firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 29 Sep 2022 14:15:52 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: -JcfL2-6aY_nlJhQWcMus70ceaj1DLv7rgiFt6xii9hmGyutmGhJQA==
Age: 3528
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7fb7c70f7f4e2cee27eb0e7d875931f7
98fca3817a551b1daecebae103a48e718b8b5a53
2a40f957a6b1734aa3f87cff51b673f0536732db15b09033dd604879692df349
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A40F957A6B1734AA3F87CFF51B673F0536732DB15B09033DD604879692DF349"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10741
Expires: Thu, 29 Sep 2022 18:13:41 GMT
Date: Thu, 29 Sep 2022 15:14:40 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 29 Sep 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: P0ekc9l4L6RhViZToOKwsbRFEOSeWCYlgIALDYb79-SEq7ty9EM2xA==
age: 35173
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 29 Sep 2022 15:14:40 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
4721227.fls.doubleclick.net/activityi;src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html?
142.250.74.70200 OK 386 B URL HTTP/1.1 4721227.fls.doubleclick.net/activityi;src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html?
IP 142.250.74.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (514), with no line terminators
Hash 296deb3695167c3c5554400fac013f71
6d2e86f0cae8fecc3f6e86fe5c749a687a681ec6
7e5eb591696539bfc010e9c16144f877f6b027804491e4910fce2068bdbff984
GET /activityi;src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html? HTTP/1.1
Host: 4721227.fls.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Date: Thu, 29 Sep 2022 15:14:41 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Strict-Transport-Security: max-age=21600
Content-Type: text/html; charset=UTF-8
Pragma: no-cache
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 386
X-XSS-Protection: 0
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
163.44.198.59200 OK 29 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (743)
Hash 08ce35e754d2234cd96dd99e7ff451d6
d143e70cbb9cad1cb08d702eed9c556e69da4b1a
1ece5ebafae25c9db69d85036fb6e7a1960d115b980ac2b1716e0d0e5d6ad0f0
Analyzer Verdict Alert urlquery Phishing - Spotify
GET /~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 15:14:40 GMT
Server: Apache
X-Powered-By: PHP/5.6.40
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=0kaanng2dq2ei3a4pu6dr7jsu4; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
www.scdn.co/build/js/sp-analytics-a3e2493d01.js
151.101.86.248301 Moved Permanently 0 B URL HTTP/1.1 www.scdn.co/build/js/sp-analytics-a3e2493d01.js
IP 151.101.86.248:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /build/js/sp-analytics-a3e2493d01.js HTTP/1.1
Host: www.scdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Retry-After: 0
Location: https://www.scdn.co/build/js/sp-analytics-a3e2493d01.js
Accept-Ranges: bytes
Date: Thu, 29 Sep 2022 15:14:41 GMT
X-Served-By: cache-bma1627-BMA
X-Cache: HIT
X-Cache-Hits: 0
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
www.scdn.co/build/js/sp-analytics-a3e2493d01.js
151.101.86.248200 OK 2.9 kB URL HTTP/1.1 www.scdn.co/build/js/sp-analytics-a3e2493d01.js
IP 151.101.86.248:0
File type ASCII text, with very long lines (7916)
Hash 46f7394944aba4665f842d75ef972bb3
65046fbc4dc0c4d397210e6141702bb70873e273
602d76b0de139658e9c504c4e8f7f1c5858d33d2da30040766d78fb1c9702964
GET /build/js/sp-analytics-a3e2493d01.js HTTP/1.1
Host: www.scdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 2934
Last-Modified: Thu, 09 Aug 2018 08:55:55 GMT
ETag: "3b8ea9b9fed8d12d22fd1c7b7c4367b8"
x-goog-generation: 1533804955085745
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 7969
x-amz-meta-goog-reserved-file-mtime: 1533804724
Content-Type: application/javascript
Content-Encoding: gzip
Accept-Ranges: bytes
Date: Thu, 29 Sep 2022 15:14:41 GMT
Age: 3826751
Timing-Allow-Origin: *
X-Served-By: cache-chi-kigq8000063-CHI, cache-bma1623-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 1
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3826037172731ac33e566808c9618388
226e9205194fb0446af7fef47c68749add90d966
692f1898c2850d619cb42a23932602bc680abe6634e2b04906304311d2eccf27
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 15:14:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/ddm/fls/i/src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html
142.250.74.162200 OK 385 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html
IP 142.250.74.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (513), with no line terminators
Hash 6da5969356df80d83312d6b0bca604e8
a352bd59cfe4068c776cc9d3acb723eb4e1609af
4514880eba4798114d09a67b93f1433cf06ece4beeee8266b101fd27b3070d5e
GET /ddm/fls/i/src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://4721227.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 15:14:41 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 385
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/activityi(2).html
163.44.198.59200 OK 526 B URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/activityi(2).html
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 4111ba0635356cb00c95c1e7df71bc7a
478e66ccd3ea1606c21b0bc2dc7be11fb4980c81
368050e24650d085ae45ff96cb255eafd8196154f484969f0492ceaab7d9d9c5
Analyzer Verdict Alert urlquery Phishing - Spotify
fortinet Phishing
GET /~cp785288/hlep/Login/files/activityi(2).html HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
Cookie: PHPSESSID=0kaanng2dq2ei3a4pu6dr7jsu4
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 15:14:41 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "20e-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 526
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3826037172731ac33e566808c9618388
226e9205194fb0446af7fef47c68749add90d966
692f1898c2850d619cb42a23932602bc680abe6634e2b04906304311d2eccf27
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 15:14:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Thu, 29 Sep 2022 14:29:33 GMT
Expires: Thu, 29 Sep 2022 14:43:20 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 64rvYXrK8E2VuZAkcKVPAj9hvtUzuH25Mx2WJRfmTOCQ9URAXuVm1A==
Age: 2708
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/form_offer_panel.html
163.44.198.59200 OK 5.3 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/form_offer_panel.html
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (993)
Hash c118ac3a4ba997458c78eade2e1fdac4
faf216d9d3d102571af688fa9aa4b52da44257fb
cfa2f7dc5b0d7b3bc7190aab46525cefb46185c2c0251de98a3290440b5282d1
Analyzer Verdict Alert urlquery Phishing - Spotify
fortinet Phishing
GET /~cp785288/hlep/Login/files/form_offer_panel.html HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
Cookie: PHPSESSID=0kaanng2dq2ei3a4pu6dr7jsu4
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 15:14:41 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "1489-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 5257
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 64efebb51e5b4f12f97825c5944d0cfa
fc6830187fd786f3d7fefeda96bf0fbe15509927
a33a76aa921357b856b0f68c84f500cd12c40cce3172723b8cd77c250422ac43
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 15:14:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/ddm/fls/i/src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html
142.250.74.66302 Found 0 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html
IP 142.250.74.66:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ddm/fls/i/src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 15:14:41 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://4721227.fls.doubleclick.net/ddm/fls/r/src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 64efebb51e5b4f12f97825c5944d0cfa
fc6830187fd786f3d7fefeda96bf0fbe15509927
a33a76aa921357b856b0f68c84f500cd12c40cce3172723b8cd77c250422ac43
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 15:14:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash afd8fa81635542b658c07532cb90840c
bfdc45d2c58abeccfb253a1d39258fb6cfe87c3a
1d977286920a519d7ce191e6d7cb909b1d781f1043addcc94a51385c6b6537bb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 15:14:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
4721227.fls.doubleclick.net/ddm/fls/r/src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html
142.250.74.70200 OK 810 B URL HTTP/2 4721227.fls.doubleclick.net/ddm/fls/r/src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html
IP 142.250.74.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (605)
Hash 491829d94d11c593c5e13c746519b674
676caaca2116a50807fe27a04675afdead57f8a2
91b4b4087bafc56e81cd7586ea02acf165671395e607698d4d0f78c7e37eeccd
GET /ddm/fls/r/src=4721227;type=uidfq0;cat=spoti0;ord=5160187481151;gtm=G1u;u2=undefined;~oref=file%3A%2F%2F%2FC%3A%2FAppServ%2Fwww%2FOVO%2520v2.7%2FSpotify%2FSubscription%2520and%2520payment%2520-%2520Spotify.html HTTP/1.1
Host: 4721227.fls.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://adservice.google.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 15:14:41 GMT
expires: Thu, 29 Sep 2022 15:14:41 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 810
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 29-Sep-2022 15:29:41 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f09cb223e3dc028c58cf32c2274c3766
ca7f1663a1200941986e786353ed2f3ff50bd0b2
9b89a5534b1a84f0a86f150dc7f1f699bb972f7b8e151b29c02454dd939066ca
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5167
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 15:14:41 GMT
Last-Modified: Thu, 29 Sep 2022 13:48:35 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f5924adbc13d93bf6234af7a9fbc6d30
9a4447c70f70b1058dcce88d5026e18ec8fba102
14ba43d50c5068f012648dc1f901b5de4ffc6baf8055201ff5ea983a5bc05c78
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 15:14:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash f77bb3f2c14aa23d80b3b5c15d207f15
ce96e1be7f3207b8975f78eedd7551005bc008d9
1aa1774463c00e5d33aa7e3122e8f9260dad140e03f42394bafb8dc77b7e7959
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 15:14:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googleadservices.com/pagead/conversion.js
142.250.74.34200 OK 17 kB URL HTTP/2 www.googleadservices.com/pagead/conversion.js
IP 142.250.74.34:0
File type ASCII text, with very long lines (2021)
Hash 644b3aa474b0b7418649a582badfd446
b86345e44ed16c69f9b8efbd6a9ae426d7b6a8cc
b29181ba84a74ed0344e80b66101125293ccaeb15a22456a02aefdb7671a344a
GET /pagead/conversion.js HTTP/1.1
Host: www.googleadservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 29 Sep 2022 15:14:41 GMT
expires: Thu, 29 Sep 2022 15:14:41 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 11313833467736987248
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 17403
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 3462a8417d594a5111e3bce615b0e540
463f8b99d6c9f900cf0e65c8e35a6e2d3f59603d
efe5fd5dc993eb6906e5e61355ef115f073e0e63c838545424458a8c6fc26cd5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 15:14:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/embedded-checkout-7f51b6350a.css
163.44.198.59200 OK 16 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/embedded-checkout-7f51b6350a.css
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type ASCII text, with very long lines (16242), with no line terminators
Hash 7f51b6350a9a704d466a234099088106
c86c363d221743f1fd094dc449ebd173c9978998
c98fd9d8e74817c15654a9bc1381f9cd3850b87fc5da82d92f1f6aa7558ba09f
Analyzer Verdict Alert urlquery Phishing - Spotify
GET /~cp785288/hlep/Login/files/embedded-checkout-7f51b6350a.css HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
Cookie: PHPSESSID=0kaanng2dq2ei3a4pu6dr7jsu4
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 15:14:41 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "3f72-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 16242
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.additional-methods.js
163.44.198.59200 OK 22 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.additional-methods.js
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type Unicode text, UTF-8 text, with very long lines (1231)
Hash 90ea2fdca7a2817e04c6f508fc70fc82
8ea4223a744c83d354c257bbce3e85e6804e9147
72d04d4e4fec062d1c4ef989026f021267b61ffa1d0350855a7007e81f49bba6
Analyzer Verdict Alert urlquery Phishing - Spotify
fortinet Phishing
GET /~cp785288/hlep/Login/files/jquery.additional-methods.js HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
Cookie: PHPSESSID=0kaanng2dq2ei3a4pu6dr7jsu4
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 15:14:41 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "56ed-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 22253
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
push.services.mozilla.com/
100.20.30.105101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 100.20.30.105:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: tbocqxCoQZ8UyNdB8W7q/w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 83/q1DHna9/zASwhC3Q4uSBst/A=
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.v-form.js
163.44.198.59200 OK 7.1 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.v-form.js
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
Hash 8d3893b549d0d074acd24a67fa6bb19c
e1612052c6092b2ed31a89bd4f2657fd7ca960f6
4e5b8d16044077193472b2bad96dabf3f322452461b533f469846de23b94995f
Analyzer Verdict Alert urlquery Phishing - Spotify
fortinet Phishing
GET /~cp785288/hlep/Login/files/jquery.v-form.js HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
Cookie: PHPSESSID=0kaanng2dq2ei3a4pu6dr7jsu4
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 15:14:42 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "1bc7-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 7111
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.validate.js
163.44.198.59200 OK 46 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.validate.js
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type Unicode text, UTF-8 text, with very long lines (511)
Hash 17836a76e9a044bc7dad83f6dcef42ef
3467edcee0e9cecd3e5be5bfd21227c8676c05ac
d030f6633a5d0efd3f76fcf5ec98a0468c76770e618a401ffe5ddc7f6ccc844b
Analyzer Verdict Alert urlquery Phishing - Spotify
fortinet Phishing
GET /~cp785288/hlep/Login/files/jquery.validate.js HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
Cookie: PHPSESSID=0kaanng2dq2ei3a4pu6dr7jsu4
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 15:14:41 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "b4bb-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 46267
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.CardValidator.js
163.44.198.59200 OK 6.4 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.CardValidator.js
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
Hash 27c724fa448269f77118494361b0fc0c
7455679ba0a9811fd31ab5ea8f76ebfe4ba22ec9
8802adf5641c1056fcf4feeeabb83be1b1e3724d9b460cecc791dfdd6422bc3b
Analyzer Verdict Alert urlquery Phishing - Spotify
fortinet Phishing
GET /~cp785288/hlep/Login/files/jquery.CardValidator.js HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
Cookie: PHPSESSID=0kaanng2dq2ei3a4pu6dr7jsu4
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 15:14:42 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "18df-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 6367
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.20.226:0
Hash f98e49be57abc227cb2aa2ddf543139a
d9f30363ba404bbcd22f4e9b2f539688ca5ba4bf
a6a3807229adc0dddf84e35a4ae2bab03b2a314106fcb9b78b0415734101c5b1
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 15:14:42 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Mon, 03 Oct 2022 12:22:45 GMT
ETag: "d9f30363ba404bbcd22f4e9b2f539688ca5ba4bf"
Last-Modified: Thu, 29 Sep 2022 12:22:46 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2636
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7525ab876aab0b61-OSL
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.maskedinput.js
163.44.198.59200 OK 10 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.maskedinput.js
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
Hash 6f7c106ad7a91b4d75ffbdce35b1907b
e1937b367daea561b96d7f47be85132a5a8ad55b
b63e5bcbf53f3f1ab4bcf0845a900fab7b25981693e753d73cfd2784a8046446
Analyzer Verdict Alert urlquery Phishing - Spotify
fortinet Phishing
GET /~cp785288/hlep/Login/files/jquery.maskedinput.js HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
Cookie: PHPSESSID=0kaanng2dq2ei3a4pu6dr7jsu4
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 15:14:42 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "2805-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 10245
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.mask.js
163.44.198.59200 OK 18 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.mask.js
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
Hash 219d169a80568884a3d6baab3e5e7def
61d00104de8c972c820cd9b527d8e2edb30e5c4a
cf1f0d954cbbbcb32d170b1ff68c5b082a1086f34f2bbee825ca88b7c9fb213a
Analyzer Verdict Alert fortinet Phishing
GET /~cp785288/hlep/Login/files/jquery.mask.js HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
Cookie: PHPSESSID=0kaanng2dq2ei3a4pu6dr7jsu4
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 15:14:42 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "47fe-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 18430
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.js
163.44.198.59200 OK 86 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/jquery.js
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type ASCII text, with very long lines (32034), with CRLF line terminators
Hash 1a0d5be2d25ff036a0e088e0ec0b3600
7a9ae64f46b3c59ab06648d5681434a89c3d605c
2a1f1370eb7b24a307312112427dfd544fb838a8bef66babc936f5e870a22e52
Analyzer Verdict Alert urlquery Phishing - Spotify
fortinet Phishing
GET /~cp785288/hlep/Login/files/jquery.js HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
Cookie: PHPSESSID=0kaanng2dq2ei3a4pu6dr7jsu4
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 15:14:41 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "15147-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 86343
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/account-4445741da9.css
163.44.198.59200 OK 113 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/account-4445741da9.css
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type ASCII text, with very long lines (65536), with no line terminators
Size 113 kB (113191 bytes)
Hash 4445741da9c2fcc072a15b124aca043b
6496e6d22375b3c56470b0d163a704e5f5a1dd72
279c2837ecb9591e8dcfd0d1da12755faf0360ff9154f5a2dfde51f138c09489
Analyzer Verdict Alert urlquery Phishing - Spotify
GET /~cp785288/hlep/Login/files/account-4445741da9.css HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
Cookie: PHPSESSID=0kaanng2dq2ei3a4pu6dr7jsu4
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 15:14:41 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "1ba27-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 113191
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 139d64e28724086d1d5ab6d2f534ff25
2c717905e83564a17bd8ca61dd934133416f629b
a37afafc8ee712ae7ae935d3ed564f3cf46dd09005debbc5e2650f8b434d1e00
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A37AFAFC8EE712AE7AE935D3ED564F3CF46DD09005DEBBC5E2650F8B434D1E00"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14938
Expires: Thu, 29 Sep 2022 19:23:41 GMT
Date: Thu, 29 Sep 2022 15:14:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 139d64e28724086d1d5ab6d2f534ff25
2c717905e83564a17bd8ca61dd934133416f629b
a37afafc8ee712ae7ae935d3ed564f3cf46dd09005debbc5e2650f8b434d1e00
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A37AFAFC8EE712AE7AE935D3ED564F3CF46DD09005DEBBC5E2650F8B434D1E00"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14938
Expires: Thu, 29 Sep 2022 19:23:41 GMT
Date: Thu, 29 Sep 2022 15:14:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 139d64e28724086d1d5ab6d2f534ff25
2c717905e83564a17bd8ca61dd934133416f629b
a37afafc8ee712ae7ae935d3ed564f3cf46dd09005debbc5e2650f8b434d1e00
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A37AFAFC8EE712AE7AE935D3ED564F3CF46DD09005DEBBC5E2650F8B434D1E00"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14938
Expires: Thu, 29 Sep 2022 19:23:41 GMT
Date: Thu, 29 Sep 2022 15:14:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 139d64e28724086d1d5ab6d2f534ff25
2c717905e83564a17bd8ca61dd934133416f629b
a37afafc8ee712ae7ae935d3ed564f3cf46dd09005debbc5e2650f8b434d1e00
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A37AFAFC8EE712AE7AE935D3ED564F3CF46DD09005DEBBC5E2650F8B434D1E00"
Last-Modified: Tue, 27 Sep 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14938
Expires: Thu, 29 Sep 2022 19:23:41 GMT
Date: Thu, 29 Sep 2022 15:14:43 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75de31dd-bbf0-4a21-bfac-94f0062f4da4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75de31dd-bbf0-4a21-bfac-94f0062f4da4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4505f57697072468da82e0b536d0d5b
e1067a2dfbc22e7eb196046d57bd1e17604dba75
b5e79054f165f38b99f93a8128284f82076523988aeb102b85dd8ff1a2870d00
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75de31dd-bbf0-4a21-bfac-94f0062f4da4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10023
x-amzn-requestid: 0cb6b9a1-0707-4094-b197-5a0add2df717
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMK4dHJLIAMFWmg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be9c-2d8bbb17157900f126c5bb3c;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:37:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wZ2hBqHAdwimAVV3p-CJFrb9zQ-CTN5ar9CB-cu0mZoENYUFTKKPWQ==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 ddaf46a95abcfc80e8eae76235e2127c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 22:04:58 GMT
age: 61785
etag: "e1067a2dfbc22e7eb196046d57bd1e17604dba75"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5cbaf6d-fc16-4449-8b54-1d55f68eff4f.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5cbaf6d-fc16-4449-8b54-1d55f68eff4f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 11594ce7500d8776bfd5162b17f87d72
72603efba82d649ce5a7a0ca45dc830c0d9ef012
511f5aa33750cd4a02cf3968bf165ffa521e77cb4fb7135b516d7ad14e8b9d01
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff5cbaf6d-fc16-4449-8b54-1d55f68eff4f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14073
x-amzn-requestid: 4ff72590-e28d-4d4b-af1a-4d62e75e3d66
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMKnpEsJoAMFlBQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334be30-38b014a25551aa0a2ab04ccf;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:35:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: dyDhatfeYzzSQpRY7JpOIu3VhjlI8IOWcKCLCBWYaxJ1CYgCxqdQjA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 21:49:42 GMT
age: 62701
etag: "72603efba82d649ce5a7a0ca45dc830c0d9ef012"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e97b5ce-1b94-4a15-a121-825f38a9d7d9.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e97b5ce-1b94-4a15-a121-825f38a9d7d9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2054ae778a3079d8233ee33045127df6
927d5a375d9607b23caadae148566fdff10147b1
6b33c83c2b78b413ae375966860e1a9c8aa8e28dee107f9dd5bb8ceb221e607a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e97b5ce-1b94-4a15-a121-825f38a9d7d9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9034
x-amzn-requestid: 20199dff-cd75-4f47-9395-9fdab045638c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGVYtHROoAMFQ6A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63326904-6a77e2d438ae887e4cd54ec6;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 03:07:48 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: z92zeMKTSVmpz2TYok8XpBUxuY4ZzN3Z_w32gQgjX1QGb26YDxnfdQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 04:20:40 GMT
age: 39243
etag: "927d5a375d9607b23caadae148566fdff10147b1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F783cca30-851d-4c3b-97b3-dfc92f711d23.jpeg
34.120.237.76200 OK 4.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F783cca30-851d-4c3b-97b3-dfc92f711d23.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aed4d25286420a1405c3274931194002
c17c7bdfa4b40f9a0634da65c610869e5c410bf1
f32058bdd49930b927d1f9fdfd204ed054b4f85e0d679eff067d522d42ac504a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F783cca30-851d-4c3b-97b3-dfc92f711d23.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4093
x-amzn-requestid: 88076712-b2bb-4aee-81a7-ae35201748ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZMKZtEXeoAMFVbA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6334bdd7-317a47e2018160b928a40ff9;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 21:34:15 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: VztBCwvlCphzQJw_HAODqlJjRAaYDoKFzmkAYhrhUTZJ5rmNtNSzuQ==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 21:50:26 GMT
age: 62657
etag: "c17c7bdfa4b40f9a0634da65c610869e5c410bf1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9d0e9057-f203-4080-95b8-652ecd15effa.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9d0e9057-f203-4080-95b8-652ecd15effa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c62a6368c456e9614ca4c8e360a2ef12
35ec6e80d324bb215796c590a7ffafbaea55d88e
90a37acc6beda1aa98a98cb84e00a7e469d6d919a14f4709c5f67a83ae95278d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9d0e9057-f203-4080-95b8-652ecd15effa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7859
x-amzn-requestid: 34d0718f-46d4-446f-bb06-8449bd8f4287
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZIlO4FcBoAMFy0w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63334f2b-58ae81c9077e4f1575750f15;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 19:29:47 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: LwYd0qn4P-zh1W4GvU8vNEo3_TZHEqtErAj3UKx7a82LIDaBsiXE-w==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 19:04:20 GMT
age: 72623
etag: "35ec6e80d324bb215796c590a7ffafbaea55d88e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99f26bb4-2c5c-44ef-86d3-90fd05ec1ce0.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99f26bb4-2c5c-44ef-86d3-90fd05ec1ce0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 36ae9444071dd70dcf86802c370ffda9
44cc19b21912d07f82a88af5b2fa6d3e370459bf
99984d108bf31d733414f7f1352e17225ac21ac2dbfb4b1e7fa7ae80e5b6b822
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99f26bb4-2c5c-44ef-86d3-90fd05ec1ce0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9654
x-amzn-requestid: 7961f184-9476-43de-bf35-8ccb50ee1760
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGVYsHA6oAMFvRA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63326904-05f567f7606462ac44f89987;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 03:07:48 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: XaB4TwXv4xy0Sy3dncNYZWEPEnHY5BkEHR7fZDK59APYkzH9DPdT7A==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Sep 2022 04:20:40 GMT
age: 39243
etag: "44cc19b21912d07f82a88af5b2fa6d3e370459bf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/script.min.js.download
163.44.198.59200 OK 102 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/script.min.js.download
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type ASCII text, with very long lines (606)
Size 102 kB (102502 bytes)
Hash 97a4272e14f1f22426b66cf76d35cb6c
37b019ee762cf810d1f7afb2093759555a7b9a82
5eac9ca987f8ea95d31583f360ea2211f3cd58afda19ead30f9e890106d460b2
Analyzer Verdict Alert urlquery Phishing - Spotify
fortinet Phishing
GET /~cp785288/hlep/Login/files/script.min.js.download HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/form_offer_panel.html
Cookie: PHPSESSID=0kaanng2dq2ei3a4pu6dr7jsu4
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 15:14:42 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "19066-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 102502
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/spotify-543b91ee3c.css
163.44.198.59200 OK 334 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/spotify-543b91ee3c.css
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type ASCII text, with very long lines (65371)
Size 334 kB (333717 bytes)
Hash 543b91ee3c2476d8cef5ea60c31e9c89
6d966ee2076be0b1497de6584b2f4b03b4dfcdc2
758ad9846aa8db4fd6d7958b03c8db3a2416c1e200fd203c4da5d0129f701e94
Analyzer Verdict Alert urlquery Phishing - Spotify
GET /~cp785288/hlep/Login/files/spotify-543b91ee3c.css HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
Cookie: PHPSESSID=0kaanng2dq2ei3a4pu6dr7jsu4
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 15:14:41 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "51795-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 333717
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 253e735983d6b98808235295de508f8b
e47aa9e4c679c5215cd2d20cd3dcd7ce58fde86d
c4e13af46f6ab54af9a8d5a68fe5c12d8a5c41ed829568380bdeca8c729f1da5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 15:14:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
sp-bootstrap.global.ssl.fastly.net/8.2.0/fonts/circular-bold.woff2
151.101.85.194200 OK 69 kB URL HTTP/1.1 sp-bootstrap.global.ssl.fastly.net/8.2.0/fonts/circular-bold.woff2
IP 151.101.85.194:0
File type Web Open Font Format (Version 2), TrueType, length 69140, version 1.66\012- data
Hash 14bfce9501e5a5dc0adbe559dd630bc6
1347f73fa1907fd9762431cbcfc1e14918cdbddc
0e1e4f36fc8076dd1b5f30ac8aeaeed4b5927e475d0d4e7b8d63a33beb2fd0b5
Analyzer Verdict Alert urlquery Phishing - Spotify
GET /8.2.0/fonts/circular-bold.woff2 HTTP/1.1
Host: sp-bootstrap.global.ssl.fastly.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://cpanel10wh.bkk1.cloud.z.com
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 69140
Last-Modified: Mon, 21 Mar 2022 12:56:03 GMT
ETag: "14bfce9501e5a5dc0adbe559dd630bc6"
x-goog-generation: 1647867363593511
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 69140
x-amz-meta-goog-reserved-file-mtime: 1504812661
Content-Type: font/woff2
Accept-Ranges: bytes
Date: Thu, 29 Sep 2022 15:14:44 GMT
Age: 4352486
X-Served-By: cache-chi-kigq8000076-CHI, cache-bma1629-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 1
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
sp-bootstrap.global.ssl.fastly.net/8.2.0/images/flags/int.svg
151.101.85.194200 OK 20 kB URL HTTP/1.1 sp-bootstrap.global.ssl.fastly.net/8.2.0/images/flags/int.svg
IP 151.101.85.194:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (48095), with no line terminators
Hash f0502bfcc1f3e782c835f8451b65b007
121a2c65c3081cfbc124f475b411adb92b2bc1bc
4d148629e85b4da29493dd19bd6d02acfcf63b3085475b7154e3279811cdfa56
Analyzer Verdict Alert urlquery Phishing - Spotify
GET /8.2.0/images/flags/int.svg HTTP/1.1
Host: sp-bootstrap.global.ssl.fastly.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 20408
Last-Modified: Mon, 21 Mar 2022 12:56:04 GMT
ETag: "d15d3150af5b38c95ccbe16ba344d47f"
x-goog-generation: 1647867364791394
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 48095
x-amz-meta-goog-reserved-file-mtime: 1504812661
Content-Type: image/svg+xml
Content-Encoding: gzip
Accept-Ranges: bytes
Date: Thu, 29 Sep 2022 15:14:44 GMT
Age: 2591491
X-Served-By: cache-chi-klot8100114-CHI, cache-bma1673-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 136, 1
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
sp-bootstrap.global.ssl.fastly.net/8.2.0/fonts/circular-medium.woff2
151.101.85.194200 OK 66 kB URL HTTP/1.1 sp-bootstrap.global.ssl.fastly.net/8.2.0/fonts/circular-medium.woff2
IP 151.101.85.194:0
File type Web Open Font Format (Version 2), TrueType, length 66268, version 1.66\012- data
Hash 251eb282f9ea3a40421d0ae5a549fb92
1a82cf4b6869398509c5bd982495e461c1eb3823
a9d8ae96f7d8b1c672c9cdf8709e876e76172e41c2d9f15a842fc6d9c6f5573d
Analyzer Verdict Alert urlquery Phishing - Spotify
GET /8.2.0/fonts/circular-medium.woff2 HTTP/1.1
Host: sp-bootstrap.global.ssl.fastly.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://cpanel10wh.bkk1.cloud.z.com
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 66268
Last-Modified: Mon, 21 Mar 2022 12:56:03 GMT
ETag: "251eb282f9ea3a40421d0ae5a549fb92"
x-goog-generation: 1647867363628825
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 66268
x-amz-meta-goog-reserved-file-mtime: 1504812661
Content-Type: font/woff2
Accept-Ranges: bytes
Date: Thu, 29 Sep 2022 15:14:44 GMT
Age: 795390
X-Served-By: cache-chi-kigq8000155-CHI, cache-bma1647-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 37, 1
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
sp-bootstrap.global.ssl.fastly.net/8.2.0/fonts/circular-black.woff2
151.101.85.194200 OK 69 kB URL HTTP/1.1 sp-bootstrap.global.ssl.fastly.net/8.2.0/fonts/circular-black.woff2
IP 151.101.85.194:0
File type Web Open Font Format (Version 2), TrueType, length 69188, version 1.66\012- data
Hash 9e0ddf791ff8bdc860603330b6b1c88e
9a721a21c1928f089ee0eae1988acd8c83fa1a33
769dae020149617e3d70328c3e1557fa3ca53fa128a9743ab389b2bfcb5327f1
Analyzer Verdict Alert urlquery Phishing - Spotify
GET /8.2.0/fonts/circular-black.woff2 HTTP/1.1
Host: sp-bootstrap.global.ssl.fastly.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://cpanel10wh.bkk1.cloud.z.com
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 69188
Last-Modified: Mon, 21 Mar 2022 12:56:03 GMT
ETag: "9e0ddf791ff8bdc860603330b6b1c88e"
x-goog-generation: 1647867363538571
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 69188
x-amz-meta-goog-reserved-file-mtime: 1504812660
Content-Type: font/woff2
Accept-Ranges: bytes
Date: Thu, 29 Sep 2022 15:14:44 GMT
Age: 1913631
X-Served-By: cache-chi-kigq8000145-CHI, cache-bma1631-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 1
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
sp-bootstrap.global.ssl.fastly.net/8.2.0/fonts/circular-book.woff2
151.101.85.194200 OK 64 kB URL HTTP/1.1 sp-bootstrap.global.ssl.fastly.net/8.2.0/fonts/circular-book.woff2
IP 151.101.85.194:0
File type Web Open Font Format (Version 2), TrueType, length 64512, version 1.66\012- data
Hash 0c0dfc4df72c07c84b15651ab6f951a6
06d7669306b19fffec534f47b18eedce61c5aa73
16f860a080d405f412750f83c4ee2168302cd1f3347416b5b3ae50bae3571b28
Analyzer Verdict Alert urlquery Phishing - Spotify
GET /8.2.0/fonts/circular-book.woff2 HTTP/1.1
Host: sp-bootstrap.global.ssl.fastly.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://cpanel10wh.bkk1.cloud.z.com
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 64512
Last-Modified: Mon, 21 Mar 2022 12:56:03 GMT
ETag: "0c0dfc4df72c07c84b15651ab6f951a6"
x-goog-generation: 1647867363540028
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 64512
x-amz-meta-goog-reserved-file-mtime: 1504812661
Content-Type: font/woff2
Accept-Ranges: bytes
Date: Thu, 29 Sep 2022 15:14:44 GMT
Age: 783608
X-Served-By: cache-chi-kigq8000135-CHI, cache-bma1636-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 63, 2
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
googleads.g.doubleclick.net/pagead/viewthroughconversion/938675917/?random=1664464481254&cv=9&fst=1664464481254&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F4721227.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D4721227%3Btype%3Duidfq0%3Bcat%3Dspoti0%3Bord%3D5160187481151%3Bgtm%3DG1u%3Bu2%3Dundefined%3B~oref%3Dfile%253A%252F%252F%252FC%253A%252FAppServ%252Fwww%252FOVO%252520v2.7%252FSpotify%252FSubscription%252520and%252520payment%252520-%252520Spotify.html&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&rfmt=3&fmt=4
142.250.74.66200 OK 1.2 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/938675917/?random=1664464481254&cv=9&fst=1664464481254&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F4721227.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D4721227%3Btype%3Duidfq0%3Bcat%3Dspoti0%3Bord%3D5160187481151%3Bgtm%3DG1u%3Bu2%3Dundefined%3B~oref%3Dfile%253A%252F%252F%252FC%253A%252FAppServ%252Fwww%252FOVO%252520v2.7%252FSpotify%252FSubscription%252520and%252520payment%252520-%252520Spotify.html&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&rfmt=3&fmt=4
IP 142.250.74.66:0
File type ASCII text, with very long lines (2718), with no line terminators
Hash fe01a8b2808782c47785fe24948d9e55
b3ffd7c9bac7b256d5d96728f2f41a8c32c53cbc
b7c6d8f090bc5b07e0b02e1d179eca863f3f81d04f6496a3b89b80b00d4a11e2
GET /pagead/viewthroughconversion/938675917/?random=1664464481254&cv=9&fst=1664464481254&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F4721227.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D4721227%3Btype%3Duidfq0%3Bcat%3Dspoti0%3Bord%3D5160187481151%3Bgtm%3DG1u%3Bu2%3Dundefined%3B~oref%3Dfile%253A%252F%252F%252FC%253A%252FAppServ%252Fwww%252FOVO%252520v2.7%252FSpotify%252FSubscription%252520and%252520payment%252520-%252520Spotify.html&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 15:14:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1152
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 29-Sep-2022 15:29:44 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bat.bing.com/bat.js
204.79.197.200200 OK 11 kB IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (38826), with no line terminators
Hash babb0d09b27851a7c080c2843211eb91
cf41327a7f5a83c8343e85741bc34cb53050449a
adc4ea8ee48fd9337d951234bd345899ddb116cad409265ee2cf01733ac82e84
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 11376
content-type: application/javascript
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ranges: bytes
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
set-cookie: MUID=37C21DF95CF262DD22E40FD75D0763D3; domain=.bing.com; expires=Tue, 24-Oct-2023 15:14:44 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BF762BEE8E9748F1BE259EA325BE31D0 Ref B: OSL30EDGE0214 Ref C: 2022-09-29T15:14:44Z
date: Thu, 29 Sep 2022 15:14:43 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f4cac07a6b43c2c45dbdd3dcbf8856e4
985130ebc2d64abc30a0673061e6f73e5a4f02a4
8945a690f41c23b6411950f9bbdb51becf8c48e363a715af38984d45085f9904
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 15:14:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ed8d6ec40376562f5bb4fae1652cc110
6910ffb0c6a68c3a33faa6151e3f1951a7ec389b
d66a2981e24e1a88da3f0beadd60cd744826719b4e39cfa3b2194993969534a5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 15:14:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bat.bing.com/action/0?ti=5489004&Ver=2&mid=ba96dabe-b731-4c69-9fec-55f35fc3ee34&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&p=https%3A%2F%2Fadservice.google.com%2F&r=<=2799&evt=pageLoad&ifm=1&sv=1&rn=112077
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/action/0?ti=5489004&Ver=2&mid=ba96dabe-b731-4c69-9fec-55f35fc3ee34&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&p=https%3A%2F%2Fadservice.google.com%2F&r=<=2799&evt=pageLoad&ifm=1&sv=1&rn=112077
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=5489004&Ver=2&mid=ba96dabe-b731-4c69-9fec-55f35fc3ee34&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&p=https%3A%2F%2Fadservice.google.com%2F&r=<=2799&evt=pageLoad&ifm=1&sv=1&rn=112077 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=2B5F3A02799A6F4D0CEE282C786F6EE9; domain=.bing.com; expires=Tue, 24-Oct-2023 15:14:44 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 804EF0A115214953A056780C214FF0D3 Ref B: OSL30EDGE0214 Ref C: 2022-09-29T15:14:44Z
date: Thu, 29 Sep 2022 15:14:43 GMT
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/938675917/?random=1664464481254&cv=9&fst=1664463600000&num=1&guid=ON&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=2&url=https%3A%2F%2F4721227.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D4721227%3Btype%3Duidfq0%3Bcat%3Dspoti0%3Bord%3D5160187481151%3Bgtm%3DG1u%3Bu2%3Dundefined%3B~oref%3Dfile%253A%252F%252F%252FC%253A%252FAppServ%252Fwww%252FOVO%252520v2.7%252FSpotify%252FSubscription%252520and%252520payment%252520-%252520Spotify.html&ref=https%3A%2F%2Fadservice.google.com%2F&fmt=3&is_vtc=1&random=3578303946&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/938675917/?random=1664464481254&cv=9&fst=1664463600000&num=1&guid=ON&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=2&url=https%3A%2F%2F4721227.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D4721227%3Btype%3Duidfq0%3Bcat%3Dspoti0%3Bord%3D5160187481151%3Bgtm%3DG1u%3Bu2%3Dundefined%3B~oref%3Dfile%253A%252F%252F%252FC%253A%252FAppServ%252Fwww%252FOVO%252520v2.7%252FSpotify%252FSubscription%252520and%252520payment%252520-%252520Spotify.html&ref=https%3A%2F%2Fadservice.google.com%2F&fmt=3&is_vtc=1&random=3578303946&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/938675917/?random=1664464481254&cv=9&fst=1664463600000&num=1&guid=ON&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=2&url=https%3A%2F%2F4721227.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D4721227%3Btype%3Duidfq0%3Bcat%3Dspoti0%3Bord%3D5160187481151%3Bgtm%3DG1u%3Bu2%3Dundefined%3B~oref%3Dfile%253A%252F%252F%252FC%253A%252FAppServ%252Fwww%252FOVO%252520v2.7%252FSpotify%252FSubscription%252520and%252520payment%252520-%252520Spotify.html&ref=https%3A%2F%2Fadservice.google.com%2F&fmt=3&is_vtc=1&random=3578303946&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 15:14:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/938675917/?random=1664464481254&cv=9&fst=1664463600000&num=1&guid=ON&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=2&url=https%3A%2F%2F4721227.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D4721227%3Btype%3Duidfq0%3Bcat%3Dspoti0%3Bord%3D5160187481151%3Bgtm%3DG1u%3Bu2%3Dundefined%3B~oref%3Dfile%253A%252F%252F%252FC%253A%252FAppServ%252Fwww%252FOVO%252520v2.7%252FSpotify%252FSubscription%252520and%252520payment%252520-%252520Spotify.html&ref=https%3A%2F%2Fadservice.google.com%2F&fmt=3&is_vtc=1&random=3578303946&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/938675917/?random=1664464481254&cv=9&fst=1664463600000&num=1&guid=ON&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=2&url=https%3A%2F%2F4721227.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D4721227%3Btype%3Duidfq0%3Bcat%3Dspoti0%3Bord%3D5160187481151%3Bgtm%3DG1u%3Bu2%3Dundefined%3B~oref%3Dfile%253A%252F%252F%252FC%253A%252FAppServ%252Fwww%252FOVO%252520v2.7%252FSpotify%252FSubscription%252520and%252520payment%252520-%252520Spotify.html&ref=https%3A%2F%2Fadservice.google.com%2F&fmt=3&is_vtc=1&random=3578303946&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/938675917/?random=1664464481254&cv=9&fst=1664463600000&num=1&guid=ON&eid=375603260&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=2&url=https%3A%2F%2F4721227.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D4721227%3Btype%3Duidfq0%3Bcat%3Dspoti0%3Bord%3D5160187481151%3Bgtm%3DG1u%3Bu2%3Dundefined%3B~oref%3Dfile%253A%252F%252F%252FC%253A%252FAppServ%252Fwww%252FOVO%252520v2.7%252FSpotify%252FSubscription%252520and%252520payment%252520-%252520Spotify.html&ref=https%3A%2F%2Fadservice.google.com%2F&fmt=3&is_vtc=1&random=3578303946&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 29 Sep 2022 15:14:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bat.bing.com/p/action/5489004.js
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/p/action/5489004.js
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/5489004.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: private,max-age=1800
set-cookie: MUID=035DD16BF2466F7E3B07C345F3B36EF4; domain=.bing.com; expires=Tue, 24-Oct-2023 15:14:44 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 02B7B4E9714C4063ACF8964A72A47C9B Ref B: OSL30EDGE0214 Ref C: 2022-09-29T15:14:44Z
date: Thu, 29 Sep 2022 15:14:43 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 59ba480d1da855e1304f9b1ed2f2d71a
14b08abf83b157a1234ea3d3d24cff17e9d0cba5
dd21814d80be8a3be342ef1e15a9d3977c3abaf7f439545a86223bdda7d7cda8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3112
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 29 Sep 2022 15:14:44 GMT
Last-Modified: Thu, 29 Sep 2022 14:22:52 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/sprites_cc_logos.png
163.44.198.59200 OK 24 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/sprites_cc_logos.png
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type PNG image data, 37 x 948, 8-bit/color RGBA, non-interlaced\012- data
Hash 0cc5525016888556c3fb82f2cdab246a
f7fbe9b43f6d01cad02f9b016d4b0f0abb8c4423
a47f9feda7682c5085fa780e2560144c5bc70caa592a8d1a345a852948efa94a
Analyzer Verdict Alert urlquery Phishing - Spotify
GET /~cp785288/hlep/Login/files/sprites_cc_logos.png HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
Cookie: PHPSESSID=0kaanng2dq2ei3a4pu6dr7jsu4
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 15:14:44 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "5e74-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 24180
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/download.ico
163.44.198.59200 OK 5.4 kB URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/files/download.ico
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
File type MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash ace4d8543bbb017893402a1e9d1ac1fa
70a0e66f27ae1b004628117d4d9e9b4110f91651
d2534e9fb333a6e277f1edf9b9843564e094027fb79979081e41fd778c339ae5
Analyzer Verdict Alert urlquery Phishing - Spotify
fortinet Phishing
GET /~cp785288/hlep/Login/files/download.ico HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
Cookie: PHPSESSID=0kaanng2dq2ei3a4pu6dr7jsu4
HTTP/1.1 200 OK
Date: Thu, 29 Sep 2022 15:14:44 GMT
Server: Apache
Last-Modified: Tue, 16 Jul 2019 16:30:28 GMT
ETag: "1536-58dcee4fb3100"
Accept-Ranges: bytes
Content-Length: 5430
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/x-icon
insight.adsrvr.org/track/conv/?adv=3ysyqec&ct=0:2azffrr&fmt=3
15.197.193.217200 OK 9.3 kB URL HTTP/2 insight.adsrvr.org/track/conv/?adv=3ysyqec&ct=0:2azffrr&fmt=3
IP 15.197.193.217:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash dce590cab41cc18cfb9d883af76190f9
c00429b4ba2dbb0f6a3a2f69ec038e8ea729b958
9d055378ca8a40dc345d6919526113f81656cb011e8d72a3cd4e8b5aed27babd
GET /track/conv/?adv=3ysyqec&ct=0:2azffrr&fmt=3 HTTP/1.1
Host: insight.adsrvr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4721227.fls.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 29 Sep 2022 15:14:42 GMT
content-type: image/gif
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
set-cookie: TDID=b40a946d-a73d-4014-8784-8ad241e6df03; domain=.adsrvr.org; expires=Fri, 29-Sep-2023 15:14:42 GMT; path=/; secure; SameSite=None
TDCPM=CAEYBTgBQgQiAggB; domain=.adsrvr.org; expires=Fri, 29-Sep-2023 15:14:42 GMT; path=/; secure; SameSite=None
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/vv.gif
163.44.198.59404 Not Found 0 B URL HTTP/1.1 cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/vv.gif
IP 163.44.198.59:0
ASN #135161 GMO-Z com NetDesign Holdings Co., Ltd.
GET /~cp785288/hlep/Login/vv.gif HTTP/1.1
Host: cpanel10wh.bkk1.cloud.z.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/~cp785288/hlep/Login/billing.php?verify_account=session=NL&c2cbd3ea32c239d30ddbeb3e2b5eb784&dispatch=462b6d425aec3417e68d33c2c3465bf53648646b
Cookie: PHPSESSID=0kaanng2dq2ei3a4pu6dr7jsu4
HTTP/1.1 404 Not Found
Date: Thu, 29 Sep 2022 15:14:44 GMT
Server: Apache
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
connect.facebook.net/signals/config/1483047915331997?v=2.8.12&r=stable
31.13.72.12200 OK 0 B URL HTTP/2 connect.facebook.net/signals/config/1483047915331997?v=2.8.12&r=stable
IP 31.13.72.12:0
GET /signals/config/1483047915331997?v=2.8.12&r=stable HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://cpanel10wh.bkk1.cloud.z.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: FKiN5kRQT8eTAW9Yt0J3+khR5FhiaMraXWvKImoy2/24lYQYcjmCv9QZdTAitkF6H0CIZaWd+NuupDi0X5SPxQ==
x-fb-trip-id: 1904183273
date: Thu, 29 Sep 2022 15:14:45 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2