firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 02 Sep 2022 15:49:08 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 2afd697fc5d0058ea30d6c4b939e714c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: pzePNXDaxvVq5iyrvDaFRxXfrpWSwSKrWftDg-jfMKUtdS3Xw3m1nw==
Age: 1372
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bcdebf7a2bad5db595e8a0c1abb2ddcb
249dda2fa5e37b8a8f3a8c797193bf0874b6eedc
9b43ec48b16f96449208a0094c4d660806a2a2d344b5862dbff4c393bf3f9f9f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B43EC48B16F96449208A0094C4D660806A2A2D344B5862DBFF4C393BF3F9F9F"
Last-Modified: Thu, 01 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8306
Expires: Fri, 02 Sep 2022 18:30:26 GMT
Date: Fri, 02 Sep 2022 16:12:00 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 02 Sep 2022 01:15:17 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: G5-5UsrpHXdF0pTnHelaJO6aFmOnJMsb_VLaTpuaoDLHTHbaz3R_XQ==
age: 53803
X-Firefox-Spdy: h2
nus.employbenefitscenter.com/gSm8WST
207.67.44.188301 Moved Permanently 20 B URL HTTP/1.1 nus.employbenefitscenter.com/gSm8WST
IP 207.67.44.188:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
Analyzer Verdict Alert fortinet Phishing
GET /gSm8WST HTTP/1.1
Host: nus.employbenefitscenter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 02 Sep 2022 16:12:00 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Location: https://NUS.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/index.php?id=b9a1a8fb62abf777bd753860a4847b78
Content-Encoding: gzip
Vary: Accept-Encoding
X-Frame-Options: sameorigin
Content-Length: 20
Keep-Alive: timeout=45, max=1000
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Sep 2022 16:12:00 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Cache-Control, Pragma, Backoff, Last-Modified, ETag, Expires, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Fri, 02 Sep 2022 15:38:16 GMT
Expires: Fri, 02 Sep 2022 16:14:28 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 4Fz5pvU9rRLPBf11Ng6BOG5GTNvcVC0fruNhopo8vmsre7BP3_TcQw==
Age: 2025
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8c5aba53d769badff2f327fe14c9942f
f14ad58e2904895fc2d9b63c4878e8ce6ad01648
d4f5472f7b2323b76d71ac49f3a1e4402ca5fd6f7603e48f09994e43979da6cc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D4F5472F7B2323B76D71AC49F3A1E4402CA5FD6F7603E48F09994E43979DA6CC"
Last-Modified: Thu, 01 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21555
Expires: Fri, 02 Sep 2022 22:11:16 GMT
Date: Fri, 02 Sep 2022 16:12:01 GMT
Connection: keep-alive
nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/index.php?id=b9a1a8fb62abf777bd753860a4847b78
207.67.44.188200 OK 3.5 kB URL HTTP/1.1 nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/index.php?id=b9a1a8fb62abf777bd753860a4847b78
IP 207.67.44.188:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (651), with CRLF, LF line terminators
Hash e9d29cf717309db15af167fec3a84dc3
cdd20832bfa202f3c67623c0ee44f96edff0cabd
895f92a1ebd51e83946be21bc09b3acfa2154a78cdd3ea56f9d6323cc0b2cdd7
Analyzer Verdict Alert fortinet Phishing
GET /nue8d91e1113/7e51b18dea530b7c4de53332/index.php?id=b9a1a8fb62abf777bd753860a4847b78 HTTP/1.1
Host: nus.employbenefitscenter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 16:12:01 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'
Referrer-Policy: origin
Permissions-Policy: geolocation=(self),midi=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self)
Set-Cookie: id=b9a1a8fb62abf777bd753860a4847b78; HttpOnly
Content-Encoding: gzip
Vary: Accept-Encoding
X-Frame-Options: sameorigin
Content-Length: 3457
Keep-Alive: timeout=45, max=1000
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 21daf45cdda2eb462873226bb5c1f0fb
4d4621bbf1461f35f7e536c1dbd9de71978ffa23
8164c742d013bdc2836cac1167acfe482547347ab6a1daefa15475f694dae057
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3642
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 16:12:01 GMT
Last-Modified: Fri, 02 Sep 2022 15:11:19 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/crypto-sha1.js
207.67.44.188200 OK 1.4 kB URL HTTP/1.1 nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/crypto-sha1.js
IP 207.67.44.188:0
File type ASCII text, with very long lines (547), with CRLF, LF line terminators
Hash 54b44981e89f8d1504439219f5fa1145
9db444de27ef4b8ee9f461c0788b9c8bbe72a92e
779a5cb7b5ff1140679d5aa60ad262d9b713aa0862f28c8e2630fe9e9a217b38
Analyzer Verdict Alert fortinet Phishing
GET /nue8d91e1113/7e51b18dea530b7c4de53332/crypto-sha1.js HTTP/1.1
Host: nus.employbenefitscenter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nus.employbenefitscenter.com/
Connection: keep-alive
Cookie: id=b9a1a8fb62abf777bd753860a4847b78
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 16:12:01 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'
Referrer-Policy: origin
Permissions-Policy: geolocation=(self),midi=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self)
Last-Modified: Thu, 01 Sep 2022 10:59:29 GMT
ETag: "b93-5e79b81f399cf-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Fri, 09 Sep 2022 16:12:01 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Frame-Options: sameorigin
Content-Length: 1379
Keep-Alive: timeout=45, max=999
Connection: Keep-Alive
Content-Type: application/javascript
nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/crypto-md5.js
207.67.44.188200 OK 2.1 kB URL HTTP/1.1 nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/crypto-md5.js
IP 207.67.44.188:0
File type ASCII text, with very long lines (547), with CRLF, LF line terminators
Hash c8806a6925baf40187580f1569cf8fb5
f9007f6379d336bd3728138615dd541e1565ce75
c3da45734aba22f8bc561dc736b9dbfa227bf45b9384d2f23372fa22876711a1
Analyzer Verdict Alert fortinet Phishing
GET /nue8d91e1113/7e51b18dea530b7c4de53332/crypto-md5.js HTTP/1.1
Host: nus.employbenefitscenter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nus.employbenefitscenter.com/
Connection: keep-alive
Cookie: id=b9a1a8fb62abf777bd753860a4847b78
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 16:12:01 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'
Referrer-Policy: origin
Permissions-Policy: geolocation=(self),midi=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self)
Last-Modified: Thu, 01 Sep 2022 10:59:29 GMT
ETag: "14c8-5e79b81f39464-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Fri, 09 Sep 2022 16:12:01 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Frame-Options: sameorigin
Content-Length: 2103
Keep-Alive: timeout=45, max=998
Connection: Keep-Alive
Content-Type: application/javascript
push.services.mozilla.com/
35.160.186.52101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.160.186.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: db4kxJQSQ7D6kUb+JV2u/A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: FTZRinM+Nyx0F6EcyktxU5VWMm8=
nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/default.css
207.67.44.188200 OK 879 B URL HTTP/1.1 nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/default.css
IP 207.67.44.188:0
Hash 67fbfb054f5ee1d10abf4b1045532190
e5fcaeca968d5ecde00e6e419a1316700d716be1
9d77e3c0a4aa7d5ac7db915fa3176bca4e566a84080008eebae788ae51205d31
GET /nue8d91e1113/7e51b18dea530b7c4de53332/default.css HTTP/1.1
Host: nus.employbenefitscenter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nus.employbenefitscenter.com/
Connection: keep-alive
Cookie: id=b9a1a8fb62abf777bd753860a4847b78
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 16:12:01 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'
Referrer-Policy: origin
Permissions-Policy: geolocation=(self),midi=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self)
Last-Modified: Thu, 01 Sep 2022 10:59:29 GMT
ETag: "c78-5e79b81f39ee5-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Fri, 09 Sep 2022 16:12:01 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Frame-Options: sameorigin
Content-Length: 879
Keep-Alive: timeout=45, max=997
Connection: Keep-Alive
Content-Type: text/css
nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/NUS_V3-7.css
207.67.44.188200 OK 1.4 kB URL HTTP/1.1 nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/NUS_V3-7.css
IP 207.67.44.188:0
Hash e0571c260b8b7f0df7c509c977609013
f26ef7dfc650877782ce058a81dd75e6b240bfbb
a35e2ab673af998f26937efbf6aa4538ad5b401db18c5177c6e96904b71b80a7
GET /nue8d91e1113/7e51b18dea530b7c4de53332/NUS_V3-7.css HTTP/1.1
Host: nus.employbenefitscenter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nus.employbenefitscenter.com/
Connection: keep-alive
Cookie: id=b9a1a8fb62abf777bd753860a4847b78
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 16:12:01 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'
Referrer-Policy: origin
Permissions-Policy: geolocation=(self),midi=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self)
Last-Modified: Thu, 01 Sep 2022 10:59:29 GMT
ETag: "f9b-5e79b81ece5d6-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Fri, 09 Sep 2022 16:12:01 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Frame-Options: sameorigin
Content-Length: 1369
Keep-Alive: timeout=45, max=996
Connection: Keep-Alive
Content-Type: text/css
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9169
Expires: Fri, 02 Sep 2022 18:44:51 GMT
Date: Fri, 02 Sep 2022 16:12:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9169
Expires: Fri, 02 Sep 2022 18:44:51 GMT
Date: Fri, 02 Sep 2022 16:12:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9169
Expires: Fri, 02 Sep 2022 18:44:51 GMT
Date: Fri, 02 Sep 2022 16:12:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9169
Expires: Fri, 02 Sep 2022 18:44:51 GMT
Date: Fri, 02 Sep 2022 16:12:02 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9169
Expires: Fri, 02 Sep 2022 18:44:51 GMT
Date: Fri, 02 Sep 2022 16:12:02 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6b23082-fe08-4f5d-b709-47175510cf45.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6b23082-fe08-4f5d-b709-47175510cf45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5e05660322f0368dd2bf8067d7e4554d
ec65cb47d86488f734c945a210d5f636a40fea2c
98875230ec45766102191bdc4180742fa3b8f3ad5ad1a128d12437105f86247e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6b23082-fe08-4f5d-b709-47175510cf45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6196
x-amzn-requestid: a7d6ce70-06d7-498c-8024-80185a3fc3e4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzLyLFmVIAMFkcQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112674-3fad622927177e9236d7c50a;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:39:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qAMCgNpYR80vXSDyHFOFcbT8VukBemR2AGoGNaCfYaszKshu-gv6zg==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 21:54:15 GMT
age: 65867
etag: "ec65cb47d86488f734c945a210d5f636a40fea2c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3cef8f6-078d-43f5-ba9b-fcc5dc69a7f7.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3cef8f6-078d-43f5-ba9b-fcc5dc69a7f7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cab49f59207f816d98a21cd3fc2c37d1
8a9278f8ff5d149420673649878ca1ee266a0783
aebe0748f049bcb801be83459d4bae66b9c1453de3b0ea7e6a63bea88b6e7a5a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3cef8f6-078d-43f5-ba9b-fcc5dc69a7f7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13104
x-amzn-requestid: da627f0c-5cde-4a37-878c-dcada8a25f64
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzL6_EYoIAMFiYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631126ac-10dbcb432e6d1af46cffaefe;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:39:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: EYnLT-zi94yLohu6F2sovFoJ7UPSlEwh8CTMXR3d9aqGb00jm1f8oQ==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 22:32:41 GMT
age: 63561
etag: "8a9278f8ff5d149420673649878ca1ee266a0783"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06f2c9c2-de63-41e1-8359-5a5923a2b1e8.webp
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06f2c9c2-de63-41e1-8359-5a5923a2b1e8.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5ba50b2fd1814c5ffc95aef40c69ce8c
cbb4546228115cccc122b16209e70171bef5c1f2
de822c8549508b28a07d29b203ae3ef356470df906cba727fc765f1bd14bb866
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06f2c9c2-de63-41e1-8359-5a5923a2b1e8.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9252
x-amzn-requestid: 7feebba8-f6b9-4b79-9726-5a7534da277e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzLyVG5DoAMF_Ug=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112675-3123158f3dcfbd476537ca3c;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:39:01 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: BOa5zGQyJS9q9bHmtKzlNtyS9ToGPZJkDFo2uY2lzz8Lnd3cZLQEaA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 22:48:18 GMT
age: 62624
etag: "cbb4546228115cccc122b16209e70171bef5c1f2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd1bf889-bcbe-4ad4-950a-a32b2f875537.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd1bf889-bcbe-4ad4-950a-a32b2f875537.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 24d848f7606889b048b6334e70d8a5e0
85239ef4f2fee8d3345e599bc942cab63ff3aaf6
da6cf33b440b51f72a70f309d62fd581aed246b6a78b8f329fa3899db15ff86d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd1bf889-bcbe-4ad4-950a-a32b2f875537.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5889
x-amzn-requestid: 42237574-f86e-4ece-b986-6d0c5910fcc5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzMVgHajoAMFmXg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112756-48ff9d98464cf3c9680d97b4;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:42:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: _7BBSlQQucoO5poncTYuX4fcmS4WFg3UcVFXalckGCCNFKJ0h5UpsQ==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 22:31:42 GMT
etag: "85239ef4f2fee8d3345e599bc942cab63ff3aaf6"
content-type: image/jpeg
age: 63620
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 955f2a35bd6b3802670e7fa8a7cda833
4c70d27f7c51b7fcae1d8a883bfc2e67a551ae6c
2fb517039f0704d2f6fe2fa78eae47c71c645add1c2276f8726248184ae45760
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10435
x-amzn-requestid: 813ec4ca-243d-46cb-a6a6-8ec58e5dd9f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzLjdHwnIAMFhzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112615-4733cfb83cf0e8734abc5716;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:37:25 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: n6DJbsUGTdXT42cNLTDq6Uz28H2SDhwq6drdKP4axAHsBz471X7r_g==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 21:37:26 GMT
etag: "4c70d27f7c51b7fcae1d8a883bfc2e67a551ae6c"
content-type: image/jpeg
age: 66876
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9564bd06-b264-460b-96bb-6b37cf25a72b.jpeg
34.120.237.76200 OK 17 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9564bd06-b264-460b-96bb-6b37cf25a72b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 12756903aaa74164feb5f8525398ca36
9fef9b071daea6793cbbdfe391254ac4326b1aa2
6d474a6d96aebfed43a4f6812f18a1be8d100c590f75eb0fbf4ec7277dd0c442
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9564bd06-b264-460b-96bb-6b37cf25a72b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16818
x-amzn-requestid: 6950a3c5-2cdc-4a21-854c-10d925e32ecd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XiYLvHRSIAMFotQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630a6d7e-6e98b9a77e592bd01afb1d97;Sampled=0
x-amzn-remapped-date: Sat, 27 Aug 2022 19:16:14 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3eBLhLH4APXLyj9kLHXNCFT9ccS_bnBp5INvMI93IFvOuBMERe_GgQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 13:36:12 GMT
age: 9350
etag: "9fef9b071daea6793cbbdfe391254ac4326b1aa2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/ppid.js
207.67.44.188200 OK 13 kB URL HTTP/1.1 nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/ppid.js
IP 207.67.44.188:0
File type ASCII text, with very long lines (36784)
Hash 1257aab504191d2db71b1f95b5b48274
af750e867adc571529842b0eeb040ce79acf4a61
1cda82497d29e1bed8822ba49a144e013f8788cd9ee75f25463807551e100f95
Analyzer Verdict Alert fortinet Phishing
GET /nue8d91e1113/7e51b18dea530b7c4de53332/ppid.js HTTP/1.1
Host: nus.employbenefitscenter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nus.employbenefitscenter.com/
Connection: keep-alive
Cookie: id=b9a1a8fb62abf777bd753860a4847b78
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 16:12:03 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'
Referrer-Policy: origin
Permissions-Policy: geolocation=(self),midi=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self)
Last-Modified: Thu, 01 Sep 2022 10:59:29 GMT
ETag: "8fb1-5e79b81f3efb1-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Fri, 09 Sep 2022 16:12:03 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Frame-Options: sameorigin
Content-Length: 12920
Keep-Alive: timeout=45, max=1000
Connection: Keep-Alive
Content-Type: application/javascript
nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/swfobject.js
207.67.44.188200 OK 3.9 kB URL HTTP/1.1 nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/swfobject.js
IP 207.67.44.188:0
File type ASCII text, with very long lines (10071)
Hash be82faf5f64b79488d7c3fe9b195344e
40c79774a1d8cf05afab0f20526d99539b1f132c
143e1627cb74f60210c12201bfdc3ad5ae3724dadf0f202060d3a42945685c25
Analyzer Verdict Alert fortinet Phishing
GET /nue8d91e1113/7e51b18dea530b7c4de53332/swfobject.js HTTP/1.1
Host: nus.employbenefitscenter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nus.employbenefitscenter.com/
Connection: keep-alive
Cookie: id=b9a1a8fb62abf777bd753860a4847b78
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 16:12:03 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'
Referrer-Policy: origin
Permissions-Policy: geolocation=(self),midi=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self)
Last-Modified: Thu, 01 Sep 2022 10:59:29 GMT
ETag: "27ec-5e79b81f40f66-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Fri, 09 Sep 2022 16:12:03 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Frame-Options: sameorigin
Content-Length: 3944
Keep-Alive: timeout=45, max=1000
Connection: Keep-Alive
Content-Type: application/javascript
nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/machine_click_test.js
207.67.44.188200 OK 1.3 kB URL HTTP/1.1 nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/machine_click_test.js
IP 207.67.44.188:0
File type ASCII text, with CRLF, LF line terminators
Hash 8052ee4a670cb5389a11ab02e7ce2637
ea78665fb71738644141b062e61d9f0534d3e72f
267cdce7432251fa35ed822a4d5ef951bebc35bffdbd4e16d32d813d0192216b
Analyzer Verdict Alert fortinet Phishing
GET /nue8d91e1113/7e51b18dea530b7c4de53332/machine_click_test.js HTTP/1.1
Host: nus.employbenefitscenter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nus.employbenefitscenter.com/
Connection: keep-alive
Cookie: id=b9a1a8fb62abf777bd753860a4847b78
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 16:12:03 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'
Referrer-Policy: origin
Permissions-Policy: geolocation=(self),midi=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self)
Last-Modified: Thu, 01 Sep 2022 10:59:29 GMT
ETag: "180e-5e79b81ea34b2-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Fri, 09 Sep 2022 16:12:03 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Frame-Options: sameorigin
Content-Length: 1251
Keep-Alive: timeout=45, max=1000
Connection: Keep-Alive
Content-Type: application/javascript
nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/jquery-latest.js
207.67.44.188200 OK 33 kB URL HTTP/1.1 nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/jquery-latest.js
IP 207.67.44.188:0
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Hash 929b34b42ac409139d3e3e22ebdfdba3
9876aff27cea09ca161ee4fa0d1376042637ea80
a426bfa10cc2506dc53d8634b7ffc88c060aab7f33400229f0509c1c49b250a4
Analyzer Verdict Alert fortinet Phishing
GET /nue8d91e1113/7e51b18dea530b7c4de53332/jquery-latest.js HTTP/1.1
Host: nus.employbenefitscenter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nus.employbenefitscenter.com/
Connection: keep-alive
Cookie: id=b9a1a8fb62abf777bd753860a4847b78
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 16:12:03 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'
Referrer-Policy: origin
Permissions-Policy: geolocation=(self),midi=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self)
Last-Modified: Thu, 01 Sep 2022 10:59:29 GMT
ETag: "16f44-5e79b81f3d099-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Fri, 09 Sep 2022 16:12:03 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Frame-Options: sameorigin
Content-Length: 33274
Keep-Alive: timeout=45, max=1000
Connection: Keep-Alive
Content-Type: application/javascript
nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/default.js
207.67.44.188200 OK 5.3 kB URL HTTP/1.1 nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/default.js
IP 207.67.44.188:0
Hash 96537c4e0db82325148ec3129f56ff42
e5a64ba82f69a51577fd54196651bf0529f2c04b
0b3b88db4a606d134ccb79124d7842ad73731f73e2b048d0abed19d8887f8e30
Analyzer Verdict Alert fortinet Phishing
GET /nue8d91e1113/7e51b18dea530b7c4de53332/default.js HTTP/1.1
Host: nus.employbenefitscenter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nus.employbenefitscenter.com/
Connection: keep-alive
Cookie: id=b9a1a8fb62abf777bd753860a4847b78
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 16:12:03 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'
Referrer-Policy: origin
Permissions-Policy: geolocation=(self),midi=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self)
Last-Modified: Thu, 01 Sep 2022 10:59:29 GMT
ETag: "4e53-5e79b81f3a413-gzip"
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Fri, 09 Sep 2022 16:12:03 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
X-Frame-Options: sameorigin
Content-Length: 5252
Keep-Alive: timeout=45, max=1000
Connection: Keep-Alive
Content-Type: application/javascript
nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/img.php?source=landingPage&g=2e3cdc
207.67.44.188200 OK 15 kB URL HTTP/1.1 nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/img.php?source=landingPage&g=2e3cdc
IP 207.67.44.188:0
File type PNG image data, 330 x 59, 8-bit/color RGBA, non-interlaced\012- data
Hash 2cb0a907d17960cd2ab6e62f6c31d9d1
b3a35f0ad5d22b451e4d0c13fae2f1d801f4c661
f080a1576cf7a8f288350efbc0a94c5814b2f214b9b9a19303bcee2979f7c524
GET /nue8d91e1113/7e51b18dea530b7c4de53332/img.php?source=landingPage&g=2e3cdc HTTP/1.1
Host: nus.employbenefitscenter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nus.employbenefitscenter.com/
Connection: keep-alive
Cookie: id=b9a1a8fb62abf777bd753860a4847b78
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 16:12:03 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'
Referrer-Policy: origin
Permissions-Policy: geolocation=(self),midi=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self)
Expires: Fri, 02 Sep 2022 16:12:03 GMT
Content-Length: 15079
Content-Disposition: inline; filename="BTN_CTA.png"
X-Frame-Options: sameorigin
Keep-Alive: timeout=45, max=999
Connection: Keep-Alive
Content-Type: image/png
nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/img.php?source=landingPage&g=6c4904
207.67.44.188200 OK 2.4 kB URL HTTP/1.1 nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/img.php?source=landingPage&g=6c4904
IP 207.67.44.188:0
File type PNG image data, 45 x 48, 8-bit/color RGB, non-interlaced\012- data
Hash ef8b6c79e25b0f84cc23c48f1ea1dfe6
c0825976c388b4d4e8c1434722938048c81a7fe8
88f192b8309b1df7e6a0833840c9074c34e2c55c371c69e578823b91f1d6870c
GET /nue8d91e1113/7e51b18dea530b7c4de53332/img.php?source=landingPage&g=6c4904 HTTP/1.1
Host: nus.employbenefitscenter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nus.employbenefitscenter.com/
Connection: keep-alive
Cookie: id=b9a1a8fb62abf777bd753860a4847b78
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 16:12:03 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'
Referrer-Policy: origin
Permissions-Policy: geolocation=(self),midi=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self)
Expires: Fri, 02 Sep 2022 16:12:03 GMT
Content-Length: 2409
Content-Disposition: inline; filename="Phish_but-2.png"
X-Frame-Options: sameorigin
Keep-Alive: timeout=45, max=999
Connection: Keep-Alive
Content-Type: image/png
nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/img.php?source=landingPage&g=f930ee
207.67.44.188200 OK 4.5 kB URL HTTP/1.1 nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/img.php?source=landingPage&g=f930ee
IP 207.67.44.188:0
File type PNG image data, 136 x 34, 8-bit/color RGB, non-interlaced\012- data
Hash 393164d640b6340541d068c001bb192a
c079a39a91f4f7f26b77812dc893b978db9294bb
a3f86340fae5b7cb23161a78496c32c14ea5499f3de7017728cc6311473bf3e9
GET /nue8d91e1113/7e51b18dea530b7c4de53332/img.php?source=landingPage&g=f930ee HTTP/1.1
Host: nus.employbenefitscenter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nus.employbenefitscenter.com/
Connection: keep-alive
Cookie: id=b9a1a8fb62abf777bd753860a4847b78
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 16:12:03 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'
Referrer-Policy: origin
Permissions-Policy: geolocation=(self),midi=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self)
Expires: Fri, 02 Sep 2022 16:12:03 GMT
Content-Length: 4476
Content-Disposition: inline; filename="D3 landing point 3.png"
X-Frame-Options: sameorigin
Keep-Alive: timeout=45, max=999
Connection: Keep-Alive
Content-Type: image/png
nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/img.php?source=landingPage&g=362b44
207.67.44.188200 OK 42 kB URL HTTP/1.1 nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/img.php?source=landingPage&g=362b44
IP 207.67.44.188:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 380x212, components 3\012- data
Hash 5fd33cf6b8dc36c013a29c387388c564
28fdf90d65364f20d2145f4d82ab4692e34bc519
052188f195bc8833901997e88595c98717f8e8c3de401feef2a5d95ecaf84150
GET /nue8d91e1113/7e51b18dea530b7c4de53332/img.php?source=landingPage&g=362b44 HTTP/1.1
Host: nus.employbenefitscenter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nus.employbenefitscenter.com/
Connection: keep-alive
Cookie: id=b9a1a8fb62abf777bd753860a4847b78
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 16:12:03 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'
Referrer-Policy: origin
Permissions-Policy: geolocation=(self),midi=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self)
Expires: Fri, 02 Sep 2022 16:12:03 GMT
Content-Length: 42118
Content-Disposition: inline; filename="NUS_logo@2X.jpg"
X-Frame-Options: sameorigin
Keep-Alive: timeout=45, max=995
Connection: Keep-Alive
Content-Type: image/jpeg
nus.employbenefitscenter.com/favicon.ico
207.67.44.188404 Not Found 46 B URL HTTP/1.1 nus.employbenefitscenter.com/favicon.ico
IP 207.67.44.188:0
File type ASCII text, with no line terminators
Hash 338f61e16ab2df27fc58a24281ec0ecd
a36986ab727bf682b67684466402a4a1fda023ed
59c65468bcba7209e72643658de98a0c41f8f406fa5e0e8618f5f9f8cae50c0a
GET /favicon.ico HTTP/1.1
Host: nus.employbenefitscenter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nus.employbenefitscenter.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Date: Fri, 02 Sep 2022 16:12:04 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'
Referrer-Policy: origin
Permissions-Policy: geolocation=(self),midi=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self)
Content-Encoding: gzip
Vary: Accept-Encoding
X-Frame-Options: sameorigin
Content-Length: 46
Keep-Alive: timeout=45, max=998
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/NUS_Hero_blueTop.jpg
207.67.44.188200 OK 442 kB URL HTTP/1.1 nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/NUS_Hero_blueTop.jpg
IP 207.67.44.188:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1400x395, components 3\012- data
Size 442 kB (441498 bytes)
Hash 22547468bd0d19dfb1c38df417557ef8
335527a45afb58bd2a5033ca8ccfd7fe63c4b72e
de7c0ffb088453888937c21e9f70181bf4dd584f46b9d12cb67fa9c2ce3edd43
GET /nue8d91e1113/7e51b18dea530b7c4de53332/NUS_Hero_blueTop.jpg HTTP/1.1
Host: nus.employbenefitscenter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nus.employbenefitscenter.com/
Connection: keep-alive
Cookie: id=b9a1a8fb62abf777bd753860a4847b78
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 16:12:03 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'
Referrer-Policy: origin
Permissions-Policy: geolocation=(self),midi=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self)
Last-Modified: Thu, 01 Sep 2022 10:59:29 GMT
ETag: "6bc9a-5e79b81f35d22"
Accept-Ranges: bytes
Content-Length: 441498
Cache-Control: max-age=604800
Expires: Fri, 09 Sep 2022 16:12:03 GMT
X-Frame-Options: sameorigin
Keep-Alive: timeout=45, max=999
Connection: Keep-Alive
Content-Type: image/jpeg
nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/img.php?source=landingPage&g=25dd9b
207.67.44.188200 OK 382 kB URL HTTP/1.1 nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/img.php?source=landingPage&g=25dd9b
IP 207.67.44.188:0
File type PNG image data, 900 x 789, 8-bit/color RGB, non-interlaced\012- data
Size 382 kB (382442 bytes)
Hash 111f1e97e58ee093f8f6a80da12fb29a
01f1e8793a388a5cf6e80d5f2a66913b1a814589
1c9f3bf6234aad0b3a18db1b16a0afa381973066b66a95d7ff8b62bb84b4f84e
GET /nue8d91e1113/7e51b18dea530b7c4de53332/img.php?source=landingPage&g=25dd9b HTTP/1.1
Host: nus.employbenefitscenter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nus.employbenefitscenter.com/
Connection: keep-alive
Cookie: id=b9a1a8fb62abf777bd753860a4847b78
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 16:12:03 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'
Referrer-Policy: origin
Permissions-Policy: geolocation=(self),midi=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self)
Expires: Fri, 02 Sep 2022 16:12:03 GMT
Content-Length: 382442
Content-Disposition: inline; filename="D3 with num_2.png"
X-Frame-Options: sameorigin
Keep-Alive: timeout=45, max=999
Connection: Keep-Alive
Content-Type: image/png
nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/art.php
207.67.44.188200 OK 20 B URL HTTP/1.1 nus.employbenefitscenter.com/nue8d91e1113/7e51b18dea530b7c4de53332/art.php
IP 207.67.44.188:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
Analyzer Verdict Alert fortinet Phishing
POST /nue8d91e1113/7e51b18dea530b7c4de53332/art.php HTTP/1.1
Host: nus.employbenefitscenter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nus.employbenefitscenter.com/
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Content-Length: 1574
Origin: https://nus.employbenefitscenter.com
Connection: keep-alive
Cookie: id=b9a1a8fb62abf777bd753860a4847b78
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 16:12:04 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'
Referrer-Policy: origin
Permissions-Policy: geolocation=(self),midi=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self)
Content-Encoding: gzip
Vary: Accept-Encoding
X-Frame-Options: sameorigin
Content-Length: 20
Keep-Alive: timeout=45, max=998
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22bc4d5a-9f0a-4b9f-a3a8-5d297d24ea9a.jpeg
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22bc4d5a-9f0a-4b9f-a3a8-5d297d24ea9a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b01e38b12bffb2f525351913eaa246cb
b7f8c0db9e2ddc795726b77b8f8f21037611fca8
e06e127b8ab197f09cc1b4a18d643908aef03898e86a80ca5f901865bfdbd5fd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22bc4d5a-9f0a-4b9f-a3a8-5d297d24ea9a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 7174
x-amzn-requestid: 6b46447e-a28e-4ae8-978e-6729da4aff62
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzL6_FraoAMFQIA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631126ac-67d9e46104e9215a6f13c224;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:39:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 2i14aRjpjm1-vRDgZ_8YpQl8Qhur_k3O69OG7XlQhwumXksEGXiKZQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 22:32:42 GMT
etag: "b7f8c0db9e2ddc795726b77b8f8f21037611fca8"
content-type: image/jpeg
age: 63567
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2