216.58.207.227

200 OK

16740

URL HTTP/2

fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
IP

216.58.207.227:0
ASN

#15169 GOOGLE

Magic

Web Open Font Format (Version 2), TrueType, length 16740, version 1.0\012- data

Size

16740
Hash

e43b535855a4ae53bd5b07a6eeb3bf67

6507312d9491156036316484bf8dc41e8b52ddd9

b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681

HTTP Headers

                                        GET /s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ups-svip2.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 04 Apr 2023 09:29:05 GMT
expires: Wed, 03 Apr 2024 09:29:05 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:14:44 GMT
content-type: font/woff2
age: 43032
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2

216.58.207.227

200 OK

17820

URL HTTP/2

fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP

216.58.207.227:0
ASN

#15169 GOOGLE

Magic

Web Open Font Format (Version 2), TrueType, length 17820, version 1.0\012- data

Size

17820
Hash

3d5107abaf7bf4df5478bd04625c0929

b04d394caabf6ea3e500b74781dc2bfd54f3c18d

9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31

HTTP Headers

                                        GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ups-svip2.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 04 Apr 2023 10:55:08 GMT
expires: Wed, 03 Apr 2024 10:55:08 GMT
cache-control: public, max-age=31536000
age: 37869
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ups-svip2.xyz/js/custom.js

172.96.137.233

200 OK

1962

URL HTTP/1.1

ups-svip2.xyz/js/custom.js
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

ASCII text

Size

1962
Hash

aa43023ea891a7101059d52cf270f0c0

bee8e4cf93776466d8f2b0f2c88636a24e2c2219

43549c7a8917bc467834f237520151b3b24c824bbe89723c8a6122bc90910883

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /js/custom.js HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ups-svip2.xyz/verification/index
Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:17 GMT
Server: Apache
Last-Modified: Tue, 18 Jan 2022 10:29:22 GMT
ETag: "7aa-5d5d8be112480"
Accept-Ranges: bytes
Content-Length: 1962
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

d9209152015bce63ee2d21cc0d966532

7fb6b50059f25e76e0acd9f8ced75095ba7474fe

e3d734e1657051dfd33351e97078cf4e5210332ac63e0b104ff73e913011f024

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 21:26:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ups-svip2.xyz/webfonts/bootstrap-icons.woff2

172.96.137.233

200 OK

85120

URL HTTP/1.1

ups-svip2.xyz/webfonts/bootstrap-icons.woff2
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

Web Open Font Format (Version 2), TrueType, length 85120, version 1.0\012- data

Size

85120
Hash

638b6203b5126378173b7b45137b6af7

ed167d335e2e0cb00a82f2d7367f05cb4d6557cf

83ff8bf521e8844e2ce560ff8d4e2beca0be44cb3c7a361729fa555c647cff60

HTTP Headers

                                        GET /webfonts/bootstrap-icons.woff2 HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://ups-svip2.xyz/css/bootstrap-icons.css
Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:17 GMT
Server: Apache
Last-Modified: Sun, 28 Nov 2021 00:25:22 GMT
ETag: "14c80-5d1ce5c168080"
Accept-Ranges: bytes
Content-Length: 85120
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive

ups-svip2.xyz/images/ui-design.png

172.96.137.233

200 OK

220662

URL HTTP/1.1

ups-svip2.xyz/images/ui-design.png
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

PNG image data, 555 x 570, 8-bit/color RGBA, non-interlaced\012- data

Size

220662
Hash

43d17c9f09f7199e52e086e95bcf27cb

d68d6c3aead989a2be5b28cf05526cc45c7e4721

f61770088328ed83c046037bde6c5f76be2a24bdadd1a7c90b266c72a183d7f9

HTTP Headers

                                        GET /images/ui-design.png HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ups-svip2.xyz/verification/index
Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:17 GMT
Server: Apache
Last-Modified: Sun, 28 Nov 2021 00:24:12 GMT
ETag: "35df6-5d1ce57ea6300"
Accept-Ranges: bytes
Content-Length: 220662
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

ups-svip2.xyz/images/partner3.png

172.96.137.233

200 OK

34067

URL HTTP/1.1

ups-svip2.xyz/images/partner3.png
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

PNG image data, 632 x 190, 8-bit/color RGBA, non-interlaced\012- data

Size

34067
Hash

5d23616fa2c86a10b1eebde0cac8d31b

6de0dce084d5e5cde6bfb8cfd3f527cfc46da502

b09f3bd69308236567f950afeb1c973ddc4f8babc0344a0c09228df3daa92df1

HTTP Headers

                                        GET /images/partner3.png HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ups-svip2.xyz/verification/index
Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:17 GMT
Server: Apache
Last-Modified: Sun, 28 Nov 2021 00:24:04 GMT
ETag: "8513-5d1ce57705100"
Accept-Ranges: bytes
Content-Length: 34067
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png

ups-svip2.xyz/images/partner1.png

172.96.137.233

200 OK

26287

URL HTTP/1.1

ups-svip2.xyz/images/partner1.png
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

PNG image data, 632 x 190, 8-bit/color RGBA, non-interlaced\012- data

Size

26287
Hash

fe9bfbc16a19f1872641013bdee79761

798e9cd189a8e38df0ec3a911c8e822d8d065b09

70aa5899898991e56030f11d63d11dfb562358474d84b001e9b2fb7761ead483

HTTP Headers

                                        GET /images/partner1.png HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ups-svip2.xyz/verification/index
Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:17 GMT
Server: Apache
Last-Modified: Sun, 28 Nov 2021 00:24:02 GMT
ETag: "66af-5d1ce5751cc80"
Accept-Ranges: bytes
Content-Length: 26287
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

ups-svip2.xyz/images/partner2.png

172.96.137.233

200 OK

87834

URL HTTP/1.1

ups-svip2.xyz/images/partner2.png
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

PNG image data, 632 x 190, 8-bit/color RGBA, non-interlaced\012- data

Size

87834
Hash

e2a6f2cda7d1bde40c490ef9ed36f4c8

c37da319452c6740decabe6e45f7c38822da0992

95bf88e528a1737d98ffcf062234a170591b79bcf71f8704954144821a231430

HTTP Headers

                                        GET /images/partner2.png HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ups-svip2.xyz/verification/index
Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:17 GMT
Server: Apache
Last-Modified: Sun, 28 Nov 2021 00:24:04 GMT
ETag: "1571a-5d1ce57705100"
Accept-Ranges: bytes
Content-Length: 87834
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

ups-svip2.xyz/images/input-envelope.png

172.96.137.233

200 OK

16697

URL HTTP/1.1

ups-svip2.xyz/images/input-envelope.png
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text

Size

16697
Hash

1dc2fbf73e0e7cae873ec75a1502cf5f

5ad6d9b70994f5b9e8bcd385f3a0e53e2ae9f596

c46103a839c0d41d34e4f15613d0e48ef15860cfbee5ee85b533abb8c1cae58c

HTTP Headers

                                        GET /images/input-envelope.png HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ups-svip2.xyz/css/style.css
Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:17 GMT
Server: Apache
Cache-Control: no-cache, private
Set-Cookie: XSRF-TOKEN=eyJpdiI6IndocHdKS1RIbExFWmpySkdMTEwvQ0E9PSIsInZhbHVlIjoic1hvalQ5VWptVGRjOFBsbTZ3LysrRjQxNWgwYWFjTjEwcWcyYXFHWDAzQ0o4bW9OVGpqMUEzemlTTlVpWDZtT0w5MlBpVFIxaFdXa0l0bU8zNXREbzY2Rm4wdEpyeFhIUHM0cERhSkNNT3JIZ0EyQ3RYSStXWC9XbXRDWjdXOGEiLCJtYWMiOiJiNWY4ZTE4ZWVkMTYxYjAyOGE3NjJhNjAxOGJiYTFhYjY4YmFmZDRiZGFlMzUyNzBkYjEyOTI1ZmQxYzNmY2ZkIiwidGFnIjoiIn0%3D; expires=Tue, 04-Apr-2023 23:26:17 GMT; Max-Age=7200; path=/; samesite=lax
mini_session=eyJpdiI6InRDeVpBUU1MTTZINlFWUEIwb21TUlE9PSIsInZhbHVlIjoieThuSWFyaEFVdEE4SmJWVHc2UXd5Mnd0WEtjN1RiN29qWXBGK2tnR3dMb1JjS2puSXNPZjBXb3YwOGlCS0N4eVVFU01kSjB2SzVsL25COWlyL2tsSVFlTnd6bG1mSWFyMnFPQVNKVXIvWWJJcklmemU3ZHNmTjJyOW5DUVF1RzgiLCJtYWMiOiIxZWI2M2ZiMzI4ZGJkNjUyMTE3ODU0ZDEyNDg5NWU4MWRlMWJmNTljNGQ1Zjg0NGRjNGM5OGQ1ODhiZDViZTMyIiwidGFnIjoiIn0%3D; expires=Tue, 04-Apr-2023 23:26:17 GMT; Max-Age=7200; path=/; httponly; samesite=lax
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

ups-svip2.xyz/images/partner4.png

172.96.137.233

200 OK

8333

URL HTTP/1.1

ups-svip2.xyz/images/partner4.png
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

PNG image data, 632 x 190, 8-bit/color RGBA, non-interlaced\012- data

Size

8333
Hash

7cff5496b1d7fe772904d2d363a5c942

3c3745d03f0b9ed9da6b0d7c81136ef162c439ff

301a6ba12092e50d14a634de6774163409e5a356a1b1a116aafb29908fcd83cb

HTTP Headers

                                        GET /images/partner4.png HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ups-svip2.xyz/verification/index
Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:17 GMT
Server: Apache
Last-Modified: Sun, 28 Nov 2021 00:24:04 GMT
ETag: "208d-5d1ce57705100"
Accept-Ranges: bytes
Content-Length: 8333
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

ups-svip2.xyz/images/partner5.png

172.96.137.233

200 OK

55324

URL HTTP/1.1

ups-svip2.xyz/images/partner5.png
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

PNG image data, 632 x 190, 8-bit/color RGBA, non-interlaced\012- data

Size

55324
Hash

904c3918e25dc189d8a12d8218634fe4

7159d2f8f8ea07212057a99992f771d77f9e5477

4788cc379424a306fd9252b3dd9f0dd0fbec123c6c74cb5cbde97f163bbafe0a

HTTP Headers

                                        GET /images/partner5.png HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ups-svip2.xyz/verification/index
Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:17 GMT
Server: Apache
Last-Modified: Sun, 28 Nov 2021 00:24:04 GMT
ETag: "d81c-5d1ce57705100"
Accept-Ranges: bytes
Content-Length: 55324
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

ups-svip2.xyz/images/partner7.png

172.96.137.233

200 OK

33421

URL HTTP/1.1

ups-svip2.xyz/images/partner7.png
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

PNG image data, 632 x 190, 8-bit/color RGBA, non-interlaced\012- data

Size

33421
Hash

4674685d98551d64dd2b19c6c26f134c

8e251dc7232d369a09ae2d9dd420b3a9c331b918

0ad21b07fa8b5c1418fc325ff9131a9826001b0d77f092bdd6b5b1070b865ca2

HTTP Headers

                                        GET /images/partner7.png HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ups-svip2.xyz/verification/index
Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:17 GMT
Server: Apache
Last-Modified: Sun, 28 Nov 2021 00:24:06 GMT
ETag: "828d-5d1ce578ed580"
Accept-Ranges: bytes
Content-Length: 33421
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png

ups-svip2.xyz/images/partner6.png

172.96.137.233

200 OK

15297

URL HTTP/1.1

ups-svip2.xyz/images/partner6.png
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

PNG image data, 632 x 190, 8-bit/color RGBA, non-interlaced\012- data

Size

15297
Hash

25563d6770304475fcf8ea0af3439641

c11bfa03a072f57c7b9de1217ea0b8a5c34c349a

aee359130243482740e730e1a185a5ac002cc0450993ad83efc4474fbe3b6779

HTTP Headers

                                        GET /images/partner6.png HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ups-svip2.xyz/verification/index
Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:17 GMT
Server: Apache
Last-Modified: Sun, 28 Nov 2021 00:24:06 GMT
ETag: "3bc1-5d1ce578ed580"
Accept-Ranges: bytes
Content-Length: 15297
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/png

ups-svip2.xyz/images/partner9.png

172.96.137.233

200 OK

69034

URL HTTP/1.1

ups-svip2.xyz/images/partner9.png
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

PNG image data, 632 x 190, 8-bit/color RGBA, non-interlaced\012- data

Size

69034
Hash

3775f5faad5b415f8feff0fd0138b195

6591fab9580cc9ca0ed601888e137be478a009f6

383aa9d569e67d6efd07581ef944095f7893e7e0bee0373e08cd3385c8e65fa3

HTTP Headers

                                        GET /images/partner9.png HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ups-svip2.xyz/verification/index
Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:17 GMT
Server: Apache
Last-Modified: Sun, 28 Nov 2021 00:24:06 GMT
ETag: "10daa-5d1ce578ed580"
Accept-Ranges: bytes
Content-Length: 69034
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png

ups-svip2.xyz/images/partner8.png

172.96.137.233

200 OK

48921

URL HTTP/1.1

ups-svip2.xyz/images/partner8.png
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

PNG image data, 632 x 190, 8-bit/color RGBA, non-interlaced\012- data

Size

48921
Hash

7e6e804f034b78bfd2faa9e9d47327a7

b442421595dc338e3cd76310d3db439c6e0ee795

f33bf5ac5100dd9ababd07c7406be6d7d8e2ed888567609286af7ed4f961333f

HTTP Headers

                                        GET /images/partner8.png HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ups-svip2.xyz/verification/index
Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:17 GMT
Server: Apache
Last-Modified: Sun, 28 Nov 2021 00:24:06 GMT
ETag: "bf19-5d1ce578ed580"
Accept-Ranges: bytes
Content-Length: 48921
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

ups-svip2.xyz/images/team001.jpg

172.96.137.233

200 OK

32508

URL HTTP/1.1

ups-svip2.xyz/images/team001.jpg
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 555x555, components 3\012- data

Size

32508
Hash

dd87f02a6e058176740c606ecd5f0a09

a9a6ae6ac94e42c14e4cbc7fc1c33f0a1a7e82e8

4b7a3807052b40b56ae96ab442c76850a56491e71a93e2120cd57a70a31b1442

HTTP Headers

                                        GET /images/team001.jpg HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ups-svip2.xyz/verification/index
Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:18 GMT
Server: Apache
Last-Modified: Sun, 28 Nov 2021 00:24:08 GMT
ETag: "7efc-5d1ce57ad5a00"
Accept-Ranges: bytes
Content-Length: 32508
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg

ups-svip2.xyz/images/team002.jpg

172.96.137.233

200 OK

24674

URL HTTP/1.1

ups-svip2.xyz/images/team002.jpg
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 555x555, components 3\012- data

Size

24674
Hash

d6335f24bf1726fa36f3df4aa6da98e4

6e65beaf82828c525914928979fc8bb6ef5ed80d

c204789d99914282e1a14dc79efbc420be976a0702dc2b08aa46b713f0005079

HTTP Headers

                                        GET /images/team002.jpg HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ups-svip2.xyz/verification/index
Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:18 GMT
Server: Apache
Last-Modified: Sun, 28 Nov 2021 00:24:08 GMT
ETag: "6062-5d1ce57ad5a00"
Accept-Ranges: bytes
Content-Length: 24674
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/jpeg

ups-svip2.xyz/images/team003.jpg

172.96.137.233

200 OK

26054

URL HTTP/1.1

ups-svip2.xyz/images/team003.jpg
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 555x555, components 3\012- data

Size

26054
Hash

1865c9a21a54044a1e43aa7fd421294a

39bdbf038a399cd84dacffd70ea9767103162acb

eea3edb63bcab7ce08c200752f5d872457f1ce1b9ab79ddfdd645e9804c284ae

HTTP Headers

                                        GET /images/team003.jpg HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ups-svip2.xyz/verification/index
Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:18 GMT
Server: Apache
Last-Modified: Sun, 28 Nov 2021 00:24:08 GMT
ETag: "65c6-5d1ce57ad5a00"
Accept-Ranges: bytes
Content-Length: 26054
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/jpeg

ups-svip2.xyz/images/testimonials-woman.jpg

172.96.137.233

200 OK

48423

URL HTTP/1.1

ups-svip2.xyz/images/testimonials-woman.jpg
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 555x500, components 3\012- data

Size

48423
Hash

5d7c71973a5115666963a647dd54fc73

5814e57e2f46b0050c96f8cbc26f0121f9cd2b60

f051f7fb5645ca31b4f6f37119cf275607f1981c5efdd09defa096c702da7bb2

HTTP Headers

                                        GET /images/testimonials-woman.jpg HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ups-svip2.xyz/verification/index
Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:18 GMT
Server: Apache
Last-Modified: Sun, 28 Nov 2021 00:24:08 GMT
ETag: "bd27-5d1ce57ad5a00"
Accept-Ranges: bytes
Content-Length: 48423
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/jpeg

ups-svip2.xyz/images/digital-marketing.png

172.96.137.233

200 OK

198003

URL HTTP/1.1

ups-svip2.xyz/images/digital-marketing.png
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

PNG image data, 555 x 461, 8-bit/color RGBA, non-interlaced\012- data

Size

198003
Hash

7ef36424c5431668d0d954123040d255

20e738cb83a1c9835c64856144bdcc7aedc05973

35d3e96fa5e0ecd13dcb6de8bf3471e5ff8a651f5c4645bda2a79bd0f9762022

HTTP Headers

                                        GET /images/digital-marketing.png HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ups-svip2.xyz/verification/index
Cookie: XSRF-TOKEN=eyJpdiI6IlNtdlVJR2twbDJuNFk3SkNldTNHcmc9PSIsInZhbHVlIjoiT0RjcUhxSXpmbWtnTFhhNEdMbjMzZmR3SldwdGtZWWhoaWhsK0NHQ3psTGg0dGhJL05TTU4xWEZJWXRZRndaOVVOb091UWdmdnlOS3RXUW9xOTVsb3VocHp1a1d4cHhpTHR1WGNzYVFNeFZiRW5QVC9QdlRiaG81eVpEVE9wL2IiLCJtYWMiOiJmNWU0YzU0NTQ0ODE3NDQzYzIwZGI0MGVhMGM2MmVjOTRlNWUyYzc4NTQxNTgzNDM5NjliOGU2MzYyMTlhZTIwIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6Iitobmw5dkVLUkZTSHJpSWVLSmVvaEE9PSIsInZhbHVlIjoiczVtRVRxaW1FZ29hb254bmVuRVZwalg2NzdSRXMxQnVDNmc4SHMxRG52a2dEZDFFeU4reklrdWxqYk5kNTBmcE9reGFCRHBmYlZWUzFPZTRVR0VQa3ZnYlhkV2JGWHFmVlVwdEk5Y0JPZFluejlxbCtPVzhmT29INWhiV1FzSzUiLCJtYWMiOiI2NzBlNGU2YmY0MjhlYjY2MTIzZjJiNWEwMzU1NDhmYjUwNGEyMDM0YjVmNDdmZTU2NGY5Y2VlNTBiMTViYWQ4IiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:18 GMT
Server: Apache
Last-Modified: Sun, 28 Nov 2021 00:24:00 GMT
ETag: "30573-5d1ce57334800"
Accept-Ranges: bytes
Content-Length: 198003
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png

ups-svip2.xyz/images/favicon.ico

172.96.137.233

200 OK

1406

URL HTTP/1.1

ups-svip2.xyz/images/favicon.ico
IP

172.96.137.233:0
ASN

#395092 SHOCK-1

Magic

MS Windows icon resource - 1 icon, 16x16, 8 bits/pixel\012- data

Size

1406
Hash

6092472b4490c1181b146fbdaeb2a8a1

eb04d30b2e67b14e3b6ea4712d905c283ea817a5

65a395942d8f6d051b628523a8f9f62a33817bd511eed651da6c743ce39d565e

HTTP Headers

                                        GET /images/favicon.ico HTTP/1.1
Host: ups-svip2.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ups-svip2.xyz/verification/index
Cookie: XSRF-TOKEN=eyJpdiI6IndocHdKS1RIbExFWmpySkdMTEwvQ0E9PSIsInZhbHVlIjoic1hvalQ5VWptVGRjOFBsbTZ3LysrRjQxNWgwYWFjTjEwcWcyYXFHWDAzQ0o4bW9OVGpqMUEzemlTTlVpWDZtT0w5MlBpVFIxaFdXa0l0bU8zNXREbzY2Rm4wdEpyeFhIUHM0cERhSkNNT3JIZ0EyQ3RYSStXWC9XbXRDWjdXOGEiLCJtYWMiOiJiNWY4ZTE4ZWVkMTYxYjAyOGE3NjJhNjAxOGJiYTFhYjY4YmFmZDRiZGFlMzUyNzBkYjEyOTI1ZmQxYzNmY2ZkIiwidGFnIjoiIn0%3D; mini_session=eyJpdiI6InRDeVpBUU1MTTZINlFWUEIwb21TUlE9PSIsInZhbHVlIjoieThuSWFyaEFVdEE4SmJWVHc2UXd5Mnd0WEtjN1RiN29qWXBGK2tnR3dMb1JjS2puSXNPZjBXb3YwOGlCS0N4eVVFU01kSjB2SzVsL25COWlyL2tsSVFlTnd6bG1mSWFyMnFPQVNKVXIvWWJJcklmemU3ZHNmTjJyOW5DUVF1RzgiLCJtYWMiOiIxZWI2M2ZiMzI4ZGJkNjUyMTE3ODU0ZDEyNDg5NWU4MWRlMWJmNTljNGQ1Zjg0NGRjNGM5OGQ1ODhiZDViZTMyIiwidGFnIjoiIn0%3D

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 21:26:18 GMT
Server: Apache
Last-Modified: Sun, 28 Nov 2021 00:24:00 GMT
ETag: "57e-5d1ce57334800"
Accept-Ranges: bytes
Content-Length: 1406
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/vnd.microsoft.icon

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

869fe4a8dc549ffa1023d3adc184e4f2

37b95d88dd3f6f251bb651b130e09b202850033f

9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15265
Expires: Wed, 05 Apr 2023 01:40:43 GMT
Date: Tue, 04 Apr 2023 21:26:18 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

869fe4a8dc549ffa1023d3adc184e4f2

37b95d88dd3f6f251bb651b130e09b202850033f

9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15264
Expires: Wed, 05 Apr 2023 01:40:43 GMT
Date: Tue, 04 Apr 2023 21:26:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

869fe4a8dc549ffa1023d3adc184e4f2

37b95d88dd3f6f251bb651b130e09b202850033f

9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15264
Expires: Wed, 05 Apr 2023 01:40:43 GMT
Date: Tue, 04 Apr 2023 21:26:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

869fe4a8dc549ffa1023d3adc184e4f2

37b95d88dd3f6f251bb651b130e09b202850033f

9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15264
Expires: Wed, 05 Apr 2023 01:40:43 GMT
Date: Tue, 04 Apr 2023 21:26:19 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5a64c6f-4f76-4a92-92c4-1fa8cb48142e.jpeg

34.120.237.76

200 OK

6803

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5a64c6f-4f76-4a92-92c4-1fa8cb48142e.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

6803
Hash

fde7605b95c3ac6b8de339dbd12e17b1

b44d521b31be7b3fe378a0e070c49379a6eab26e

5496cf7c705ccc67dd13f86a07d9a352424d58591aa67afe1e1361c640f8d510

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5a64c6f-4f76-4a92-92c4-1fa8cb48142e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 6803
x-amzn-requestid: 6c78179f-0d11-4a23-8e86-e4f05d7c7f90
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C0fq3HrioAMF7ww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642b4645-758850e07ef9b1512b684c35;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Mon, 03 Apr 2023 21:33:57 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: TvDTtH9ZqXuvomWMYiB8g8N0JKjRrHIXF1SxfCRJfwZS-7pGLAPrVw==
via: 1.1 ee32c7a76e2727d565413cc6c352ef48.cloudfront.net (CloudFront), 1.1 29a825d8a219984d47bec4350779b558.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Apr 2023 21:33:57 GMT
etag: "b44d521b31be7b3fe378a0e070c49379a6eab26e"
content-type: image/jpeg
age: 85942
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6898

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeae50b2-4a88-4f71-ae4f-7fd74b695fe8.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

6898
Hash

80fcfbf9081b3ede0bbbb18635a9cbf4

037891066a15726bb272a8d74f96abb1520b4fe3

5cf70d8254f20aea5ca12439a4558f459d6bbf162f5e1a0f9b62e79de29d4b29

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeae50b2-4a88-4f71-ae4f-7fd74b695fe8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 6898
x-amzn-requestid: a56b192d-c797-4521-9af4-e3baaa8e6205
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C0frbGsRoAMFjiA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642b4648-5aeb60706595f7762c545067;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Mon, 03 Apr 2023 21:34:00 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: 5PCc80UBjiGObi7QYuzScnsR2Tn7XkH2ihpI5rGlrFTjWr7s74quNQ==
via: 1.1 8ead054384c1626556ee4410cad35692.cloudfront.net (CloudFront), 1.1 0ec9ddba08fcd99386924593dbdbd44a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Apr 2023 21:34:01 GMT
etag: "037891066a15726bb272a8d74f96abb1520b4fe3"
content-type: image/jpeg
age: 85938
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10535

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106409ef-b973-4018-aee9-294835a882a8.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

10535
Hash

790b71fc2b1faa08db8b4334c9c3f9e3

e1defe547d4ffca2560cd8f25c4f7a92a9ae87b4

eed429169c9d3feb115463d8ead934fa348cdca60aabf0c88d4553ed23575c9c

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106409ef-b973-4018-aee9-294835a882a8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 10535
x-amzn-requestid: 8efe600f-9818-4c23-afd3-41c5a4dece2f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C0frbFHSoAMF8HQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642b4648-65e8e6fd575fdc91668d6676;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Mon, 03 Apr 2023 21:34:00 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: 3eFc64JrVV7kNe1QSEyApxR5PQ0aC-6UWaOI5wUZjIDATg38NAlkcw==
via: 1.1 8591441a35c0af61913aec9af012bc38.cloudfront.net (CloudFront), 1.1 219e8f088c8c2a564bdacafe44be620a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Apr 2023 21:34:01 GMT
etag: "e1defe547d4ffca2560cd8f25c4f7a92a9ae87b4"
content-type: image/jpeg
age: 85938
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6494

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0936bac9-0505-47a5-932e-eb63ee65f17f.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

6494
Hash

440bc52fc1e8c12ac8264a1ee47fc525

00e85bb08fa00deac46dd33bc11e9358c948ecf5

7fd89896357506803bafdb71eccab202b1c492d6489efb4ebb05fb4b367194ad

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0936bac9-0505-47a5-932e-eb63ee65f17f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 6494
x-amzn-requestid: e032a9b8-7231-424c-9bcf-3e376fac5c50
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CxM52GoDoAMFnUA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6429f50b-5b86488c35a3bb1d297bb989;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Sun, 02 Apr 2023 21:35:07 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 1XR1LgB0FVddFK4itAeNjjuF7gKNDmJ3nTJgLo0Zi8ytbF8epYKXjw==
via: 1.1 4e4278a2778e72cc34feef6db603088c.cloudfront.net (CloudFront), 1.1 174acb08636ac7d9e9a778bbf1bcbc52.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Apr 2023 22:01:22 GMT
age: 84297
etag: "00e85bb08fa00deac46dd33bc11e9358c948ecf5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8658

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09d7bfe8-bfa6-4d25-aa3f-159254f09bfa.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

8658
Hash

ad137bebd56918d96431d867ae123332

8572417b762ea2b1dccc3d4236336456be6be1cf

92a575b8055174a83ac1066e2ff931525760c9b96f3e588077ce0ce24a0a7b46

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09d7bfe8-bfa6-4d25-aa3f-159254f09bfa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 8658
x-amzn-requestid: 36fb7671-bd9a-43fc-8920-c5948711d560
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CvNkNGjHIAMFsBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6429294d-5e753ae346a583ac5cbb42f4;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Sun, 02 Apr 2023 07:05:49 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: fxJD_NxmovXM_HkNkB7sUV_iAGruUAFoEn6P2XqPwcN05EabrxuBtQ==
via: 1.1 773bf3616e85ce2b187fa78710a6beb2.cloudfront.net (CloudFront), 1.1 4c48e9fb20d53d40e9fe273dbdae1098.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 07:23:38 GMT
age: 50561
etag: "8572417b762ea2b1dccc3d4236336456be6be1cf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6912

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa5f70c40-8b38-48db-b482-a5cc8f1580ef.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

6912
Hash

9d1360ec3cb182322e0a0c445f57e5b7

9f71e3cd002ca8116d917c3b7fb57291099269d1

e3d216e879d771bf2507928ba1b26465c87a4202a4cdc03483f002c2826a81b2

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa5f70c40-8b38-48db-b482-a5cc8f1580ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 6912
x-amzn-requestid: 53fcdc8a-e064-4e81-b5ac-5d0ae4bcfdb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C0fpuEZ-IAMFxaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642b463d-3b7b43f30dd66fae5dc9ea6a;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Mon, 03 Apr 2023 21:33:49 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: GZgHaJIuhgJevaSQVWPEZ-U5S-OGbnM_ZSvlcmim_e5Fsi6P_7TISA==
via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 29a825d8a219984d47bec4350779b558.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Apr 2023 21:33:50 GMT
etag: "9f71e3cd002ca8116d917c3b7fb57291099269d1"
content-type: image/jpeg
age: 85949
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Nunito:wght@400;600;700;800&family=Open+Sans:ital@0;1&display=swap

142.250.74.106

200 OK

URL HTTP/2

fonts.googleapis.com/css2?family=Nunito:wght@400;600;700;800&family=Open+Sans:ital@0;1&display=swap
IP

142.250.74.106:0
ASN

#15169 GOOGLE

Magic

Size

0
Hash

HTTP Headers

                                        GET /css2?family=Nunito:wght@400;600;700;800&family=Open+Sans:ital@0;1&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ups-svip2.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 04 Apr 2023 21:26:17 GMT
date: Tue, 04 Apr 2023 21:26:17 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

#1 JS:Script (size: 2144)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#2 JS:Script (size: 1962)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#3 JS:Script (size: 61852)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#4 JS:Script (size: 21144)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#5 JS:Script (size: 6754)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#6 JS:Script (size: 89502)

URL

IP

ASN

Introduced by

Inline HTML

Observations

Hash

#7 JS:Script (size: 2439)

URL

IP

ASN

Introduced by

Inline HTML