firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 23 Sep 2022 11:12:19 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: vloh4yHvyI9pOYnBbdO9IGiB_PGlZTdfBCK_xHftYSoSsdLDL-RhYg==
Age: 3439
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 09a973de929ab7452edc342c780d3668
3f14f6e0a36f76863c0aea6fb561c266404a7ea3
e82ca5f310e37267fbf792427747e65c2bb35e684d3f629c0aa302f688bc4f80
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11072
Expires: Fri, 23 Sep 2022 15:14:10 GMT
Date: Fri, 23 Sep 2022 12:09:38 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 23 Sep 2022 04:35:15 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: jG-hm1m471JtHI4xs_qmtZi3CPAsN5L_2tg500e9Me3adt0_pcw1OQ==
age: 27264
X-Firefox-Spdy: h2
zbuh-zgfm.maillist-manage.com/click.zc?m=1&mrd=1dd969b0ae66d9e5&od=3z96f14c18bf04e0b44089281c0c15b0722c663152e9ea98b76c3086ace6b1850e&linkDgs=1dd969b0ae613a2a&repDgs=1dd969b0ae81ee9f
136.143.190.68301 Moved Permanently 134 B URL HTTP/1.1 zbuh-zgfm.maillist-manage.com/click.zc?m=1&mrd=1dd969b0ae66d9e5&od=3z96f14c18bf04e0b44089281c0c15b0722c663152e9ea98b76c3086ace6b1850e&linkDgs=1dd969b0ae613a2a&repDgs=1dd969b0ae81ee9f
IP 136.143.190.68:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
GET /click.zc?m=1&mrd=1dd969b0ae66d9e5&od=3z96f14c18bf04e0b44089281c0c15b0722c663152e9ea98b76c3086ace6b1850e&linkDgs=1dd969b0ae613a2a&repDgs=1dd969b0ae81ee9f HTTP/1.1
Host: zbuh-zgfm.maillist-manage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: ZGS
Date: Fri, 23 Sep 2022 12:09:38 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://zbuh-zgfm.maillist-manage.com/click.zc?m=1&mrd=1dd969b0ae66d9e5&od=3z96f14c18bf04e0b44089281c0c15b0722c663152e9ea98b76c3086ace6b1850e&linkDgs=1dd969b0ae613a2a&repDgs=1dd969b0ae81ee9f
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:09:38 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 23 Sep 2022 12:03:22 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Fri, 23 Sep 2022 12:27:16 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: oKIJtldKSspoqe1UNaTvT7ZhTB8iHkPJIIVv9F4qE6bRgtjTSwAAVA==
Age: 376
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 038628b27d4eca1471c862a82c79fb58
2071ac88d28cc0544654bbb5afd7d1523475c32e
ecfe377f06d400c43ab74a6dcd44b2ca881c9a2f6bef75e7eb3edbade18aaa8c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ECFE377F06D400C43AB74A6DCD44B2CA881C9A2F6BEF75E7EB3EDBADE18AAA8C"
Last-Modified: Wed, 21 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20601
Expires: Fri, 23 Sep 2022 17:52:59 GMT
Date: Fri, 23 Sep 2022 12:09:38 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f714931cf870bfa33815fd259b7246fd
38e411ef8ca1b31ead8415ee5f21d98bd9653a86
897675130112daff8bdf6fa25b56faa4b9fdb367daca2b2645ed65c83a2e423f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3685
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 12:09:39 GMT
Last-Modified: Fri, 23 Sep 2022 11:08:14 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.89.255.30101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.255.30:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: eiYMinhfJY5zJwSI7UMlVw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: XedPRyMB1d1oazcTCdbVqRnnnP4=
zbuh-zgfm.maillist-manage.com/click.zc?m=1&mrd=1dd969b0ae66d9e5&od=3z96f14c18bf04e0b44089281c0c15b0722c663152e9ea98b76c3086ace6b1850e&linkDgs=1dd969b0ae613a2a&repDgs=1dd969b0ae81ee9f
136.143.190.68302 0 B URL HTTP/1.1 zbuh-zgfm.maillist-manage.com/click.zc?m=1&mrd=1dd969b0ae66d9e5&od=3z96f14c18bf04e0b44089281c0c15b0722c663152e9ea98b76c3086ace6b1850e&linkDgs=1dd969b0ae613a2a&repDgs=1dd969b0ae81ee9f
IP 136.143.190.68:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click.zc?m=1&mrd=1dd969b0ae66d9e5&od=3z96f14c18bf04e0b44089281c0c15b0722c663152e9ea98b76c3086ace6b1850e&linkDgs=1dd969b0ae613a2a&repDgs=1dd969b0ae81ee9f HTTP/1.1
Host: zbuh-zgfm.maillist-manage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302
Server: ZGS
Date: Fri, 23 Sep 2022 12:09:39 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Set-Cookie: c72887300d=7e417510cd1af1177b010f695008c494; Path=/
ZCAMPAIGN_CSRF_TOKEN=9449665e-98ec-4041-a6ee-c3c4b315381f;path=/;SameSite=None;Secure;priority=high
_zcsr_tmp=9449665e-98ec-4041-a6ee-c3c4b315381f;path=/;SameSite=Strict;Secure;priority=high
JSESSIONID=A01B7EF588BDD23EF123E58ED11CBA28; Path=/; Secure; HttpOnly
Pragma: no-cache
Cache-Control: private,no-cache,no-store,max-age=0,must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Cache-Control, Pragma, Origin, Authorization, Content-Type, X-Requested-With
Access-Control-Allow-Methods: GET,POST,OPTIONS
Location: https://34db2k.axshare.com/#id=ds2cuu&p=page_1&c=1
Strict-Transport-Security: max-age=63072000
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 225c19059658e36c4f01e55ee9677020
3998ccf4fa6de599456e719ad52d1e6275f99852
3cec7c81d43cca6b0555a3d335015d1234a00434518dc81dee2984c312d8b5d0
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 23 Sep 2022 12:09:39 GMT
Last-Modified: Fri, 23 Sep 2022 11:02:02 GMT
Server: ECS (dcb/7F84)
X-Cache: Miss from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: NrInb_is435Ws1839xVihlFipSxictIqB1su6F2LykbGgXWAfPtaEA==
Age: 4057
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash b9893dbb93b5cc3cb8637b496ecd3c1c
007b31caa727ce627f6ba81a3f43326a1538181e
b82608484e9e9dbf009de73986da468fff9833e5d040016b3214b8774ba9f500
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 12:09:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
34db2k.axshare.com/Content/Site.css
35.156.40.241200 OK 11 kB URL HTTP/2 34db2k.axshare.com/Content/Site.css
IP 35.156.40.241:0
File type Unicode text, UTF-8 (with BOM) text
Hash fa9f5a5054aeb4e1932cbf513d308e82
7f97eb1aaac91216fe4239b8299f3438113e1d3b
e16bdeb36ff0bda67080751885457173bd5cca0a45deed218006c8e242b3eb49
GET /Content/Site.css HTTP/1.1
Host: 34db2k.axshare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://34db2k.axshare.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:09:39 GMT
content-type: text/css
server: nginx
cache-control: must-revalidate, max-age=600
last-modified: Thu, 22 Sep 2022 20:34:15 GMT
etag: W/"1d8cec2ae429497"
x-region: eu-central-1
x-content-type-options: nosniff
x-xss-protection: 1
referrer-policy: no-referrer-when-downgrade
content-encoding: br
X-Firefox-Spdy: h2
34db2k.axshare.com/Scripts/sha512-min.js
35.156.40.241200 OK 3.4 kB URL HTTP/2 34db2k.axshare.com/Scripts/sha512-min.js
IP 35.156.40.241:0
File type ASCII text, with very long lines (7597)
Hash e3f9a1fd560a9c90bc248e32ef0a4e81
b6de1f87fd9788ef1f6ce587c3b0fe169a9063c3
8a778240dbb61aad15d8844afbd0c475776f85a49ab8bc7708851e372c99bd0d
Analyzer Verdict Alert fortinet Phishing
GET /Scripts/sha512-min.js HTTP/1.1
Host: 34db2k.axshare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://34db2k.axshare.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:09:39 GMT
content-type: application/javascript
server: nginx
cache-control: must-revalidate, max-age=600
last-modified: Thu, 22 Sep 2022 20:34:16 GMT
etag: W/"1d8cec2aedb0afb"
x-region: eu-central-1
x-content-type-options: nosniff
x-xss-protection: 1
referrer-policy: no-referrer-when-downgrade
content-encoding: br
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 13dc65dd865d12fafe38144d96465d2a
1b0ad778e201399a65e4bbefe4993a215ffe6728
dc24acafcc8c72900bb23711c2f0f3b61035f8b514d6fa40319d0dc6855ebf49
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 23 Sep 2022 12:09:39 GMT
Last-Modified: Fri, 23 Sep 2022 11:26:43 GMT
Server: ECS (dcb/7EED)
X-Cache: Miss from cloudfront
Via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 7wgpj2fyJxFsZJ-hKR1v3yvE8Dh-lDYqcRCkG77cRbQTBIErk_SMdA==
Age: 2576
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 61161d7e55cd1774a849bc53a08e6e5a
d20e5e307c409566f5e3b66ab27bdb2b12fd4335
315a64e364ebadfefc4865d879c39e39fac19f2bff73f93c7ab2a73b71d6edc7
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 23 Sep 2022 12:09:39 GMT
Last-Modified: Fri, 23 Sep 2022 10:55:39 GMT
Server: ECS (bsa/EB21)
X-Cache: Miss from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ysGetE9OUKSJaKMa-No4Vtlu2pkog4f4Cgv_Xmo_wZ-V_4CpZ7B6vg==
Age: 4440
accounts.axure.com/Content/account/Dialogs.html?_=1663934979390
52.86.64.14200 OK 724 B URL HTTP/2 accounts.axure.com/Content/account/Dialogs.html?_=1663934979390
IP 52.86.64.14:0
File type HTML document, Unicode text, UTF-8 (with BOM) text
Hash 764cad24fb3c33ad57d6abbc7f93198f
1cf3d766bd7bf65ee20c4cca49e06937e3340c8e
962d0f26d359660d01f38fa4648887311483fb8cd3cfd7ccc632d113f84232d1
GET /Content/account/Dialogs.html?_=1663934979390 HTTP/1.1
Host: accounts.axure.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://34db2k.axshare.com
Connection: keep-alive
Referer: https://34db2k.axshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:09:40 GMT
content-type: text/html
server: nginx
cache-control: must-revalidate, max-age=600
last-modified: Tue, 09 Aug 2022 21:24:09 GMT
etag: W/"1d8ac365ca5a9a6"
vary: Origin
access-control-allow-credentials: true
access-control-allow-origin: https://34db2k.axshare.com
access-control-expose-headers: X-Exception-Id
x-region: us-east-1
x-content-type-options: nosniff
x-xss-protection: 1
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000
content-encoding: br
X-Firefox-Spdy: h2
34db2k.axshare.com/images/rpLogo.svg
35.156.40.241200 OK 1.8 kB URL HTTP/2 34db2k.axshare.com/images/rpLogo.svg
IP 35.156.40.241:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (654)
Hash 6ee41c6e891b49fcdafd242993d1d865
c3b9d5695d54aee4dacee56df918c8c885747702
6cb041b3f9d4bbb84ae03a2bdb47023d10ecc9f676245767394316f5fd9b8eb3
Analyzer Verdict Alert fortinet Phishing
GET /images/rpLogo.svg HTTP/1.1
Host: 34db2k.axshare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://34db2k.axshare.com/Content/axStyles.css
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:09:40 GMT
content-type: image/svg+xml
server: nginx
cache-control: must-revalidate, max-age=600
last-modified: Thu, 22 Sep 2022 20:34:16 GMT
etag: W/"1d8cec2aedb1a68"
x-region: eu-central-1
x-content-type-options: nosniff
x-xss-protection: 1
referrer-policy: no-referrer-when-downgrade
content-encoding: br
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash cae538dcce82598fbe43c0bf443e62dd
cc68ac6be9c5e0087a0000e5735b83270ace30f5
954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://34db2k.axshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Fri, 23 Sep 2022 10:41:09 GMT
expires: Fri, 23 Sep 2022 12:41:09 GMT
cache-control: public, max-age=7200
age: 5311
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/collect?v=1&_v=j97&aip=1&a=92362765&t=pageview&_s=1&dl=https%3A%2F%2F34db2k.axshare.com%2F&ul=en-us&de=UTF-8&dt=Prototype%20Deleted&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEAAAAAB~&cid=702250750.1663934980&tid=UA-586346-7&_gid=1455026210.1663934980&z=1599596947
142.250.74.174200 OK 35 B URL HTTP/2 www.google-analytics.com/collect?v=1&_v=j97&aip=1&a=92362765&t=pageview&_s=1&dl=https%3A%2F%2F34db2k.axshare.com%2F&ul=en-us&de=UTF-8&dt=Prototype%20Deleted&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEAAAAAB~&cid=702250750.1663934980&tid=UA-586346-7&_gid=1455026210.1663934980&z=1599596947
IP 142.250.74.174:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /collect?v=1&_v=j97&aip=1&a=92362765&t=pageview&_s=1&dl=https%3A%2F%2F34db2k.axshare.com%2F&ul=en-us&de=UTF-8&dt=Prototype%20Deleted&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YEAAAAAB~&cid=702250750.1663934980&tid=UA-586346-7&_gid=1455026210.1663934980&z=1599596947 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://34db2k.axshare.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Thu, 22 Sep 2022 16:35:16 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 70464
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.axure.com/Content/account/style.css
52.86.64.14200 OK 720 B URL HTTP/2 accounts.axure.com/Content/account/style.css
IP 52.86.64.14:0
File type Unicode text, UTF-8 (with BOM) text
Hash 43fc26996b4deb0bc3dc551a22511d54
b6531b3b1c530e2cc6231ff7624c45f2dc16fa56
5d475583e8feb761261d22b4ebeaf6af55920260effcd83ba06a5419f9da6209
GET /Content/account/style.css HTTP/1.1
Host: accounts.axure.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://34db2k.axshare.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:09:40 GMT
content-type: text/css
server: nginx
cache-control: must-revalidate, max-age=600
last-modified: Tue, 09 Aug 2022 21:24:09 GMT
etag: W/"1d8ac365ca5a098"
x-region: us-east-1
x-content-type-options: nosniff
x-xss-protection: 1
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8153
Expires: Fri, 23 Sep 2022 14:25:33 GMT
Date: Fri, 23 Sep 2022 12:09:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8153
Expires: Fri, 23 Sep 2022 14:25:33 GMT
Date: Fri, 23 Sep 2022 12:09:40 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 02a682b4703bb9d6381c762726c05531
1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54
fb672de67420a239fe5d7e2588f640150ed29883fe2a46ded160385e3265004c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8029
x-amzn-requestid: 2fc5c63d-5cef-42f4-a6d2-b55f51c57af6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0tHjGoAMFcFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-73f2f78a2d1ca8fc666d2571;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 7DX67a-HmEh76IorINvRU61AKtSiimdPnHFnYeR2OJezZJ1_mJq0MA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 21:48:22 GMT
age: 51678
etag: "1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ac88c56-4515-47b4-9c1e-7745782bd306.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ac88c56-4515-47b4-9c1e-7745782bd306.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b877ead4a15221fdd278ef27f281a7ec
48c10714503e8dfdd3e3c3d39b919ef2792f0d15
f4a1d5abcfa4092828e004b6c0605a7a24e4133d275312f613dceff875971daf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ac88c56-4515-47b4-9c1e-7745782bd306.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10127
x-amzn-requestid: 456e3c6a-e173-433e-8d54-d787cb50b7e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0sHmCoAMFVSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-7a07b336571396533e48b4cb;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: gWZNsIn_FEbYwMeR1JArmPEgyuHEGgWsfb-wB6P_NrmoHhNgvGWoPw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:07:28 GMT
age: 50532
etag: "48c10714503e8dfdd3e3c3d39b919ef2792f0d15"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
34db2k.axshare.com/Scripts/axPage.js
35.156.40.241200 OK 12 kB URL HTTP/2 34db2k.axshare.com/Scripts/axPage.js
IP 35.156.40.241:0
Hash a03a103f20e969632baaa19315108f9e
50f8ffbf63d666db048a5e03fddf4605d27b4fd4
cd23a43051cff6f9ce39cf9bba519a54a046f9e9c493f9fb076be64810c205e4
Analyzer Verdict Alert fortinet Phishing
GET /Scripts/axPage.js HTTP/1.1
Host: 34db2k.axshare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://34db2k.axshare.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:09:39 GMT
content-type: application/javascript
server: nginx
cache-control: must-revalidate, max-age=600
last-modified: Thu, 22 Sep 2022 20:34:16 GMT
etag: W/"1d8cec2aedb0efb"
x-region: eu-central-1
x-content-type-options: nosniff
x-xss-protection: 1
referrer-policy: no-referrer-when-downgrade
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F256647b7-64d8-4f7e-9d77-276811e8e1b1.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F256647b7-64d8-4f7e-9d77-276811e8e1b1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ae63806537bc1795029ac9e522b4abb1
47c7e2fd6f0ea1bd6c9f494137b7ce53a91cf781
369fe0af9bba20526bb10c7240a7571e72726fa653bbb70d8e56fabb13cf9358
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F256647b7-64d8-4f7e-9d77-276811e8e1b1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9484
x-amzn-requestid: ac493b06-28bc-4a84-ad7a-060617233da8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4ZDRHHiIAMFnow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd547-7944659e3cb7134b58da757f;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:36:07 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OzTpgbr1HluiZtdiVUrQjTV1KMWuynatd1A8L8excXJDJsnM45A3Hg==
via: 1.1 1949caaabae48a894fcd770a3e1384f6.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 21:53:16 GMT
age: 51384
etag: "47c7e2fd6f0ea1bd6c9f494137b7ce53a91cf781"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
34db2k.axshare.com/Scripts/jquery.axDialog.js
35.156.40.241200 OK 6.8 kB URL HTTP/2 34db2k.axshare.com/Scripts/jquery.axDialog.js
IP 35.156.40.241:0
Hash 51a81b7441dd75f43f8e1aeed96912ca
6e34524ee46e4eab6d3d7f41edd3e30a187547d5
b8d4f78f49eeb8b36886f3a262e94c50053e79f30e4faa71de4fb15027be9c38
Analyzer Verdict Alert fortinet Phishing
GET /Scripts/jquery.axDialog.js HTTP/1.1
Host: 34db2k.axshare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://34db2k.axshare.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:09:39 GMT
content-type: application/javascript
server: nginx
cache-control: must-revalidate, max-age=600
last-modified: Thu, 22 Sep 2022 20:34:16 GMT
etag: W/"1d8cec2aedb021c"
x-region: eu-central-1
x-content-type-options: nosniff
x-xss-protection: 1
referrer-policy: no-referrer-when-downgrade
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6b30784-fdab-4361-be4c-cde3457de8cc.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6b30784-fdab-4361-be4c-cde3457de8cc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 31f182a35c2946cfc0286689b7124c36
9dc2210a6c1d7025080692690f8cf1b064e7af9b
33fbee038d8988be37a223f1b7f3716dcb2473512161cc4dd8d5229d2868c47e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6b30784-fdab-4361-be4c-cde3457de8cc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9571
x-amzn-requestid: a6825487-dc32-4129-ae63-2aad2bc90833
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4ZDRHVDIAMFoNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd547-0669874227a8c7c60b4fb4e3;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:36:07 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: GDOiSF2tQYYM1g-HzrOGYRdZhi97vmzrVEGKtwAKVsrd_NtmOUMDFA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:01:51 GMT
age: 50869
etag: "9dc2210a6c1d7025080692690f8cf1b064e7af9b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
34db2k.axshare.com/Content/axStyles.css
35.156.40.241200 OK 0 B URL HTTP/2 34db2k.axshare.com/Content/axStyles.css
IP 35.156.40.241:0
GET /Content/axStyles.css HTTP/1.1
Host: 34db2k.axshare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://34db2k.axshare.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:09:39 GMT
content-type: text/css
server: nginx
cache-control: must-revalidate, max-age=600
last-modified: Thu, 22 Sep 2022 20:34:15 GMT
etag: W/"1d8cec2ae422c0b"
x-region: eu-central-1
x-content-type-options: nosniff
x-xss-protection: 1
referrer-policy: no-referrer-when-downgrade
content-encoding: br
X-Firefox-Spdy: h2
34db2k.axshare.com/
35.156.40.241200 OK 0 B IP 35.156.40.241:0
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: 34db2k.axshare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:09:39 GMT
content-type: text/html; charset=utf-8
server: nginx
content-encoding: br
vary: Accept-Encoding
x-region: eu-central-1
x-content-type-options: nosniff
x-xss-protection: 1
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2
www.axure.com/content/proxima_nova.css
3.95.100.175200 OK 0 B URL HTTP/2 www.axure.com/content/proxima_nova.css
IP 3.95.100.175:0
GET /content/proxima_nova.css HTTP/1.1
Host: www.axure.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://34db2k.axshare.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:09:40 GMT
content-type: text/plain
server: nginx
last-modified: Thu, 27 Oct 2016 21:34:31 GMT
etag: W/"581272e7-817"
expires: Sat, 23 Sep 2023 12:09:40 GMT
cache-control: max-age=31536000
content-encoding: br
X-Firefox-Spdy: h2
www.axure.com/content/nexa_lightregular.css
3.95.100.175200 OK 0 B URL HTTP/2 www.axure.com/content/nexa_lightregular.css
IP 3.95.100.175:0
GET /content/nexa_lightregular.css HTTP/1.1
Host: www.axure.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://34db2k.axshare.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:09:40 GMT
content-type: text/plain
server: nginx
last-modified: Wed, 04 Dec 2013 17:54:33 GMT
etag: W/"529f6c59-457"
expires: Sat, 23 Sep 2023 12:09:40 GMT
cache-control: max-age=31536000
content-encoding: br
X-Firefox-Spdy: h2
34db2k.axshare.com/Scripts/axshareUtils.js
35.156.40.241200 OK 0 B URL HTTP/2 34db2k.axshare.com/Scripts/axshareUtils.js
IP 35.156.40.241:0
Analyzer Verdict Alert fortinet Phishing
GET /Scripts/axshareUtils.js HTTP/1.1
Host: 34db2k.axshare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://34db2k.axshare.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:09:39 GMT
content-type: application/javascript
server: nginx
cache-control: must-revalidate, max-age=600
last-modified: Thu, 22 Sep 2022 20:34:16 GMT
etag: W/"1d8cec2aedb13e5"
x-region: eu-central-1
x-content-type-options: nosniff
x-xss-protection: 1
referrer-policy: no-referrer-when-downgrade
content-encoding: br
X-Firefox-Spdy: h2
34db2k.axshare.com/images/logo_120.svg
35.156.40.241200 OK 0 B URL HTTP/2 34db2k.axshare.com/images/logo_120.svg
IP 35.156.40.241:0
Analyzer Verdict Alert fortinet Phishing
GET /images/logo_120.svg HTTP/1.1
Host: 34db2k.axshare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://34db2k.axshare.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:09:39 GMT
content-type: image/svg+xml
server: nginx
cache-control: must-revalidate, max-age=600
last-modified: Thu, 22 Sep 2022 20:34:16 GMT
etag: W/"1d8cec2aedb0dc3"
x-region: eu-central-1
x-content-type-options: nosniff
x-xss-protection: 1
referrer-policy: no-referrer-when-downgrade
content-encoding: br
X-Firefox-Spdy: h2
accounts.axure.com/Scripts/axAccount.js
52.86.64.14200 OK 0 B URL HTTP/2 accounts.axure.com/Scripts/axAccount.js
IP 52.86.64.14:0
GET /Scripts/axAccount.js HTTP/1.1
Host: accounts.axure.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://34db2k.axshare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:09:40 GMT
content-type: application/javascript
server: nginx
cache-control: must-revalidate, max-age=600
last-modified: Tue, 09 Aug 2022 21:24:10 GMT
etag: W/"1d8ac365d3e14f0"
x-region: us-east-1
x-content-type-options: nosniff
x-xss-protection: 1
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000
content-encoding: br
X-Firefox-Spdy: h2
34db2k.axshare.com/Scripts/jquery-1.7.1.min.js
35.156.40.241200 OK 0 B URL HTTP/2 34db2k.axshare.com/Scripts/jquery-1.7.1.min.js
IP 35.156.40.241:0
Analyzer Verdict Alert fortinet Phishing
GET /Scripts/jquery-1.7.1.min.js HTTP/1.1
Host: 34db2k.axshare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://34db2k.axshare.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:09:39 GMT
content-type: application/javascript
server: nginx
cache-control: must-revalidate, max-age=600
last-modified: Thu, 22 Sep 2022 20:34:16 GMT
etag: W/"1d8cec2aeda7aac"
x-region: eu-central-1
x-content-type-options: nosniff
x-xss-protection: 1
referrer-policy: no-referrer-when-downgrade
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans
IP 142.250.74.10:0
GET /css?family=Open+Sans HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://34db2k.axshare.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 23 Sep 2022 12:09:39 GMT
date: Fri, 23 Sep 2022 12:09:39 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.axure.com/user/auth
52.86.64.14200 OK 0 B URL HTTP/2 accounts.axure.com/user/auth
IP 52.86.64.14:0
POST /user/auth HTTP/1.1
Host: accounts.axure.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 11
Origin: https://34db2k.axshare.com
Connection: keep-alive
Referer: https://34db2k.axshare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:09:40 GMT
content-type: application/json; charset=utf-8
server: nginx
cache-control: no-store,no-cache
pragma: no-cache
vary: Origin
access-control-allow-credentials: true
access-control-allow-origin: https://34db2k.axshare.com
access-control-expose-headers: X-Exception-Id
x-region: us-east-1
x-content-type-options: nosniff
x-xss-protection: 1
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000
content-encoding: br
X-Firefox-Spdy: h2