ttg.yourhighpotencydefender.site/c/74e223774635a125?clickId={clickId}&cost={cost}&s1={s1}&s3={clickId}&s4={feedId}&s5={zoneId}&s6={creativeId}&s7={campaignId}&aff_sub={aff_sub}&sub1={sub1}&sid1={sid1}&t={t}&ac={ac}&sa={feedId}-{zoneId}&sid3={sid3}&aff_sub2={aff_sub2}
52.51.27.131200 OK 2.8 kB URL HTTP/1.1 ttg.yourhighpotencydefender.site/c/74e223774635a125?clickId={clickId}&cost={cost}&s1={s1}&s3={clickId}&s4={feedId}&s5={zoneId}&s6={creativeId}&s7={campaignId}&aff_sub={aff_sub}&sub1={sub1}&sid1={sid1}&t={t}&ac={ac}&sa={feedId}-{zoneId}&sid3={sid3}&aff_sub2={aff_sub2}
IP 52.51.27.131:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (12052)
Hash 5aad136fe85738108fbf3d106f2784dc
05d788b089702ac247f0c034a7cc782a50676593
2742feff8d924357aff30282facff4964ad30f4ad13ec56f6e2f30e666c3b0ab
GET /c/74e223774635a125?clickId={clickId}&cost={cost}&s1={s1}&s3={clickId}&s4={feedId}&s5={zoneId}&s6={creativeId}&s7={campaignId}&aff_sub={aff_sub}&sub1={sub1}&sid1={sid1}&t={t}&ac={ac}&sa={feedId}-{zoneId}&sid3={sid3}&aff_sub2={aff_sub2} HTTP/1.1
Host: ttg.yourhighpotencydefender.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 21 Dec 2022 14:00:56 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: unique_id=63a311980005bbd5; Path=/; Expires=Sun, 19 Feb 2023 14:00:56 GMT
unique_id2=63a311980005c11e; Path=/; Expires=Tue, 21 Mar 2023 14:00:56 GMT
impression=; Path=/; Expires=Wed, 21 Dec 2022 14:00:56 GMT
63a311980005c11e_sl=[268852]; Path=/; Expires=Wed, 04 Jan 2023 14:00:56 GMT
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bbea1550fedd5eb9c265712fab75b137
2c2f981747898a380265f766345f2bb9c8c983fd
c728286e38c31a4d3f7a39702e0a5f69c14bf69e01a88bc4479714953fbda278
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C728286E38C31A4D3F7A39702E0A5F69C14BF69E01A88BC4479714953FBDA278"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13542
Expires: Wed, 21 Dec 2022 17:46:38 GMT
Date: Wed, 21 Dec 2022 14:00:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 04c14564c7083355371e41c5a09acada
ea488e34661be5420c798c7e26f193b4dee7bb37
d7e5c37d8e6cbed236670d050f84f288539642f7a41a54b0abd39357f7c42232
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D7E5C37D8E6CBED236670D050F84F288539642F7A41A54B0ABD39357F7C42232"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3547
Expires: Wed, 21 Dec 2022 15:00:03 GMT
Date: Wed, 21 Dec 2022 14:00:56 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 21 Dec 2022 13:34:35 GMT
content-type: application/json
age: 1581
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f4b32de26d9af2cba6afcdcf716d3fb8
644ead4436a8f2fc1f0dd25e4484b64f6ed63347
525123034cb53d750d5ebd487015911452d2cd3c34301e6628f2f52f3f0bfc88
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "525123034CB53D750D5EBD487015911452D2CD3C34301E6628F2F52F3F0BFC88"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17816
Expires: Wed, 21 Dec 2022 18:57:52 GMT
Date: Wed, 21 Dec 2022 14:00:56 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: MfgWHkzH2uq3+p0BoS77GuEYW7NUDY5qiF8HtErZkhh3PW0jZibSLnKYzzrSUcvqa1FisM+KbhM=
x-amz-request-id: YP2FNDFK74ZJPD0R
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 21 Dec 2022 13:55:24 GMT
age: 332
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 21 Dec 2022 14:00:56 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
cdn-adef.akamaized.net/landings/268852/1665677718/css/style.css?1665677719
23.36.76.194200 OK 2.0 kB URL HTTP/1.1 cdn-adef.akamaized.net/landings/268852/1665677718/css/style.css?1665677719
IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
Hash 3b1537d38270b368dd4afd3a04a8fc6c
f4cc570c723401da7ebb11c60c01c65863b270a5
5f118825faa35f752dd6fd78f44af0426d6ca137bdf908bcd9afd7f0e84d5f65
GET /landings/268852/1665677718/css/style.css?1665677719 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: FpaN53//rbr0/9q9VFEw2t+Qt0F+Buh4Zo7lIIx711GymC17gxLhEFzkthKzAv6ll9RhXhgrTKU=
x-amz-request-id: 8619EHGRTGKH91YC
Last-Modified: Thu, 13 Oct 2022 16:15:22 GMT
ETag: "602331533ab2f855a26a77ab03d6db15"
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 21 Dec 2022 14:00:56 GMT
Content-Length: 2010
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-adef.akamaized.net/landings/268852/1665677718/css/translate.css?1665677719
23.36.76.194200 OK 655 B URL HTTP/1.1 cdn-adef.akamaized.net/landings/268852/1665677718/css/translate.css?1665677719
IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
Hash 64836db20736f1e7995b43489b4bf0ac
a0db33db05acb39dd01d9f19f5eed634682b0ead
d4d21bac4b13cac53c0b921c3aa69d1e010a32ad3ccb7498821aa6e763e71c87
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /landings/268852/1665677718/css/translate.css?1665677719 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: 5PegPGCuaG0hulZ4NYVOl/a5OhLNfZC7O7MsfLH6jcCQqW96yIcSYWmfTi6N1fekuaqpq1UNy0E=
x-amz-request-id: 861AK1RSEFEPDTEV
Last-Modified: Thu, 13 Oct 2022 16:15:22 GMT
ETag: "64836db20736f1e7995b43489b4bf0ac"
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Content-Length: 655
Date: Wed, 21 Dec 2022 14:00:56 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-adef.akamaized.net/landings/268852/1665677718/js/interactive.js?1665677719
23.36.76.194200 OK 5.0 kB URL HTTP/1.1 cdn-adef.akamaized.net/landings/268852/1665677718/js/interactive.js?1665677719
IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (24491), with no line terminators
Hash e332e3d27c8b834beeb86c7309f642cf
c09dcf00146664a766d79b84cee7e5c1299f89fb
d3b8f64254adfb0eebe5a286b58b04702da9b8b09f704f3ef5512ee14c733160
GET /landings/268852/1665677718/js/interactive.js?1665677719 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: MQDT+t9QabiW0BSeAXleg+cSFbqkmPKIJALEkIo/kpPLvHaO409H2ZgFIsQeKl/NdCr7hWhj6Xg=
x-amz-request-id: 8613A5H4FQBXP6HH
Last-Modified: Thu, 13 Oct 2022 16:15:22 GMT
ETag: "4556c2fbe499483bd54ee664e83bd0af"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 21 Dec 2022 14:00:56 GMT
Content-Length: 4961
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-adef.akamaized.net/landings/268852/1665677718/js/main.js?1665677719
23.36.76.194200 OK 883 B URL HTTP/1.1 cdn-adef.akamaized.net/landings/268852/1665677718/js/main.js?1665677719
IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (2060), with no line terminators
Hash 75c7f7a337535ee79147e8068ef8982f
88798d1b96c7048770ad87d00c1c0daeb0170745
05f89d1e5e99f402500a4e7d3178ed1b6c3b0db1f48c2e7ce1ca7702f8a7d87b
GET /landings/268852/1665677718/js/main.js?1665677719 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: Mbq7Msha2PiGF3xWQjMg4VWmh1oaTa1PX5dltR0eIZlwK5RRQcRd55EtBY9/K4GZzceyxM0CBEM=
x-amz-request-id: 86123NC9MPDNB5TY
Last-Modified: Thu, 13 Oct 2022 16:15:22 GMT
ETag: "b56630c7276ebda1b23e2083b8367691"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 21 Dec 2022 14:00:56 GMT
Content-Length: 883
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-adef.akamaized.net/landings/268852/1665677718/js/site-protect.2.0.js?1665677719
23.36.76.194200 OK 1.1 kB URL HTTP/1.1 cdn-adef.akamaized.net/landings/268852/1665677718/js/site-protect.2.0.js?1665677719
IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
Hash 85e3bd021961fdac95655a71435375f5
9d03222c7a2acb3c790270e3f07bebc485759db2
bd6d5b382238afd5ee6299972b66f4e22521fe96487dfc620be38e1743d71887
GET /landings/268852/1665677718/js/site-protect.2.0.js?1665677719 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: onD8gCd8O5Gl5usc1MfbtRvY+0uJyU20Q+SFmL5O1bqlelXvwypqe/CmB0VH0pZQPmiZLloKZTA=
x-amz-request-id: 8614X84KTZFR7YSA
Last-Modified: Thu, 13 Oct 2022 16:15:22 GMT
ETag: "311a4a9bfb7699c36f9310aa8484b360"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 21 Dec 2022 14:00:56 GMT
Content-Length: 1073
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-adef.akamaized.net/landings/268852/1665677718/js/js.cockie.min.js?1665677719
23.36.76.194200 OK 826 B URL HTTP/1.1 cdn-adef.akamaized.net/landings/268852/1665677718/js/js.cockie.min.js?1665677719
IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (1619), with no line terminators
Hash 80f159394b22e099038b584495222009
49a38d579533fb963f8f0f94687b40f65713b8dd
2d1575e9baafcb2f70a5d4ff82e829c3722535c3b9921c0d1baf5b54a384b109
GET /landings/268852/1665677718/js/js.cockie.min.js?1665677719 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: t/iv6+jzeOicam7m27yoaKT7X2eJ9AiAVKoiAYVE9N63Pw/FpVDnYYkKVXk9i4JM+KPJHH9xEN4=
x-amz-request-id: 8619QFW9GSBAE1YF
Last-Modified: Thu, 13 Oct 2022 16:15:22 GMT
ETag: "aeb03440821eecd362780d1d1f8f4751"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 21 Dec 2022 14:00:56 GMT
Content-Length: 826
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-adef.akamaized.net/landings/268852/1665677718/js/translate.js?1665677719
23.36.76.194200 OK 544 B URL HTTP/1.1 cdn-adef.akamaized.net/landings/268852/1665677718/js/translate.js?1665677719
IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
Hash 015967e055e606d62302b33ca898240c
97a3a854502409b10635b092500bfc5b244642e4
5bc3f308bb3236dbb04b2ac5d01905f9081d24827d4cd26c33ec5f716acd8427
GET /landings/268852/1665677718/js/translate.js?1665677719 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: IYOv2nYAy6c6Pt16XIo+QTZIcXSVt/Jlnp6RTQUqgdWFwGVRP90/rwWzXjGxuaSs4Joz5h/xeVA=
x-amz-request-id: G11T1D7ET9RPEGEQ
Last-Modified: Thu, 13 Oct 2022 16:15:22 GMT
ETag: "fcd546809170dd574eb37b989529f69a"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 21 Dec 2022 14:00:56 GMT
Content-Length: 544
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-adef.akamaized.net/landings/268852/1665677718/js/second_back_multi.js?1665677719
23.36.76.194200 OK 732 B URL HTTP/1.1 cdn-adef.akamaized.net/landings/268852/1665677718/js/second_back_multi.js?1665677719
IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
Hash 64bb7cb9f3a6cb788156ff60cf17c587
18e341baa9e99c034dc3b2cff1b7b9d90626082d
3be73c0c23bffc4bd19a14a3351ca8b7719bd10bda3ca5807c6661f4211064da
GET /landings/268852/1665677718/js/second_back_multi.js?1665677719 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: 9jgAQVwWv7D84QxmnLdKg3c9qt+oBO2GGu/xVSiVSOqFL1nfeIYml1NPJSbR5+jCBidi9xwsNdc=
x-amz-request-id: G11RD9Y45HRGJ73N
Last-Modified: Thu, 13 Oct 2022 16:15:22 GMT
ETag: "12af65fd8656be95d31d144fa257727d"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 21 Dec 2022 14:00:56 GMT
Content-Length: 732
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 7011324f8501f3c2c1e545068299bec1
f9ca3911f1c3f66cf89c1b7f2e251c3669636fcb
6afe60a2ce277e620ad2ab621a77fc140d3d28c70b3774afd07ee85e58465623
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4707
Cache-Control: max-age=114153
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 14:00:56 GMT
Etag: "63a21a1e-118"
Expires: Thu, 22 Dec 2022 21:43:29 GMT
Last-Modified: Tue, 20 Dec 2022 20:25:02 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 280
cdn.stfilecamp.com/multi_push.js?1665677719
205.185.216.10200 OK 1.1 kB URL HTTP/2 cdn.stfilecamp.com/multi_push.js?1665677719
IP 205.185.216.10:0
Hash a50322f9d3f3fafe3fb02be02285e433
c0a894b3bfa545832c3ad1c2f145005d02e50ac4
cb763e10664b93ac12aaead7af7b0838195e45eb89f678ebb3f5776b147f5d99
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /multi_push.js?1665677719 HTTP/1.1
Host: cdn.stfilecamp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Dec 2022 14:00:56 GMT
cache-control: max-age=928
content-length: 1072
content-type: text/javascript
last-modified: Thu, 07 Jul 2022 14:21:23 GMT
accept-ranges: bytes
x-rgw-object-type: Normal
etag: "a50322f9d3f3fafe3fb02be02285e433"
x-amz-request-id: tx000000000000087f1063a-0063a30728-213dd56e-sfo3a
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-sp-metadata: HS256.CKi/jJ0GEocBCiQ2MWRlNDI0OS00NzE5LTRjMGEtYjFlMy0wODQ5YzFhNjQ2YjQQgMPq7NjG+wIaBgiYo4ydBiIMOTEuOTAuNDIuMTU0KIeWAzADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGM3ZDJiNGM0ODRhNDEzZTE5MWRlNmFjZmYyZGIyMDA5GisIARIkODQ3ZTcwYjAtYmY4ZS00MjU2LTljNzEtMmZiZWJmNWE5Yjc5GLAIIhgIAhIUY2RzMDIwLnNrMS5od2Nkbi5uZXQ=.NFFqSZ6DCozPtbpLUJZ5UtILm4wTu4HokmK+dEIh+NQ=
x-hw: 1671631256.dop219.sk1.t,1671631256.cds258.sk1.hn,1671631256.cds020.sk1.c
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js?1665677719
104.17.25.14200 OK 28 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js?1665677719
IP 104.17.25.14:0
File type ASCII text, with very long lines (65447)
Hash 265d03943a645462854e9444dabeb800
a44ef995093ddc5f334a63999d71c65a1d2b6643
0d4102a2c52171ae32d1b2157118ceef7e18220bc02fbac9ce327a6a99a171df
GET /ajax/libs/jquery/3.6.1/jquery.min.js?1665677719 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Dec 2022 14:00:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 27990
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "63091225-6d56"
last-modified: Fri, 26 Aug 2022 18:34:13 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 41900
expires: Mon, 11 Dec 2023 14:00:56 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0VxyY2n9SwyCUghZr%2Fx%2BjnCAccxzZG78WX9XG3vFvDIzbJAGwXC%2F1AGbH8MD%2FAtN5OGhqU0hqQhmDMCo%2ByVvpss6Vg7CCbAXJ8O0jN3bA9iKIC9AOA2ekopgLBC8RhliLVCqMMqP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 77d1259b38351c0e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn-adef.akamaized.net/landings/268852/1665677718/images/ico_tray2.gif
23.36.76.194200 OK 377 B URL HTTP/1.1 cdn-adef.akamaized.net/landings/268852/1665677718/images/ico_tray2.gif
IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
File type GIF image data, version 89a, 16 x 16\012- data
Hash c10bdec858cb0cf9e6cc5865d5925746
697c095ed5509e5a5af0c5ebf2380662aeffc531
b65b47a79e32335d9ca35ff59c6975d2b5808f84da0db88d11ce777b33e72ad9
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /landings/268852/1665677718/images/ico_tray2.gif HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: r7Oo9K5eT7CXsaF4CP91moBRVPSTd7aSiPCqZNfjFoIglCAXGciM2eZ7RnTfTGFv78XiKkSQJwY=
x-amz-request-id: FWM2VK5HR5MJK6XZ
Last-Modified: Thu, 13 Oct 2022 16:15:21 GMT
ETag: "c10bdec858cb0cf9e6cc5865d5925746"
Accept-Ranges: bytes
Content-Type: image/gif
Server: AmazonS3
Content-Length: 377
Date: Wed, 21 Dec 2022 14:00:56 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-adef.akamaized.net/landings/268852/1665677718/images/ico_bl2.gif
23.36.76.194200 OK 1.5 kB URL HTTP/1.1 cdn-adef.akamaized.net/landings/268852/1665677718/images/ico_bl2.gif
IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
File type GIF image data, version 89a, 65 x 80\012- data
Hash af52e51f42fd0c55bc3cf2c8ece71492
016f83da68ff461a5c6aebcc2a45668317b2f24c
e91f304cf7409723968740e6363dda01b50acb8e94b5ca05b4a4617666ff095c
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /landings/268852/1665677718/images/ico_bl2.gif HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: fzOfjn5taO7aaTLWiqr4Ce/2NbpgU0pLi6HPFAQj86nUIz9mRsRjGsVBBm52jGblQFrH8pr+7DM=
x-amz-request-id: FWM4ZSE9S5RK86RQ
Last-Modified: Thu, 13 Oct 2022 16:15:21 GMT
ETag: "af52e51f42fd0c55bc3cf2c8ece71492"
Accept-Ranges: bytes
Content-Type: image/gif
Server: AmazonS3
Content-Length: 1547
Date: Wed, 21 Dec 2022 14:00:56 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-adef.akamaized.net/landings/268852/1665677718/images/win_cls.png
23.36.76.194200 OK 293 B URL HTTP/1.1 cdn-adef.akamaized.net/landings/268852/1665677718/images/win_cls.png
IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
File type PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced\012- data
Hash 9eb68d2ce05c151bda542a7a6356e22c
baeeefe4a7ac657c10a5f081841015de1bcf90dd
2d2b7040bc32b397c3c60d800de9aa7d86404f1874862eba61bdaa21f1523eb7
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /landings/268852/1665677718/images/win_cls.png HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: Cf0VAzcm4AT+qbHqq3htuBDaDF1bdhb+P7ANbFu6QO7TMptpNBCvwIrQAIrFNHxErtrdKDUvFbU=
x-amz-request-id: G11NV0ZZM3D1W5S2
Last-Modified: Thu, 13 Oct 2022 16:15:20 GMT
ETag: "9eb68d2ce05c151bda542a7a6356e22c"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 293
Date: Wed, 21 Dec 2022 14:00:56 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-adef.akamaized.net/landings/268852/1665677718/images/protect.png
23.36.76.194200 OK 71 kB URL HTTP/1.1 cdn-adef.akamaized.net/landings/268852/1665677718/images/protect.png
IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
File type PNG image data, 543 x 300, 8-bit/color RGBA, non-interlaced\012- data
Hash 9979fef59356099c8f41e2248fb3765d
b675d4030621b8de6bb823085ff9d9b8613c5f48
d00309ba24e28a196d0ce99ced950476954b7435a539e5157556cdb4c23fd310
GET /landings/268852/1665677718/images/protect.png HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: Kz7c6umXQWVdzpdKvq17ZIDmfsOzmo1ooTQkWgz5DCBM5/NKJTZ/Xw6L8i2bRy2E6E4fwqEQt2I=
x-amz-request-id: G11XBMWPS484ERFQ
Last-Modified: Thu, 13 Oct 2022 16:15:20 GMT
ETag: "9979fef59356099c8f41e2248fb3765d"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 70593
Date: Wed, 21 Dec 2022 14:00:56 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-adef.akamaized.net/landings/268852/1665677718/images/icon-red.png
23.36.76.194200 OK 1.7 kB URL HTTP/1.1 cdn-adef.akamaized.net/landings/268852/1665677718/images/icon-red.png
IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
File type PNG image data, 40 x 45, 8-bit/color RGBA, non-interlaced\012- data
Hash f460adcdcb62bffc8961d6681d5042be
a3c4fcb71daf78ab130938480ace7588ffa16194
c60d95afdfb06b36758c44ee23b82f5c5504f0119a2c86d83c990821e8f5cae6
GET /landings/268852/1665677718/images/icon-red.png HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: jqIU0BwVciOx0M0SY5P9t2bcd7eJKkXMDHlw5uKqP+zPIzEdZMEutkEjQUOXMArdVoHTsiNGRx4=
x-amz-request-id: G11RXD5CDVEHJVCC
Last-Modified: Thu, 13 Oct 2022 16:15:21 GMT
ETag: "f460adcdcb62bffc8961d6681d5042be"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 1709
Date: Wed, 21 Dec 2022 14:00:56 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-adef.akamaized.net/landings/268852/1665677718/images/ico_bl3.gif
23.36.76.194200 OK 949 B URL HTTP/1.1 cdn-adef.akamaized.net/landings/268852/1665677718/images/ico_bl3.gif
IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
File type GIF image data, version 89a, 78 x 68\012- data
Hash da9d153375da51a616a7663f1504e3a5
bd81fe60fe017bfe79be8c1afed88b659ff166d9
9bb88049c3d3f3c172d97246fa148bb725e727847c37e28c3be156be240a0c04
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /landings/268852/1665677718/images/ico_bl3.gif HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: yuPWqY/PTRqj0wwn+ZSDDaUJ8eYr2aLHqFbdMu6Iw4xmch9syr0Qamgmck+khBERsyhtcPpmkj8=
x-amz-request-id: FWM8MJA39H0HZ0JD
Last-Modified: Thu, 13 Oct 2022 16:15:21 GMT
ETag: "da9d153375da51a616a7663f1504e3a5"
Accept-Ranges: bytes
Content-Type: image/gif
Server: AmazonS3
Content-Length: 949
Date: Wed, 21 Dec 2022 14:00:56 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-adef.akamaized.net/landings/268852/1665677718/images/ico_tray1.gif
23.36.76.194200 OK 69 B URL HTTP/1.1 cdn-adef.akamaized.net/landings/268852/1665677718/images/ico_tray1.gif
IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
File type GIF image data, version 89a, 16 x 16\012- data
Hash 3ae573d079dcd1d2da4086f2c0c72c45
e7c9dabec81379373476ed23168dcecb9b8c56aa
9cce08ab28e94790cf78c87e37f8690acbc6c535e4b43ae7b38506b94538e107
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /landings/268852/1665677718/images/ico_tray1.gif HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: V+OBzlR+6JRr0gVBhYIXSndncuZ1k7drxfHh1R5Q4KDsl9TTt1ZPWqk0sJOZ8qTZXMKxz88L1QI=
x-amz-request-id: G11W6F8XTV2MW4ZQ
Last-Modified: Thu, 13 Oct 2022 16:15:21 GMT
ETag: "3ae573d079dcd1d2da4086f2c0c72c45"
Accept-Ranges: bytes
Content-Type: image/gif
Server: AmazonS3
Content-Length: 69
Date: Wed, 21 Dec 2022 14:00:56 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-adef.akamaized.net/landings/268852/1665677718/images/icon-white.png
23.36.76.194200 OK 2.2 kB URL HTTP/1.1 cdn-adef.akamaized.net/landings/268852/1665677718/images/icon-white.png
IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
File type PNG image data, 73 x 84, 8-bit/color RGBA, non-interlaced\012- data
Hash c391e0f03315c1de2f0c3091c1170b38
4c6d1e87a69be58cd9fb9acdaee354580a2da1b6
8b7a5ce48e7e6a77ba8c97eae67a4556c325b7a80ad8bc1e831d08069e8ed37c
GET /landings/268852/1665677718/images/icon-white.png HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: oFzDAusA1yUFTq1/NsJSyJNZGLfOAxLcNeIvKEjNofF/V5egpt8kSQ6dp7urFeMwquIGA0bAG8A=
x-amz-request-id: FWMDEDMFQ45CCP95
Last-Modified: Thu, 13 Oct 2022 16:15:21 GMT
ETag: "c391e0f03315c1de2f0c3091c1170b38"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 2178
Date: Wed, 21 Dec 2022 14:00:56 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-adef.akamaized.net/landings/268852/1665677718/images/ico_bl1.gif
23.36.76.194200 OK 511 B URL HTTP/1.1 cdn-adef.akamaized.net/landings/268852/1665677718/images/ico_bl1.gif
IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
File type GIF image data, version 89a, 80 x 65\012- data
Hash af3aca2036675c5979fb535c5d190f15
70c4f17ef1a2afe0477c84c5d209fbe31760b657
aa88fa9731a6021cd8c0f80ef76476fd055a9cf0bff3ad9fbefbedbd255e26fa
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /landings/268852/1665677718/images/ico_bl1.gif HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: LBL2kr3cTWm5OKuFnRbCmvOOWn85SgA924Rzj3AEci09m2nO/Si8w05EMxqlw+GAY82/uYIMaRw=
x-amz-request-id: G11Y7C5V9P18GPYX
Last-Modified: Thu, 13 Oct 2022 16:15:21 GMT
ETag: "af3aca2036675c5979fb535c5d190f15"
Accept-Ranges: bytes
Content-Type: image/gif
Server: AmazonS3
Content-Length: 511
Date: Wed, 21 Dec 2022 14:00:56 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-adef.akamaized.net/landings/268852/1665677718/images/logo-white.svg
23.36.76.194200 OK 1.3 kB URL HTTP/1.1 cdn-adef.akamaized.net/landings/268852/1665677718/images/logo-white.svg
IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1296), with no line terminators
Hash 6afb794723ba525f2c526c9899569924
8921668647cb2e4e8f689abd3f2bb8c9579432a8
e4aef0aba15680c1b745414a7c7bc39cdbeda17f1de0c7bf57bf90378b6a5d26
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /landings/268852/1665677718/images/logo-white.svg HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: WzsU5fo1YdSHiU0jhbyukGZYoLhjAWK2CHhGFjKiCFMq8kf1NK2g82KWzfsiuKL9Y6GPLL6ESSE=
x-amz-request-id: G11RM0NB9J2CRTQF
Last-Modified: Thu, 13 Oct 2022 16:15:21 GMT
ETag: "6afb794723ba525f2c526c9899569924"
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 1296
Date: Wed, 21 Dec 2022 14:00:56 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-adef.akamaized.net/landings/268852/1665677718/images/ico_tray3.gif
23.36.76.194200 OK 234 B URL HTTP/1.1 cdn-adef.akamaized.net/landings/268852/1665677718/images/ico_tray3.gif
IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
File type GIF image data, version 89a, 16 x 16\012- data
Hash 9ce99ec458daf212f9812a90f3fadd13
9e3041bc91b79a17b52e0fbb6c2d0e2f905d98a1
b0d335401c9fd5fac9991ec92edaf7865ff3a491ebe390120936c69796c3b753
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /landings/268852/1665677718/images/ico_tray3.gif HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: 362vlk4/gNTdRLEWI+G2Wu3vIuX+IEi/Vu6hHXOgRDp3o18oinq8eoNxKXu44B8X+H6FmrSMr84=
x-amz-request-id: FWMECNDKMKD6TCZT
Last-Modified: Thu, 13 Oct 2022 16:15:21 GMT
ETag: "9ce99ec458daf212f9812a90f3fadd13"
Accept-Ranges: bytes
Content-Type: image/gif
Server: AmazonS3
Content-Length: 234
Date: Wed, 21 Dec 2022 14:00:56 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-adef.akamaized.net/landings/268852/1665677718/images/globe-alpha.png
23.36.76.194200 OK 303 kB URL HTTP/1.1 cdn-adef.akamaized.net/landings/268852/1665677718/images/globe-alpha.png
IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
File type PNG image data, 1440 x 700, 8-bit gray+alpha, non-interlaced\012- data
Size 303 kB (302963 bytes)
Hash bc336a3a0c484d7c65299b9c4af45596
36cb2608b4fef19277220dab7e0cb0a623eee289
af9a953b12a4994939f45054e31302a7b1f59577f69c21376821cf9b922b414b
GET /landings/268852/1665677718/images/globe-alpha.png HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: jmOIawtUQxKQkVFsnR5sm4cr5S5EEyHjNqsJYx4xzkdtIVEQeXfq3nYOQU9PyW3YW35Qa3THuKM=
x-amz-request-id: G11H2CMP2A4JG8RX
Last-Modified: Thu, 13 Oct 2022 16:15:21 GMT
ETag: "bc336a3a0c484d7c65299b9c4af45596"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 302963
Date: Wed, 21 Dec 2022 14:00:56 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-adef.akamaized.net/landings/268852/1665677718/images/cross.gif
23.36.76.194200 OK 211 B URL HTTP/1.1 cdn-adef.akamaized.net/landings/268852/1665677718/images/cross.gif
IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
File type GIF image data, version 89a, 29 x 29\012- data
Hash 45b0c8a1e52d91e8cf84eaf75ebca9a9
0e358b8571f9062dedfacd0c31d54179270153cd
4e635bdab7a300d0ccb5aac26b4610a07ee1b33643578c1a4308e677d7eb595d
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /landings/268852/1665677718/images/cross.gif HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: z0DaK4YnhJiNfmTwwdYKm+b9Jts52SZN6zgtwtQvy9hhqAFAygQi0jG/0dMh4A4z8kGlPjMjPm4=
x-amz-request-id: G11JDS8WWYQ452YN
Last-Modified: Thu, 13 Oct 2022 16:15:21 GMT
ETag: "45b0c8a1e52d91e8cf84eaf75ebca9a9"
Accept-Ranges: bytes
Content-Type: image/gif
Server: AmazonS3
Content-Length: 211
Date: Wed, 21 Dec 2022 14:00:56 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-adef.akamaized.net/landings/268852/1665677718/images/logo-red-full.png
23.36.76.194200 OK 7.3 kB URL HTTP/1.1 cdn-adef.akamaized.net/landings/268852/1665677718/images/logo-red-full.png
IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
File type PNG image data, 230 x 64, 8-bit/color RGBA, non-interlaced\012- data
Hash 63fb2900e5622e4a6cadfd616f84476e
60d9f07aa5e9fd0595f00e7ce41eb80a51927f8c
6dbe00201def9dbf69293b028055f8ea0513ef52cb1f2e60212a5061c37d283d
GET /landings/268852/1665677718/images/logo-red-full.png HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: lPI6GLumB7VjTdfb8EsCq9LBZob6PKhk3lynVxJ3XyK7qrxoRep0SN/EPBsZQSiQJ7qmKe9yUhE=
x-amz-request-id: G11K43CH467XT9P5
Last-Modified: Thu, 13 Oct 2022 16:15:21 GMT
ETag: "63fb2900e5622e4a6cadfd616f84476e"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 7254
Date: Wed, 21 Dec 2022 14:00:56 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-adef.akamaized.net/landings/268852/1665677718/images/ico_gray1.png
23.36.76.194200 OK 364 B URL HTTP/1.1 cdn-adef.akamaized.net/landings/268852/1665677718/images/ico_gray1.png
IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
File type PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced\012- data
Hash e144c3378090087c8ce129a30cb6cb4e
59da5466551de941d0215e45c54aa2ceaf436be1
b13a03e0db893734298cbe203bf264407636ffe5dab0a141f83c492d0034dd6a
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /landings/268852/1665677718/images/ico_gray1.png HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: rry7W8u8u2J7gZgPvGGAaJ4FHIH3DA93LbqqesFnZgxGrD4rEkr3jSCZAi/0WwmukKkC+7kB568=
x-amz-request-id: G11YF4Z48N0B3Q9B
Last-Modified: Thu, 13 Oct 2022 16:15:21 GMT
ETag: "e144c3378090087c8ce129a30cb6cb4e"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 364
Date: Wed, 21 Dec 2022 14:00:56 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-adef.akamaized.net/landings/268852/1665677718/images/win_min.png
23.36.76.194200 OK 128 B URL HTTP/1.1 cdn-adef.akamaized.net/landings/268852/1665677718/images/win_min.png
IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
File type PNG image data, 12 x 12, 8-bit/color RGB, non-interlaced\012- data
Hash 0bb86caf792dd7d24731c18cd37bb68e
dda1e433a0eaf785b2aa2c6214d5e48cb82a3a25
2ac27821ba64d645f36e2ad197492d30c11b10a032cc474554679555f4604622
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /landings/268852/1665677718/images/win_min.png HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: R2l0Hw5DTXnCCkNJIq3w1y776QoLhZVPmxKa6hiywTRnsLPkpPaAf9ONU+Sfv/EtTDZRYSQfqH4=
x-amz-request-id: G11K8K61AAFGQ38Q
Last-Modified: Thu, 13 Oct 2022 16:15:20 GMT
ETag: "0bb86caf792dd7d24731c18cd37bb68e"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 128
Date: Wed, 21 Dec 2022 14:00:56 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-adef.akamaized.net/landings/268852/1665677718/images/logo-red.png
23.36.76.194200 OK 4.7 kB URL HTTP/1.1 cdn-adef.akamaized.net/landings/268852/1665677718/images/logo-red.png
IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
File type PNG image data, 230 x 45, 8-bit/color RGBA, non-interlaced\012- data
Hash 945db2cdbd67e8ad20315672f80c1f18
1d49f3128052594b6b46edc17712e83f62bdb035
cf56bcceaf23dba6d290e2c6739ac2bab77b36e03c20a48cdbe49bcfe2fb31d0
GET /landings/268852/1665677718/images/logo-red.png HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: h4ROlWwQXQMHRhvOKJqrJ9o2AtYk3AjSkVmH2k8wnWfKoszozqVA2fKSfcbCFj7aMKeyYaMJxUs=
x-amz-request-id: G11KNA6XG3KR4B99
Last-Modified: Thu, 13 Oct 2022 16:15:21 GMT
ETag: "945db2cdbd67e8ad20315672f80c1f18"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 4714
Date: Wed, 21 Dec 2022 14:00:56 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 7011324f8501f3c2c1e545068299bec1
f9ca3911f1c3f66cf89c1b7f2e251c3669636fcb
6afe60a2ce277e620ad2ab621a77fc140d3d28c70b3774afd07ee85e58465623
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5798
Cache-Control: max-age=115244
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 14:00:56 GMT
Etag: "63a21a1e-118"
Expires: Thu, 22 Dec 2022 22:01:40 GMT
Last-Modified: Tue, 20 Dec 2022 20:25:02 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 280
cdn.stfilecamp.com/stormtrk.js
205.185.216.10200 OK 6.5 kB URL HTTP/2 cdn.stfilecamp.com/stormtrk.js
IP 205.185.216.10:0
Hash 469e121bb4c4fe159bbca2b4f5a88267
f0c66f226de28b324e4f1ecb766597938f984c60
4706b6d6c3e39cf2915a772595f2cc124e96d0919538b56aa817113e6482c416
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /stormtrk.js HTTP/1.1
Host: cdn.stfilecamp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 14:00:57 GMT
cache-control: max-age=264
content-length: 6502
content-type: text/javascript
last-modified: Tue, 07 Sep 2021 08:59:42 GMT
accept-ranges: bytes
x-rgw-object-type: Normal
etag: "469e121bb4c4fe159bbca2b4f5a88267"
x-amz-request-id: tx000000000000087ec78cd-0063a30491-213ecff2-sfo3a
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-sp-metadata: HS256.CKm/jJ0GEocBCiQ4ZWRmOTNiZi1lMTljLTQ2ZjctODFjMC1hYzQzNjVlODI5YTEQgMPq7NjG+wIaBgiZo4ydBiIMOTEuOTAuNDIuMTU0KIeWAzADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGM3ZDJiNGM0ODRhNDEzZTE5MWRlNmFjZmYyZGIyMDA5GisIARIkOTRhODQ4ZTQtNDQ0YS00ZTAxLWE0ODEtYzczYTkwOWVkMjMyGOYyIhgIAhIUY2RzMDE0LnNrMS5od2Nkbi5uZXQ=.+rkVopAfadQKgLp2WnShSls+ZRRzmpTP7075zxoR+qI=
x-hw: 1671631257.dop219.sk1.t,1671631257.cds258.sk1.hn,1671631257.cds014.sk1.c
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 97216d9347c0d3c1bab297df919688d5
61eca83749fd58d5ce753bf65419435d522c2ce5
7277b81f23f6516aa706c00202e0705421837431095d5b1f7fb0f283ab5736ff
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 14:00:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn-adef.akamaized.net/beep.mp3
23.36.76.194302 Moved Temporarily 0 B URL HTTP/1.1 cdn-adef.akamaized.net/beep.mp3
IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /beep.mp3 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://cdn-adef.akamaized.net/404
Date: Wed, 21 Dec 2022 14:00:57 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 97216d9347c0d3c1bab297df919688d5
61eca83749fd58d5ce753bf65419435d522c2ce5
7277b81f23f6516aa706c00202e0705421837431095d5b1f7fb0f283ab5736ff
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 14:00:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
216.58.211.14200 OK 27 kB URL HTTP/2 translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
IP 216.58.211.14:0
Hash 420561b7511e0a2f1ca2d9f877292607
088af44101085e5aa1dfc0b5c4e4162fc4793dc1
4bfa8f2015dbce28da88351a0e089ea385655d5269013ccb10f7e645d997f9a3
GET /translate_a/element.js?cb=googleTranslateElementInit HTTP/1.1
Host: translate.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 21 Dec 2022 14:00:57 GMT
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: CONSENT=PENDING+710; expires=Fri, 20-Dec-2024 14:00:57 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
translate.googleapis.com/translate_static/css/translateelement.css
142.250.74.42200 OK 3.6 kB URL HTTP/2 translate.googleapis.com/translate_static/css/translateelement.css
IP 142.250.74.42:0
File type ASCII text, with very long lines (18670)
Hash 897ba9a21d9625286674da769dacc2e2
84b4923ab7dee562395160824d53496314499b77
696cbf5c2f3f1efae555562b72abbbb22bed02eff03d62074555cab241190ae0
GET /translate_static/css/translateelement.css HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 3619
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Dec 2022 13:25:58 GMT
expires: Wed, 21 Dec 2022 14:25:58 GMT
cache-control: public, max-age=3600
age: 2099
last-modified: Wed, 17 Aug 2022 23:38:00 GMT
content-type: text/css
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn-adef.akamaized.net/404
23.36.76.194404 Not Found 134 B URL HTTP/1.1 cdn-adef.akamaized.net/404
IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 9c7c01b7650d428a3540bd1d22390a2f
1de74307526c98f84fe5ef2f7dce7ae7c1f77dd0
08c97b6bb3dda74ce86e43cfe75fe216618aa8d1f1e04fa9fc5ef57d3b1a69e1
GET /404 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Range: bytes=0-
Referer: http://ttg.yourhighpotencydefender.site/
Connection: keep-alive
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 134
Date: Wed, 21 Dec 2022 14:00:57 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Last-Modified, Retry-After, Content-Type, Alert, Pragma, ETag, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 21 Dec 2022 13:33:24 GMT
age: 1653
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9d5518b05926e5fc608ad00c4abf3e01
273178a68589773d7c28a2360e64685937a5caa6
c0401c937edee3f05e3e41ab2b09af061962bcfa8471f2d0a0d91c3fe732843d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 14:00:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 8d7d6eee6812a5969bea08945bce01b5
6bded81d129e4e6c5ff24195086397c4287d465e
bde90f43f803a703c94b40274cd5ab8ab531044a2887073a1fa2bbc184d94287
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=147968
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 14:00:57 GMT
Etag: "63a2b099-118"
Expires: Fri, 23 Dec 2022 07:07:05 GMT
Last-Modified: Wed, 21 Dec 2022 07:07:05 GMT
Server: nginx
Content-Length: 280
cdn-adef.akamaized.net/images/favicon.ico
23.36.76.194200 OK 4.1 kB URL HTTP/1.1 cdn-adef.akamaized.net/images/favicon.ico
IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash 4cdf3256cd7b8ec3917adb79d6bf457e
bc615337e9223183a126c8fb649774866fb53e69
fbfff44a653dc193b93620f1035d221d3aaddf3238742270b3385482986ef7f0
GET /images/favicon.ico HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: mzbDFFn0Yhqdz4XL9s4sX6yByljdNVrKhKiK+UtK4DVRgNzfBI6OtL7EakQiGwqEsC19uC++cQI=
x-amz-request-id: 78F19547EBC3B810
Last-Modified: Wed, 07 Nov 2018 08:41:38 GMT
ETag: "4cdf3256cd7b8ec3917adb79d6bf457e"
Accept-Ranges: bytes
Content-Type: image/x-icon
Content-Length: 4103
Server: AmazonS3
Date: Wed, 21 Dec 2022 14:00:57 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 859d899d982bb69df5fb16b8393fa119
580215f1d4f81cda04012c0889cfd9b18ba11863
38159dd549e94d45798b614efa5f968de7b74830c845220d1b6c1435f3940a94
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1080
Cache-Control: max-age=156233
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 14:00:57 GMT
Etag: "63a2ccaa-1d7"
Expires: Fri, 23 Dec 2022 09:24:50 GMT
Last-Modified: Wed, 21 Dec 2022 09:06:50 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash eadadfec0a65bce69128230cfa49f936
1ae7fbb4969315fc2d13cf0a63d1909c499147db
bbd8831dd832214747d09faca8a7092b1e72dbaec35ee513bf6663caaea3e488
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 14:00:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash eadadfec0a65bce69128230cfa49f936
1ae7fbb4969315fc2d13cf0a63d1909c499147db
bbd8831dd832214747d09faca8a7092b1e72dbaec35ee513bf6663caaea3e488
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 14:00:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/images/branding/product/1x/translate_24dp.png
142.250.74.35200 OK 846 B URL HTTP/2 www.gstatic.com/images/branding/product/1x/translate_24dp.png
IP 142.250.74.35:0
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash e9cd262114358f26b7608b56905185dc
6dbde0a96deaab2b529723ce26c62043cf9180ab
5a861509b658aa24fc3aed2867ac3c061e7d818d90b9990959afc6d1b5d4ff99
GET /images/branding/product/1x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 846
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Dec 2022 05:16:19 GMT
expires: Thu, 21 Dec 2023 05:16:19 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
age: 31478
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/images/branding/product/2x/translate_24dp.png
142.250.74.35200 OK 1.8 kB URL HTTP/2 www.gstatic.com/images/branding/product/2x/translate_24dp.png
IP 142.250.74.35:0
File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash c69c796362406f9e11c7f4bf5bb628da
e489ce95ab56208090868882113d7416abf46775
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82
GET /images/branding/product/2x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://translate.googleapis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1842
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Dec 2022 08:58:02 GMT
expires: Thu, 21 Dec 2023 08:58:02 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
age: 18175
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash eadadfec0a65bce69128230cfa49f936
1ae7fbb4969315fc2d13cf0a63d1909c499147db
bbd8831dd832214747d09faca8a7092b1e72dbaec35ee513bf6663caaea3e488
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 14:00:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.stfilecamp.com/fp.min.js
205.185.216.10200 OK 32 kB URL HTTP/2 cdn.stfilecamp.com/fp.min.js
IP 205.185.216.10:0
File type Unicode text, UTF-8 text, with very long lines (31370)
Hash 198f2f5b0a649f41fe890c59d37319aa
f24629687612889bb59f610df3879afcd766fb80
d2bc2cb800679f495a7731c105b2e2047965800515f98008867ab33edc940912
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /fp.min.js HTTP/1.1
Host: cdn.stfilecamp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 14:00:57 GMT
cache-control: max-age=424
content-length: 31705
content-type: text/javascript
last-modified: Mon, 13 Jun 2022 11:23:14 GMT
accept-ranges: bytes
x-rgw-object-type: Normal
etag: "198f2f5b0a649f41fe890c59d37319aa"
x-amz-request-id: tx000000000000000236552-0063a30531-2b8f3340-sfo3a
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-sp-metadata: HS256.CKm/jJ0GEocBCiQ4ZDljMDI5Yi02ZDM5LTQ0ZTYtOGNjNy0wY2JlOWRmMzE3ZTYQgMPq7NjG+wIaBgiZo4ydBiIMOTEuOTAuNDIuMTU0KIeWAzADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIGM3ZDJiNGM0ODRhNDEzZTE5MWRlNmFjZmYyZGIyMDA5GiwIARIkZGMxNmYyMzctNjI0ZC00NGIyLThiZjItN2I3YTE0Njg3YjU3GNn3ASIYCAISFGNkczIzNy5zazEuaHdjZG4ubmV0.7DTT/FFvXDuuu/0a+vkc7w8+Mf478Qtu7LM+z/++wWg=
x-hw: 1671631257.dop219.sk1.t,1671631257.cds258.sk1.hn,1671631257.cds237.sk1.c
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.200.107.47101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.200.107.47:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: AsJemeci9D48gmQfmpeNLQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 3/9lbC1v2d23FSt9quYg9eQN7dw=
cdn-adef.akamaized.net/
23.36.76.194302 Moved Temporarily 0 B IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET / HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://cdn-adef.akamaized.net/404
Date: Wed, 21 Dec 2022 14:00:58 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-adef.akamaized.net/404
23.36.76.194404 Not Found 134 B URL HTTP/1.1 cdn-adef.akamaized.net/404
IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 9c7c01b7650d428a3540bd1d22390a2f
1de74307526c98f84fe5ef2f7dce7ae7c1f77dd0
08c97b6bb3dda74ce86e43cfe75fe216618aa8d1f1e04fa9fc5ef57d3b1a69e1
GET /404 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ttg.yourhighpotencydefender.site/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 134
Date: Wed, 21 Dec 2022 14:00:58 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash db151f8790fc80bb535b13560972296a
768a8261c1529ccdd5f7ecd2f3b4e65d8e6fa0d1
36b57f1a1229e6700cef5491018a90ec4fe375a4c7bb8e3c7ac8a4cf2ad73d5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36B57F1A1229E6700CEF5491018A90EC4FE375A4C7BB8E3C7AC8A4CF2AD73D5A"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3337
Expires: Wed, 21 Dec 2022 14:56:36 GMT
Date: Wed, 21 Dec 2022 14:00:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash db151f8790fc80bb535b13560972296a
768a8261c1529ccdd5f7ecd2f3b4e65d8e6fa0d1
36b57f1a1229e6700cef5491018a90ec4fe375a4c7bb8e3c7ac8a4cf2ad73d5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36B57F1A1229E6700CEF5491018A90EC4FE375A4C7BB8E3C7AC8A4CF2AD73D5A"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3337
Expires: Wed, 21 Dec 2022 14:56:36 GMT
Date: Wed, 21 Dec 2022 14:00:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash db151f8790fc80bb535b13560972296a
768a8261c1529ccdd5f7ecd2f3b4e65d8e6fa0d1
36b57f1a1229e6700cef5491018a90ec4fe375a4c7bb8e3c7ac8a4cf2ad73d5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36B57F1A1229E6700CEF5491018A90EC4FE375A4C7BB8E3C7AC8A4CF2AD73D5A"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3337
Expires: Wed, 21 Dec 2022 14:56:36 GMT
Date: Wed, 21 Dec 2022 14:00:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash db151f8790fc80bb535b13560972296a
768a8261c1529ccdd5f7ecd2f3b4e65d8e6fa0d1
36b57f1a1229e6700cef5491018a90ec4fe375a4c7bb8e3c7ac8a4cf2ad73d5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36B57F1A1229E6700CEF5491018A90EC4FE375A4C7BB8E3C7AC8A4CF2AD73D5A"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3337
Expires: Wed, 21 Dec 2022 14:56:36 GMT
Date: Wed, 21 Dec 2022 14:00:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash db151f8790fc80bb535b13560972296a
768a8261c1529ccdd5f7ecd2f3b4e65d8e6fa0d1
36b57f1a1229e6700cef5491018a90ec4fe375a4c7bb8e3c7ac8a4cf2ad73d5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36B57F1A1229E6700CEF5491018A90EC4FE375A4C7BB8E3C7AC8A4CF2AD73D5A"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3337
Expires: Wed, 21 Dec 2022 14:56:36 GMT
Date: Wed, 21 Dec 2022 14:00:59 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d762722-a130-4c65-99b1-2f6fb91155e5.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d762722-a130-4c65-99b1-2f6fb91155e5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c7ac0b5738bab6b4ed770c26ca922250
e56fd4ee2f5354a54a6271db2be528f98eecd3d7
5997d5be6bbeb189ef08af2f6c6dd5bb0cfa70ad7b40daab8712efe5adc2c6e1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d762722-a130-4c65-99b1-2f6fb91155e5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8450
x-amzn-requestid: a9f11c68-8327-46ba-9075-e316a2f9fdbb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dabr3FoSIAMFdtQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a0d97e-61b788f5675fe0e815e1e967;Sampled=0
x-amzn-remapped-date: Mon, 19 Dec 2022 21:37:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: EFtrPmVeBdwlINxF0wQq0671EksYsi6nsyFd5E4SCSH4_bQyGaNQHQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 a06140ffee86972bad90c57fc682df36.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Dec 2022 07:54:35 GMT
age: 21984
etag: "e56fd4ee2f5354a54a6271db2be528f98eecd3d7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d031850-22eb-4b68-b31f-b6442037953e.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d031850-22eb-4b68-b31f-b6442037953e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 551946a77ac86428763e22bc008d68b1
04f4a422bd872990f47b802326e386ee26a967e3
58dce19008346e668c2a1219aee7f54b940c9c2b541a8bd860731cc05031cd60
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d031850-22eb-4b68-b31f-b6442037953e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10717
x-amzn-requestid: ca8b43b6-7ffd-43df-9a77-b9352a2e8dfe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT66DEbfoAMFw4g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e3ea6-5f8f5745418a41cd6fb9e2c6;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 22:11:50 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: nIfaPEr-pOKiPYtCZDy_dmMtPtKWUXzqfQNec265rlHKzde3RSQcxw==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 7545e37b10b5fcf5e3df98185c85194a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Dec 2022 07:14:12 GMT
age: 24407
etag: "04f4a422bd872990f47b802326e386ee26a967e3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdefad689-8a78-41c9-8774-f0b8a1135d15.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdefad689-8a78-41c9-8774-f0b8a1135d15.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8f5b2e482a0944dfc0de3a69659fa002
64dd897d9163a6eceadc0c5460cdd135d323abb3
feb1a63a27859b88257d50c3c8723131978fd1f363a6f9e1297b91549b4aed9d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdefad689-8a78-41c9-8774-f0b8a1135d15.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9044
x-amzn-requestid: 981a0010-ec53-4659-818b-4cfa39fa8cd5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dbuhqGUbIAMF_QQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a15e0a-65b084547c4d2b4414236f84;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 07:02:34 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: -AR7jIQqHV2XWDLH1W7rybyRGcDQ4oSGQsneAScw7MHK3nwjYYkjWg==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 82893cc36087a50f9a150a621d10e740.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Dec 2022 07:05:45 GMT
age: 24914
etag: "64dd897d9163a6eceadc0c5460cdd135d323abb3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefe0191e-7441-4083-843d-18a9446de816.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefe0191e-7441-4083-843d-18a9446de816.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3bd6359db3b908389343275ee839466b
9094f8e9275252a8e9d5e65fd3e87851b2f80bd7
7380590a93f8a21907c39ddce2f51c599161f219522df4099e9c1a82bcd1e40e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefe0191e-7441-4083-843d-18a9446de816.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9069
x-amzn-requestid: 103b5caf-fa82-4d66-97e6-99c77027f759
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ddt_DG_hoAMFoKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a229f9-1a4accb80dbf5e9f2f696c85;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 21:32:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: D8V_RlBCxL1RHxtCyWkX7_IsCCrOdv2o1Wdic0N_aUz0qguhANp88A==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 29a825d8a219984d47bec4350779b558.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 21:37:22 GMT
age: 59017
etag: "9094f8e9275252a8e9d5e65fd3e87851b2f80bd7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F755d2e29-1b21-4b5a-bf07-7e8c9b9fa5ef.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F755d2e29-1b21-4b5a-bf07-7e8c9b9fa5ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d412dc903a0b59ad7b621087ea0ac761
f2ea37308a210ac16412bac93b63a83a5a018c39
08afbc5941a511b6c536d33a8975fae902f5c4c814de0ed1b7f444c1c4233aad
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F755d2e29-1b21-4b5a-bf07-7e8c9b9fa5ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9661
x-amzn-requestid: 7046f4e1-0f80-4ae7-9500-1b1a07839232
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dbuz0F-OoAMF9Mw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a15e7e-720525d72a8ce03b45b37d86;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 07:04:30 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: F5TWrJ-8iEM7ciqftJNmwMO0qYV-cj0JeyJ99OfGQWVjL-bKHN2LlA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 a06140ffee86972bad90c57fc682df36.cloudfront.net (CloudFront), 1.1 google
date: Wed, 21 Dec 2022 07:07:34 GMT
age: 24805
etag: "f2ea37308a210ac16412bac93b63a83a5a018c39"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd8c50f43-5bd1-47f3-9801-3d69c2401091.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd8c50f43-5bd1-47f3-9801-3d69c2401091.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d4aa7e9e3fe28e9c401786f7415171f7
8482a47175ff105957d640269bc14ee1fbc97448
2215ff2537f927e2baf4f713fc947afefc83b416719113ce516aa00f2a4e0708
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd8c50f43-5bd1-47f3-9801-3d69c2401091.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11535
x-amzn-requestid: 4fb9a698-c429-49e1-a2c5-b9388f03b044
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: daGQIEuSoAMFnBg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a0b733-53b8088f0d8863f813b9967e;Sampled=0
x-amzn-remapped-date: Mon, 19 Dec 2022 19:10:43 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: MiX_AJgXGldkYjkeHO1OUPzraljox6v7B1M54cJPBdmfUZ7QETowOw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 548adcda884eed02304ba5d6a1d7f514.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 21:55:36 GMT
age: 57923
etag: "8482a47175ff105957d640269bc14ee1fbc97448"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn-adef.akamaized.net/
23.36.76.194302 Moved Temporarily 0 B IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET / HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: https://cdn-adef.akamaized.net/404
Date: Wed, 21 Dec 2022 14:01:01 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-adef.akamaized.net/404
23.36.76.194404 Not Found 134 B URL HTTP/1.1 cdn-adef.akamaized.net/404
IP 23.36.76.194:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 9c7c01b7650d428a3540bd1d22390a2f
1de74307526c98f84fe5ef2f7dce7ae7c1f77dd0
08c97b6bb3dda74ce86e43cfe75fe216618aa8d1f1e04fa9fc5ef57d3b1a69e1
GET /404 HTTP/1.1
Host: cdn-adef.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ttg.yourhighpotencydefender.site/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 134
Date: Wed, 21 Dec 2022 14:01:01 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
stormtrk.com/api/1.0/ping/pong?location=http%3A%2F%2Fttg.yourhighpotencydefender.site%2Fc%2F74e223774635a125%3FclickId%3D%7BclickId%7D%26cost%3D%7Bcost%7D%26s1%3D%7Bs1%7D%26s3%3D%7BclickId%7D%26s4%3D%7BfeedId%7D%26s5%3D%7BzoneId%7D%26s6%3D%7BcreativeId%7D%26s7%3D%7BcampaignId%7D%26aff_sub%3D%7Baff_sub%7D%26sub1%3D%7Bsub1%7D%26sid1%3D%7Bsid1%7D%26t%3D%7Bt%7D%26ac%3D%7Bac%7D%26sa%3D%7BfeedId%7D-%7BzoneId%7D%26sid3%3D%7Bsid3%7D%26aff_sub2%3D%7Baff_sub2%7D
104.26.4.120200 OK 0 B URL HTTP/2 stormtrk.com/api/1.0/ping/pong?location=http%3A%2F%2Fttg.yourhighpotencydefender.site%2Fc%2F74e223774635a125%3FclickId%3D%7BclickId%7D%26cost%3D%7Bcost%7D%26s1%3D%7Bs1%7D%26s3%3D%7BclickId%7D%26s4%3D%7BfeedId%7D%26s5%3D%7BzoneId%7D%26s6%3D%7BcreativeId%7D%26s7%3D%7BcampaignId%7D%26aff_sub%3D%7Baff_sub%7D%26sub1%3D%7Bsub1%7D%26sid1%3D%7Bsid1%7D%26t%3D%7Bt%7D%26ac%3D%7Bac%7D%26sa%3D%7BfeedId%7D-%7BzoneId%7D%26sid3%3D%7Bsid3%7D%26aff_sub2%3D%7Baff_sub2%7D
IP 104.26.4.120:0
GET /api/1.0/ping/pong?location=http%3A%2F%2Fttg.yourhighpotencydefender.site%2Fc%2F74e223774635a125%3FclickId%3D%7BclickId%7D%26cost%3D%7Bcost%7D%26s1%3D%7Bs1%7D%26s3%3D%7BclickId%7D%26s4%3D%7BfeedId%7D%26s5%3D%7BzoneId%7D%26s6%3D%7BcreativeId%7D%26s7%3D%7BcampaignId%7D%26aff_sub%3D%7Baff_sub%7D%26sub1%3D%7Bsub1%7D%26sid1%3D%7Bsid1%7D%26t%3D%7Bt%7D%26ac%3D%7Bac%7D%26sa%3D%7BfeedId%7D-%7BzoneId%7D%26sid3%3D%7Bsid3%7D%26aff_sub2%3D%7Baff_sub2%7D HTTP/1.1
Host: stormtrk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ttg.yourhighpotencydefender.site
Connection: keep-alive
Referer: http://ttg.yourhighpotencydefender.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Dec 2022 14:00:57 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Content-Type, Access-Control-Allow-Headers, X-Requested-With
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5dv0UogGRFofE99ByipzrydgMDXDolW6dJnfDUIwWp4nnKPxpgnZ6Mr8xaHPQuh5LU1ILZBysyxqKirnvA6c%2F0MrDsHwX2WBEhH9G5XrxceKbnqkRnmC3ZlLJEPgPA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77d1259e9d19b4f7-OSL
content-encoding: br
X-Firefox-Spdy: h2