Report - chrome-extension.duia.us/shjfnsd/f938f/

Report Overview

Submitted URL
chrome-extension.duia.us/shjfnsd/f938f/
IP
103.161.184.117
ASN
#141623 PT Registrasi Neva Angkasa
Submitted
2023-02-01 23:40:54
Access
Website Title
Final URL
Tags
crypto phishing
urlquery detections
Phishing - Generic Crypto/Wallet

Detections

urlquery
8
Network Intrusion Detection
0
Threat Detection Systems
16

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
chrome-extension.duia.us	unknown	2023-01-30T19:10:20Z	2023-02-03T09:36:26Z	8.7 kB	125 kB	103.161.184.117
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	682 B	1.2 kB	93.184.220.29
ajax.googleapis.com	12905	2013-08-16T11:51:31Z	2023-03-13T08:37:09Z	400 B	31 kB	142.250.74.106
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	58 kB	34.120.237.76
cdn.jsdelivr.net	439	2012-09-30T02:15:09Z	2023-03-13T06:17:54Z	460 B	1.1 kB	104.16.87.20
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.4 kB	6.2 kB	23.36.77.32
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	686 B	1.4 kB	142.250.74.163
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	54.189.204.30

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-02-01	medium	chrome-extension.duia.us/shjfnsd/f938f/	Crypto/Wallet

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-01	medium	chrome-extension.duia.us/shjfnsd/f938f/	Phishing
2023-02-01	medium	chrome-extension.duia.us/shjfnsd/f938f/images/mm-logo.svg	Phishing
2023-02-01	medium	chrome-extension.duia.us/shjfnsd/f938f/js/script.js	Phishing
2023-02-01	medium	chrome-extension.duia.us/shjfnsd/f938f/fonts/EuclidCircularB-Regular-WebXL.woff2	Phishing
2023-02-01	medium	chrome-extension.duia.us/shjfnsd/f938f/fonts/EuclidCircularB-Bold-WebXL.woff2	Phishing
2023-02-01	medium	chrome-extension.duia.us/shjfnsd/f938f/fonts/EuclidCircularB-Regular-WebXL.woff	Phishing
2023-02-01	medium	chrome-extension.duia.us/shjfnsd/f938f/fonts/EuclidCircularB-Bold-WebXL.woff	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js	84 kB	2023-03-07	2024-04-19
Pretty URL ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-19 23:59:51 Times Seen13649 Hash e40ec2161fe7993196f23c8a07346306 afb90752e0a90c24b7f724faca86c5f3d15d1178 874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4 Loading...

	chrome-extension.duia.us/shjfnsd/f938f/js/script.js	199 B	2023-03-10	2024-04-19
Pretty URL chrome-extension.duia.us/shjfnsd/f938f/js/script.js IP 103.161.184.117 ASN #141623 PT Registrasi Neva Angkasa Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 14:11:26 Last Seen2024-04-19 10:23:08 Times Seen911 Hash c13cd45cb0fadddf8d912280d6b821df 39992c6f09ac5a26ea2bb56a1a58d0c43cb87aa2 8f9e97cd76e0b6591e9c5c6764c17114722f36eb1ad86f61ef831a87031bae3b Loading...

HTTP Transactions (41)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7e05c8461bd2dc5a149f71e2c465ea29
705983959c887e243cb55a8a1796757b579ee977
4d9ea085d5dda9dabed11af9847c2b0aa6182358673b356a4e2bd631e22a9922

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4D9EA085D5DDA9DABED11AF9847C2B0AA6182358673B356A4E2BD631E22A9922"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4418
Expires: Thu, 02 Feb 2023 00:54:21 GMT
Date: Wed, 01 Feb 2023 23:40:43 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20280
Expires: Thu, 02 Feb 2023 05:18:43 GMT
Date: Wed, 01 Feb 2023 23:40:43 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a8d45deaa7ebfcd996c2055dae592ab8
55befe074589fe7b39757c145968058162a8fc6b
50d7d516f446458145a304b288a0a39d391cd37ea50dabea36ae48d291c65ba7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "50D7D516F446458145A304B288A0A39D391CD37EA50DABEA36AE48D291C65BA7"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15512
Expires: Thu, 02 Feb 2023 03:59:15 GMT
Date: Wed, 01 Feb 2023 23:40:43 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 01 Feb 2023 23:36:02 GMT
content-type: application/json
age: 281
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: gfYBtcFQ+bFatOdYiuZTb+r05TpfA6J6a5dUlLQg6J9ale/0imlA6u2JMDr3P4o4MQ9tWSSyI4c=
x-amz-request-id: N6JVJ8WXX3YVXXY4
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 01 Feb 2023 22:51:44 GMT
age: 2939
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 23:40:43 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ba246805dfe139d42366694b7f72bf7a
b0c1c5457ad02545cb39aee1aebe62e8a5a4f14e
b823a67719c236408e8fec45adc3f0527d133b5fd7172aed7def10fdd53ba968

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B823A67719C236408E8FEC45ADC3F0527D133B5FD7172AED7DEF10FDD53BA968"
Last-Modified: Mon, 30 Jan 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21577
Expires: Thu, 02 Feb 2023 05:40:20 GMT
Date: Wed, 01 Feb 2023 23:40:43 GMT
Connection: keep-alive

chrome-extension.duia.us/shjfnsd/f938f/

103.161.184.117

200 OK

2.9 kB

URL HTTP/2
chrome-extension.duia.us/shjfnsd/f938f/
IP
103.161.184.117:0
ASN
#141623 PT Registrasi Neva Angkasa

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
2.9 kB (2864 bytes)
Hash
a10b25bc5aa0bbf91bacda4038867698
9d6e96717bfe91abe2f19161408ddaac360766c2
c34a7cd9227564f8e5c5b18aa65b973c0d1621fb95498daf4a29360877c6456e

Detections

Analyzer	Verdict	Alert
openphish	Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /shjfnsd/f938f/ HTTP/1.1
Host: chrome-extension.duia.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
x-powered-by: PHP/7.2.34
set-cookie: PHPSESSID=78a894otdb8dtvjl83jg9ku80s; path=/
content-type: text/html; charset=UTF-8
content-encoding: gzip
vary: Accept-Encoding
content-length: 2864
date: Wed, 01 Feb 2023 23:40:43 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 01 Feb 2023 22:41:43 GMT
age: 3540
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
f8f48de864235d5d8b3d5be17a4e1ad3
62d79f5b3d9dd4d95876f2561c4a669bf8eac4a0
f587dbb5c019311f277e23e5fc6557d66cafd355fea2b9993f9f011e63ef3402

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 456
Cache-Control: max-age=151056
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 23:40:44 GMT
Etag: "63daa1c4-117"
Expires: Fri, 03 Feb 2023 17:38:20 GMT
Last-Modified: Wed, 01 Feb 2023 17:30:44 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 279

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
de49044c9365e16fec3a6d361cb94728
2b7b69c16de6fda1ae5206f92fe781ee07bd182a
6e76887b036544a5da3918116a180876c094cc3b31676abce8d5b7b716b00c30

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 23:40:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16655
Expires: Thu, 02 Feb 2023 04:18:19 GMT
Date: Wed, 01 Feb 2023 23:40:44 GMT
Connection: keep-alive

ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js

142.250.74.106

200 OK

30 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (32061)
Size
30 kB (29671 bytes)
Hash
b90b3d2618cce9d766152cd3092b5c27
496339457cd00caab8118e2e1f30ea18dc05b9f4
b7b155aa8c6b5db28f9a6b41e88c96e9462c196c700add426f8ef32c9ce1ed41

HTTP Headers

GET /ajax/libs/jquery/2.1.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://chrome-extension.duia.us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29671
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Jan 2023 22:44:56 GMT
expires: Wed, 31 Jan 2024 22:44:56 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 89748
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
f8f48de864235d5d8b3d5be17a4e1ad3
62d79f5b3d9dd4d95876f2561c4a669bf8eac4a0
f587dbb5c019311f277e23e5fc6557d66cafd355fea2b9993f9f011e63ef3402

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 456
Cache-Control: max-age=151056
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 23:40:44 GMT
Etag: "63daa1c4-117"
Expires: Fri, 03 Feb 2023 17:38:20 GMT
Last-Modified: Wed, 01 Feb 2023 17:30:44 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 279

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
de49044c9365e16fec3a6d361cb94728
2b7b69c16de6fda1ae5206f92fe781ee07bd182a
6e76887b036544a5da3918116a180876c094cc3b31676abce8d5b7b716b00c30

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 23:40:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

chrome-extension.duia.us/shjfnsd/f938f/css/normalize.css

103.161.184.117

200 OK

2.4 kB

URL HTTP/2
chrome-extension.duia.us/shjfnsd/f938f/css/normalize.css
IP
103.161.184.117:0
ASN
#141623 PT Registrasi Neva Angkasa

File type
ASCII text
Size
2.4 kB (2444 bytes)
Hash
57e30cfb8ad6140397d222ca3320d234
c999b0d60d743a45e83ae3748451b637b7f0cf28
ef93e32102c12340a210505048a0ed754b5e92b7026bda9ded1a5c3a1de1113a

HTTP Headers

GET /shjfnsd/f938f/css/normalize.css HTTP/1.1
Host: chrome-extension.duia.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://chrome-extension.duia.us/shjfnsd/f938f/
Cookie: PHPSESSID=78a894otdb8dtvjl83jg9ku80s
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=43200
expires: Thu, 02 Feb 2023 11:40:44 GMT
etag: "1e87-63da1009-680c6f8;br"
last-modified: Wed, 01 Feb 2023 07:08:57 GMT
content-type: text/css
content-length: 2444
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
date: Wed, 01 Feb 2023 23:40:44 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

chrome-extension.duia.us/shjfnsd/f938f/css/webflow.css

103.161.184.117

200 OK

9.1 kB

URL HTTP/2
chrome-extension.duia.us/shjfnsd/f938f/css/webflow.css
IP
103.161.184.117:0
ASN
#141623 PT Registrasi Neva Angkasa

File type
Unicode text, UTF-8 text, with very long lines (2587)
Size
9.1 kB (9110 bytes)
Hash
895f043483b105fbb9847655627c7056
2da4c31ed72c09b2af0a0769f381715010231c9e
a5d892c9c6bbab3c7603b747ee38a72e4fc16d676b59f45610ba47b51aa71330

HTTP Headers

GET /shjfnsd/f938f/css/webflow.css HTTP/1.1
Host: chrome-extension.duia.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://chrome-extension.duia.us/shjfnsd/f938f/
Cookie: PHPSESSID=78a894otdb8dtvjl83jg9ku80s
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=43200
expires: Thu, 02 Feb 2023 11:40:44 GMT
etag: "9885-63da1009-680c6fa;br"
last-modified: Wed, 01 Feb 2023 07:08:57 GMT
content-type: text/css
content-length: 9110
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
date: Wed, 01 Feb 2023 23:40:44 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

chrome-extension.duia.us/shjfnsd/f938f/css/metamask-staging-2.webflow.css

103.161.184.117

200 OK

13 kB

URL HTTP/2
chrome-extension.duia.us/shjfnsd/f938f/css/metamask-staging-2.webflow.css
IP
103.161.184.117:0
ASN
#141623 PT Registrasi Neva Angkasa

File type
ASCII text
Size
13 kB (12796 bytes)
Hash
346808ddbb6eace2f28ab2150a67a960
c36c20262f23f11b4c5225a0672e7bfa72681e99
e08922ba67fb71431e014212be5559050d74a30b3e42466c527653071239f9aa

HTTP Headers

GET /shjfnsd/f938f/css/metamask-staging-2.webflow.css HTTP/1.1
Host: chrome-extension.duia.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://chrome-extension.duia.us/shjfnsd/f938f/
Cookie: PHPSESSID=78a894otdb8dtvjl83jg9ku80s
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=43200
expires: Thu, 02 Feb 2023 11:40:44 GMT
etag: "1a1b2-63da1009-680c6f7;br"
last-modified: Wed, 01 Feb 2023 07:08:57 GMT
content-type: text/css
content-length: 12796
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
date: Wed, 01 Feb 2023 23:40:44 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

chrome-extension.duia.us/shjfnsd/f938f/images/mm-logo.svg

103.161.184.117

200 OK

3.2 kB

URL HTTP/2
chrome-extension.duia.us/shjfnsd/f938f/images/mm-logo.svg
IP
103.161.184.117:0
ASN
#141623 PT Registrasi Neva Angkasa

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1001)
Size
3.2 kB (3213 bytes)
Hash
fe060ddad372d93471c0c0784dac7316
98252f8820250f762da02c96b88d439c58055762
8f9e00cf9eed2475bfb7c9cc7b80ce62ff9740ac26fd1526e9ec72c5855ad985

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /shjfnsd/f938f/images/mm-logo.svg HTTP/1.1
Host: chrome-extension.duia.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://chrome-extension.duia.us/shjfnsd/f938f/
Cookie: PHPSESSID=78a894otdb8dtvjl83jg9ku80s
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=43200
expires: Thu, 02 Feb 2023 11:40:44 GMT
etag: "2ef3-63da1009-6c0b9cc;br"
last-modified: Wed, 01 Feb 2023 07:08:57 GMT
content-type: image/svg+xml
content-length: 3213
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
date: Wed, 01 Feb 2023 23:40:44 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

chrome-extension.duia.us/shjfnsd/f938f/css/style.css

103.161.184.117

200 OK

230 B

URL HTTP/2
chrome-extension.duia.us/shjfnsd/f938f/css/style.css
IP
103.161.184.117:0
ASN
#141623 PT Registrasi Neva Angkasa

File type
ASCII text
Size
230 B (230 bytes)
Hash
08e2add84b65ab42da95ec2c75e66a31
6e5a60c2393a2b29b58deef434c1e8161f22446d
33db6f182752df79e4ee8218987a0b31cf77c9738eb6d5e8e1892436e66f9d90

HTTP Headers

GET /shjfnsd/f938f/css/style.css HTTP/1.1
Host: chrome-extension.duia.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://chrome-extension.duia.us/shjfnsd/f938f/
Cookie: PHPSESSID=78a894otdb8dtvjl83jg9ku80s
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=43200
expires: Thu, 02 Feb 2023 11:40:44 GMT
etag: "1a7-63da1009-680c6f9;br"
last-modified: Wed, 01 Feb 2023 07:08:57 GMT
content-type: text/css
content-length: 230
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
date: Wed, 01 Feb 2023 23:40:44 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

chrome-extension.duia.us/shjfnsd/f938f/js/script.js

103.161.184.117

200 OK

199 B

URL HTTP/2
chrome-extension.duia.us/shjfnsd/f938f/js/script.js
IP
103.161.184.117:0
ASN
#141623 PT Registrasi Neva Angkasa

File type
ASCII text, with CRLF line terminators
Size
199 B (199 bytes)
Hash
c13cd45cb0fadddf8d912280d6b821df
39992c6f09ac5a26ea2bb56a1a58d0c43cb87aa2
8f9e97cd76e0b6591e9c5c6764c17114722f36eb1ad86f61ef831a87031bae3b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet
fortinet	Phishing

HTTP Headers

GET /shjfnsd/f938f/js/script.js HTTP/1.1
Host: chrome-extension.duia.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://chrome-extension.duia.us/shjfnsd/f938f/
Cookie: PHPSESSID=78a894otdb8dtvjl83jg9ku80s
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=43200
expires: Thu, 02 Feb 2023 11:40:44 GMT
etag: "c7-63da1009-7083b1e;;;"
last-modified: Wed, 01 Feb 2023 07:08:57 GMT
content-type: application/x-javascript
content-length: 199
accept-ranges: bytes
date: Wed, 01 Feb 2023 23:40:44 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

chrome-extension.duia.us/shjfnsd/f938f/images/chrome_1chrome.png

103.161.184.117

200 OK

3.9 kB

URL HTTP/2
chrome-extension.duia.us/shjfnsd/f938f/images/chrome_1chrome.png
IP
103.161.184.117:0
ASN
#141623 PT Registrasi Neva Angkasa

File type
PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Size
3.9 kB (3890 bytes)
Hash
162fd1e613c0f3a992365a980a4fd6cc
3401907394d4810392719d9696ce0088a8847618
90af37bb98146aba902ae19d013dc16ead7ea6f5050f339a5728eaf2a068c7ec

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /shjfnsd/f938f/images/chrome_1chrome.png HTTP/1.1
Host: chrome-extension.duia.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://chrome-extension.duia.us/shjfnsd/f938f/
Cookie: PHPSESSID=78a894otdb8dtvjl83jg9ku80s
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=43200
expires: Thu, 02 Feb 2023 11:40:44 GMT
etag: "f32-63da1009-6c0b9c6;;;"
last-modified: Wed, 01 Feb 2023 07:08:57 GMT
content-type: image/png
content-length: 3890
accept-ranges: bytes
date: Wed, 01 Feb 2023 23:40:44 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

push.services.mozilla.com/

54.189.204.30

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.189.204.30:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ZyBJrHarE11spyhnhrfzgg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: yUS1Qj3VyX60IbLtNx7x7f7U1/0=

chrome-extension.duia.us/shjfnsd/f938f/images/Firefox_1Firefox.png

103.161.184.117

200 OK

10 kB

URL HTTP/2
chrome-extension.duia.us/shjfnsd/f938f/images/Firefox_1Firefox.png
IP
103.161.184.117:0
ASN
#141623 PT Registrasi Neva Angkasa

File type
PNG image data, 107 x 100, 8-bit/color RGBA, non-interlaced\012- data
Size
10 kB (10509 bytes)
Hash
715129c60a9f70f0ccbb6c4395799e95
4dfc6120523fda842c83261ddd922a9ce15a66d7
52c88349bd9d45937236e20a4c9928f8a15db9dc7418436900e667b344e079c5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /shjfnsd/f938f/images/Firefox_1Firefox.png HTTP/1.1
Host: chrome-extension.duia.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://chrome-extension.duia.us/shjfnsd/f938f/
Cookie: PHPSESSID=78a894otdb8dtvjl83jg9ku80s
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=43200
expires: Thu, 02 Feb 2023 11:40:44 GMT
etag: "290d-63da1009-6c0b9ca;;;"
last-modified: Wed, 01 Feb 2023 07:08:57 GMT
content-type: image/png
content-length: 10509
accept-ranges: bytes
date: Wed, 01 Feb 2023 23:40:44 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

chrome-extension.duia.us/shjfnsd/f938f/images/Brave.png

103.161.184.117

200 OK

19 kB

URL HTTP/2
chrome-extension.duia.us/shjfnsd/f938f/images/Brave.png
IP
103.161.184.117:0
ASN
#141623 PT Registrasi Neva Angkasa

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
19 kB (19073 bytes)
Hash
fbe69790d36bf636e87e83f5413218a7
709f392de11c5f48cbbbefa95d0a6cb56e2592db
cd70b79d81f32aa721dedf46ea682f1f0c1808d2ffe09da63730b2a01380c214

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /shjfnsd/f938f/images/Brave.png HTTP/1.1
Host: chrome-extension.duia.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://chrome-extension.duia.us/shjfnsd/f938f/
Cookie: PHPSESSID=78a894otdb8dtvjl83jg9ku80s
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=43200
expires: Thu, 02 Feb 2023 11:40:44 GMT
etag: "4a81-63da1009-6c0b9c5;;;"
last-modified: Wed, 01 Feb 2023 07:08:57 GMT
content-type: image/png
content-length: 19073
accept-ranges: bytes
date: Wed, 01 Feb 2023 23:40:44 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

chrome-extension.duia.us/shjfnsd/f938f/images/Edge.png

103.161.184.117

200 OK

35 kB

URL HTTP/2
chrome-extension.duia.us/shjfnsd/f938f/images/Edge.png
IP
103.161.184.117:0
ASN
#141623 PT Registrasi Neva Angkasa

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
35 kB (34658 bytes)
Hash
372e0f14122bc985fc25c9adf18e8dd1
0da9b96762170fcdca32a35630e161064d45b3f2
6643f9327bc18e8108d0bc474eee816d0807a10dc8ad3702797e8f81f23c888b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /shjfnsd/f938f/images/Edge.png HTTP/1.1
Host: chrome-extension.duia.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://chrome-extension.duia.us/shjfnsd/f938f/
Cookie: PHPSESSID=78a894otdb8dtvjl83jg9ku80s
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=43200
expires: Thu, 02 Feb 2023 11:40:44 GMT
etag: "8762-63da1009-6c0b9c8;;;"
last-modified: Wed, 01 Feb 2023 07:08:57 GMT
content-type: image/png
content-length: 34658
accept-ranges: bytes
date: Wed, 01 Feb 2023 23:40:44 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

chrome-extension.duia.us/shjfnsd/f938f/fonts/EuclidCircularB-Regular-WebXL.woff2

103.161.184.117

404 Not Found

1.2 kB

URL HTTP/2
chrome-extension.duia.us/shjfnsd/f938f/fonts/EuclidCircularB-Regular-WebXL.woff2
IP
103.161.184.117:0
ASN
#141623 PT Registrasi Neva Angkasa

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1236 bytes)
Hash
30a9aa3e2018df9e4d5a7dea65c283f6
6abb0707a87dd0140ae3488c3f2a378726e2ca53
230d91b44ffd4de6a3cfe521b2560e5ed59763df51a5de76fc01513787fb1682

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /shjfnsd/f938f/fonts/EuclidCircularB-Regular-WebXL.woff2 HTTP/1.1
Host: chrome-extension.duia.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://chrome-extension.duia.us/shjfnsd/f938f/css/metamask-staging-2.webflow.css
Cookie: PHPSESSID=78a894otdb8dtvjl83jg9ku80s
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-type: text/html
cache-control: private, no-cache, max-age=0
pragma: no-cache
content-length: 1236
date: Wed, 01 Feb 2023 23:40:44 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

chrome-extension.duia.us/shjfnsd/f938f/fonts/EuclidCircularB-Bold-WebXL.woff2

103.161.184.117

404 Not Found

1.2 kB

URL HTTP/2
chrome-extension.duia.us/shjfnsd/f938f/fonts/EuclidCircularB-Bold-WebXL.woff2
IP
103.161.184.117:0
ASN
#141623 PT Registrasi Neva Angkasa

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1236 bytes)
Hash
30a9aa3e2018df9e4d5a7dea65c283f6
6abb0707a87dd0140ae3488c3f2a378726e2ca53
230d91b44ffd4de6a3cfe521b2560e5ed59763df51a5de76fc01513787fb1682

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /shjfnsd/f938f/fonts/EuclidCircularB-Bold-WebXL.woff2 HTTP/1.1
Host: chrome-extension.duia.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://chrome-extension.duia.us/shjfnsd/f938f/css/metamask-staging-2.webflow.css
Cookie: PHPSESSID=78a894otdb8dtvjl83jg9ku80s
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-type: text/html
cache-control: private, no-cache, max-age=0
pragma: no-cache
content-length: 1236
date: Wed, 01 Feb 2023 23:40:44 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

chrome-extension.duia.us/shjfnsd/f938f/fonts/EuclidCircularB-Regular-WebXL.woff

103.161.184.117

404 Not Found

1.2 kB

URL HTTP/2
chrome-extension.duia.us/shjfnsd/f938f/fonts/EuclidCircularB-Regular-WebXL.woff
IP
103.161.184.117:0
ASN
#141623 PT Registrasi Neva Angkasa

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1236 bytes)
Hash
30a9aa3e2018df9e4d5a7dea65c283f6
6abb0707a87dd0140ae3488c3f2a378726e2ca53
230d91b44ffd4de6a3cfe521b2560e5ed59763df51a5de76fc01513787fb1682

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /shjfnsd/f938f/fonts/EuclidCircularB-Regular-WebXL.woff HTTP/1.1
Host: chrome-extension.duia.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://chrome-extension.duia.us/shjfnsd/f938f/css/metamask-staging-2.webflow.css
Cookie: PHPSESSID=78a894otdb8dtvjl83jg9ku80s
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-type: text/html
cache-control: private, no-cache, max-age=0
pragma: no-cache
content-length: 1236
date: Wed, 01 Feb 2023 23:40:44 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

chrome-extension.duia.us/shjfnsd/f938f/fonts/EuclidCircularB-Bold-WebXL.woff

103.161.184.117

404 Not Found

1.2 kB

URL HTTP/2
chrome-extension.duia.us/shjfnsd/f938f/fonts/EuclidCircularB-Bold-WebXL.woff
IP
103.161.184.117:0
ASN
#141623 PT Registrasi Neva Angkasa

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1236 bytes)
Hash
30a9aa3e2018df9e4d5a7dea65c283f6
6abb0707a87dd0140ae3488c3f2a378726e2ca53
230d91b44ffd4de6a3cfe521b2560e5ed59763df51a5de76fc01513787fb1682

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /shjfnsd/f938f/fonts/EuclidCircularB-Bold-WebXL.woff HTTP/1.1
Host: chrome-extension.duia.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://chrome-extension.duia.us/shjfnsd/f938f/css/metamask-staging-2.webflow.css
Cookie: PHPSESSID=78a894otdb8dtvjl83jg9ku80s
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-type: text/html
cache-control: private, no-cache, max-age=0
pragma: no-cache
content-length: 1236
date: Wed, 01 Feb 2023 23:40:44 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

chrome-extension.duia.us/shjfnsd/f938f/images/webclip.png

103.161.184.117

200 OK

12 kB

URL HTTP/2
chrome-extension.duia.us/shjfnsd/f938f/images/webclip.png
IP
103.161.184.117:0
ASN
#141623 PT Registrasi Neva Angkasa

File type
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced\012- data
Size
12 kB (11764 bytes)
Hash
48400a28770e10dd52a8c0e539aeb282
151bcd0c431ed79f30193731de564106a5b11956
27712ebee35bae5474f124f7cbf6cb2ca60d5121e561d284c9f11a4e69efd663

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /shjfnsd/f938f/images/webclip.png HTTP/1.1
Host: chrome-extension.duia.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://chrome-extension.duia.us/shjfnsd/f938f/
Cookie: PHPSESSID=78a894otdb8dtvjl83jg9ku80s
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=43200
expires: Thu, 02 Feb 2023 11:40:45 GMT
etag: "2df4-63da1009-6c0b9cd;;;"
last-modified: Wed, 01 Feb 2023 07:08:57 GMT
content-type: image/png
content-length: 11764
accept-ranges: bytes
date: Wed, 01 Feb 2023 23:40:45 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

chrome-extension.duia.us/shjfnsd/f938f/images/favicon.png

103.161.184.117

200 OK

1.5 kB

URL HTTP/2
chrome-extension.duia.us/shjfnsd/f938f/images/favicon.png
IP
103.161.184.117:0
ASN
#141623 PT Registrasi Neva Angkasa

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
1.5 kB (1532 bytes)
Hash
b7919ea38a8beed9b4763858c4f7412b
1aa57bcd7ca8a0c3352923c9ee06c472f23d5b63
214080adac9969108cb602cb68617e332db1288e95e18c29c10f9396c6d3744c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic Crypto/Wallet

HTTP Headers

GET /shjfnsd/f938f/images/favicon.png HTTP/1.1
Host: chrome-extension.duia.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://chrome-extension.duia.us/shjfnsd/f938f/
Cookie: PHPSESSID=78a894otdb8dtvjl83jg9ku80s
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=43200
expires: Thu, 02 Feb 2023 11:40:45 GMT
etag: "5fc-63da1009-6c0b9c9;;;"
last-modified: Wed, 01 Feb 2023 07:08:57 GMT
content-type: image/png
content-length: 1532
accept-ranges: bytes
date: Wed, 01 Feb 2023 23:40:45 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13305
Expires: Thu, 02 Feb 2023 03:22:30 GMT
Date: Wed, 01 Feb 2023 23:40:45 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13305
Expires: Thu, 02 Feb 2023 03:22:30 GMT
Date: Wed, 01 Feb 2023 23:40:45 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9dac6192-89b0-4161-86a2-38f3998a1bc4.jpeg

34.120.237.76

200 OK

6.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9dac6192-89b0-4161-86a2-38f3998a1bc4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.8 kB (6783 bytes)
Hash
f1d06527f75868ea84da730b7c8b5660
6c0cb65a477d6bc7d013529411d5735bd39e3d46
2ff4fb12b9ac4dff67bf89cc69f1bfce3ffa738696f904172044a5a537a704c9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9dac6192-89b0-4161-86a2-38f3998a1bc4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6783
x-amzn-requestid: 5ab60169-ec65-483a-828b-3312c74ee4b2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5BGjqoAMFV6g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6c-73a465244f89adaa27626246;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: S012XKdrl7ID1qnfD-G2fcAxWoseP_mAnaDi12Y-UmdBW8yXgGlpgQ==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:18:46 GMT
age: 4919
etag: "6c0cb65a477d6bc7d013529411d5735bd39e3d46"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.6 kB (9600 bytes)
Hash
3366ef4f8733cb9c89a5c88f63a0a441
7da46843b6d885f38a4759a08e6c899906ab7b97
7114397ee5c251cc5cb46f3433c2cc17ff68a08e0872e227671198e9b61eba0a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9600
x-amzn-requestid: 48094e1a-d550-4a91-b87c-4a08505f7cce
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVsWcFN7IAMF2pg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d2275c-5ced593a7e2126c9494563df;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 07:10:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aZOeDFqBJQoGwLpIs-GpPvY0FKGCAOXY6MgzG32qzX-kVzUCKKv-kw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 02:29:58 GMT
age: 76247
etag: "7da46843b6d885f38a4759a08e6c899906ab7b97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.4 kB (5356 bytes)
Hash
7c823f1d6bf1c50d58eb263b85e6e37c
a7b74d11494fb3254df907e5cc1eead070d84617
b2706961eb756383e0988dfdb501dc424aea59697aedd1e4a6c294c314a31935

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5356
x-amzn-requestid: fef22c83-35a4-4990-9008-af5853f838d1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5BEB6oAMFczg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6c-68d3017555c069bc3107d150;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XyDZc0F-b0rxwoS5wvSXBuBfYE7JljMmuXseBjLOBk4HvxU5gE7Oqg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:18:55 GMT
age: 4910
etag: "a7b74d11494fb3254df907e5cc1eead070d84617"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5b1e36ab-6847-48e2-8227-fc589124cb93.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.0 kB (7036 bytes)
Hash
6f4dbd75e0cdc28265ccbe825c5c5b6c
78187b014be0ee8bf7543fb873915db8a9c8dbc4
bf49642b990d73f58ca5f9ee979271ba2ab80bae94c8f333fa5737b16016d1c8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5b1e36ab-6847-48e2-8227-fc589124cb93.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7036
x-amzn-requestid: 9d54dd82-add1-4d7d-97b7-53c92eecb724
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmJxCHAqoAMF3qA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bcd3-109d34d11a9834886e3080ee;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:01:39 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: U45NW79hI4Vtd7fV7kXnxqlxRQzC-u9PVlNK4D1pBkAa8CBYuUf9ig==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 07:06:05 GMT
age: 59680
etag: "78187b014be0ee8bf7543fb873915db8a9c8dbc4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

15 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab614ba-4572-4b54-9079-a26b68b1ece7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
15 kB (15051 bytes)
Hash
6bb5b89e738516f4862491eec286bf6d
8fb46b9ca85f2c578eb2a56d0007859183e12209
7f164a37b675bf39f8473392b07a2a383397da003303965fb190fd4f455bb43b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab614ba-4572-4b54-9079-a26b68b1ece7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 15051
x-amzn-requestid: 72a3f2ae-538e-40dc-9496-86c28334ba0d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc6jGTAIAMFy4A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb76-72178ed13a2e70d462785b90;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:54 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CKTfQzCvXa4oL6Lm2n8Rw_9Uhj69YfgpDTP9s0zoaX5qW1vcqWIXDA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:46:26 GMT
age: 6859
etag: "8fb46b9ca85f2c578eb2a56d0007859183e12209"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00c1df1d-5e83-46c4-87de-093028c17afe.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.4 kB (7416 bytes)
Hash
dbb3b7fe13504478f3fe5e8c0190b8db
b8ca03ed416b5ab9cd118f32a1890ffa764a7aec
e47f269c393ee8d87bfce593f31fd49309e1d9b47b8745dd3b6568036da50d55

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00c1df1d-5e83-46c4-87de-093028c17afe.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7416
x-amzn-requestid: c4e8c4e6-5f2a-4b94-ad48-f10fb51c78c2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5BH1-IAMF17g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6c-40e58e6e49f919a3740bb92a;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2-O9YJrb-baVaEYFpesrbfMrIDBautEp2f5ilm1-vmHcjUGxE0c1VA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:18:55 GMT
age: 4910
etag: "b8ca03ed416b5ab9cd118f32a1890ffa764a7aec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css

104.16.87.20

200 OK

0 B

URL HTTP/2
cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css
IP
104.16.87.20:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /npm/bootstrap@5.0.2/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://chrome-extension.duia.us
Connection: keep-alive
Referer: https://chrome-extension.duia.us/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 01 Feb 2023 23:40:44 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 5.0.2
x-jsd-version-type: version
etag: W/"260c5-fByeBXPlzqi603M74vxjqoxo6o0"
x-served-by: cache-fra19156-FRA, cache-bma1639-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
cf-cache-status: HIT
age: 27440308
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9rri%2BV1OSK0aAmftk6MZJsF3AM%2FnIoPFS9nvQdFhqRceYpFSwJ6r20zKFmtqNAoISFvbWxdPsOz79pwogB0lviREIyU3YWsTr0zh0gSy3E%2B1FKAuP2aFGVtuMXd5cn19zSA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792e88a83ef7b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (41)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type