ww25.binanceairddrop.us/
37.48.65.148200 OK 484 B IP 37.48.65.148:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (484), with no line terminators
Hash 0fd11098fda1721d246e1aafdbe82688
b53e9c2203e7ad533def56bb8d28acdda07db39c
dcc397f434c613e84837273682b66b74284f391661057a24ff827aecc3fa883e
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: ww25.binanceairddrop.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 484
content-type: text/html; charset=utf-8
date: Sat, 11 Mar 2023 23:30:32 GMT
server: nginx
set-cookie: sid=b7c5a8de-c064-11ed-8e27-8860a345ec62; path=/; domain=.binanceairddrop.us; expires=Fri, 30 Mar 2091 02:44:40 GMT; max-age=2147483647; HttpOnly
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9ce33c47154f4826255fe9bbe54d72be
e10a363c007a6d15ed43eb35b4e5c246d85c5eed
cf423db1a8ad1dce1b5c25f6025d14411b4a46e95a6001288949f046e244bc24
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CF423DB1A8AD1DCE1B5C25F6025D14411B4A46E95A6001288949F046E244BC24"
Last-Modified: Fri, 10 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3713
Expires: Sun, 12 Mar 2023 00:32:26 GMT
Date: Sat, 11 Mar 2023 23:30:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 99824e6e553dd5649b1d199589a6dab2
00b2c24f6ef22620045c3b2ef7a63ea9ac8cc0a2
3a4695284040436fd256023da7d39bab8b16f8a2d4f7105c0f995f610dcab2d2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3A4695284040436FD256023DA7D39BAB8B16F8A2D4F7105C0F995F610DCAB2D2"
Last-Modified: Thu, 09 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4708
Expires: Sun, 12 Mar 2023 00:49:01 GMT
Date: Sat, 11 Mar 2023 23:30:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1a564ae484daef6a82bb08116ad794eb
f75350abf28a42c16324901035889a1f3af700a1
225214187df3f50835a8aafcc4555fe47cf0b78938b71d34fb422942292b153b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "225214187DF3F50835A8AAFCC4555FE47CF0B78938B71D34FB422942292B153B"
Last-Modified: Fri, 10 Mar 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7222
Expires: Sun, 12 Mar 2023 01:30:55 GMT
Date: Sat, 11 Mar 2023 23:30:33 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bc86ef2a0cee04915bc360f5821adc8f
3658f9028cce204d38f7f48fcfaa2a8e4f54383a
aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 11 Mar 2023 23:13:54 GMT
content-type: application/json
age: 999
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: VejX4h0iGcVOO8UQSeym3bOdHgxTJLlFgvDFnwid2A1jrxOjh7Aac6ANXGSBCG0bBWKQGPje9+c=
x-amz-request-id: AHT0GP0YDRVD5FX8
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 11 Mar 2023 23:19:28 GMT
age: 665
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 11 Mar 2023 23:30:33 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ww25.binanceairddrop.us/favicon.ico
37.48.65.148404 Not Found 9 B URL HTTP/1.1 ww25.binanceairddrop.us/favicon.ico
IP 37.48.65.148:0
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9
GET /favicon.ico HTTP/1.1
Host: ww25.binanceairddrop.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww25.binanceairddrop.us/
Cookie: sid=b7c5a8de-c064-11ed-8e27-8860a345ec62
HTTP/1.1 404 Not Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Sat, 11 Mar 2023 23:30:33 GMT
server: nginx
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, ETag, Backoff, Expires, Alert, Pragma, Cache-Control, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 11 Mar 2023 23:06:46 GMT
age: 1427
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d960a8d21b339ab0d7987e3b1eb16fdc
08d4430c549151295ee4e1dc8f24dbd3d9456b0b
522b75aa714f87a716a9a693a7c3ed1cab6e5b1725f20a67df46dec2967b5960
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "522B75AA714F87A716A9A693A7C3ED1CAB6E5B1725F20A67DF46DEC2967B5960"
Last-Modified: Thu, 09 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14088
Expires: Sun, 12 Mar 2023 03:25:22 GMT
Date: Sat, 11 Mar 2023 23:30:34 GMT
Connection: keep-alive
push.services.mozilla.com/
52.42.219.176101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.42.219.176:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: GPNPbF/baG2cwS6Nv+lBDg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: tWCg79GsVEA0aUdD0/IEEvDASPU=
ww25.binanceairddrop.us/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3ODU4NDYzMywiaWF0IjoxNjc4NTc3NDMzLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydDVvMmkxYmIwc2E5NzAwZjgwdWVvbzQiLCJuYmYiOjE2Nzg1Nzc0MzMsInRzIjoxNjc4NTc3NDMzMDkwMzgxfQ.5Fck-nX3WXnYYmcsap-ucZh_6jNh6LZU3UmdiLU7LQc&sid=b7c5a8de-c064-11ed-8e27-8860a345ec62
37.48.65.148302 Found 11 B URL HTTP/1.1 ww25.binanceairddrop.us/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3ODU4NDYzMywiaWF0IjoxNjc4NTc3NDMzLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydDVvMmkxYmIwc2E5NzAwZjgwdWVvbzQiLCJuYmYiOjE2Nzg1Nzc0MzMsInRzIjoxNjc4NTc3NDMzMDkwMzgxfQ.5Fck-nX3WXnYYmcsap-ucZh_6jNh6LZU3UmdiLU7LQc&sid=b7c5a8de-c064-11ed-8e27-8860a345ec62
IP 37.48.65.148:0
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET /?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3ODU4NDYzMywiaWF0IjoxNjc4NTc3NDMzLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydDVvMmkxYmIwc2E5NzAwZjgwdWVvbzQiLCJuYmYiOjE2Nzg1Nzc0MzMsInRzIjoxNjc4NTc3NDMzMDkwMzgxfQ.5Fck-nX3WXnYYmcsap-ucZh_6jNh6LZU3UmdiLU7LQc&sid=b7c5a8de-c064-11ed-8e27-8860a345ec62 HTTP/1.1
Host: ww25.binanceairddrop.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww25.binanceairddrop.us/
Cookie: sid=b7c5a8de-c064-11ed-8e27-8860a345ec62
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Sat, 11 Mar 2023 23:30:34 GMT
location: http://ww1.binanceairddrop.us
server: nginx
set-cookie: sid=b7c5a8de-c064-11ed-8e27-8860a345ec62; path=/; domain=.binanceairddrop.us; expires=Fri, 30 Mar 2091 02:44:41 GMT; max-age=2147483647; HttpOnly
ww1.binanceairddrop.us/
199.59.243.223200 OK 694 B IP 199.59.243.223:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (931), with no line terminators
Hash 4d529eb0229e5d9c27d02721e55b2315
87507b45bf649b7c798328b890be94e9c9949c29
67d5fa7ca5bf4d2da998d654674825dd45e5f7c740f20f1074457280f1a46a77
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: ww1.binanceairddrop.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww25.binanceairddrop.us/
Connection: keep-alive
Cookie: sid=b7c5a8de-c064-11ed-8e27-8860a345ec62
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: openresty
Date: Sat, 11 Mar 2023 23:30:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: parking_session=ad9fac89-136e-d5d2-7ff6-eaa85735c304; expires=Sat, 11-Mar-2023 23:45:34 GMT; Max-Age=900; path=/; HttpOnly
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_M3TM5hd7CVUHH4RbvMoWl2YTFro6x44aZntI4MPe2cUYp5MFZfnOLLLnTgxeQ5xtEIS22gXlit7OBxtPnLmqRg==
Accept-CH: sec-ch-prefers-color-scheme
Critical-CH: sec-ch-prefers-color-scheme
Vary: sec-ch-prefers-color-scheme
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
ww1.binanceairddrop.us/js/parking.2.103.3.js
199.59.243.223200 OK 22 kB URL HTTP/1.1 ww1.binanceairddrop.us/js/parking.2.103.3.js
IP 199.59.243.223:0
File type HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash ad6bf0359f892d1b7f90fd74145ba324
b3d8dc78be92e692e6885735c69f1db59fb5614e
6c0fa7c727891e974d4a7c8459e7c538745bc4fb600d1023a1bec8a217102249
Analyzer Verdict Alert fortinet Phishing
GET /js/parking.2.103.3.js HTTP/1.1
Host: ww1.binanceairddrop.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.binanceairddrop.us/
Cookie: sid=b7c5a8de-c064-11ed-8e27-8860a345ec62; parking_session=ad9fac89-136e-d5d2-7ff6-eaa85735c304
HTTP/1.1 200 OK
Server: openresty
Date: Sat, 11 Mar 2023 23:30:34 GMT
Content-Type: application/javascript; charset=utf-8
Last-Modified: Wed, 08 Mar 2023 15:55:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
ww1.binanceairddrop.us/_fd
199.59.243.223200 OK 2.6 kB URL HTTP/1.1 ww1.binanceairddrop.us/_fd
IP 199.59.243.223:0
File type ASCII text, with very long lines (4853), with no line terminators
Hash 41aa0bff33d9fa90d66c956376452162
8751cd23947b82f4300d0364760f8865fc5b7b6d
5205ee9991e41e47dbc08076892caebdea43b2c816d8dd949d14af8ef3108bbf
Analyzer Verdict Alert fortinet Phishing
POST /_fd HTTP/1.1
Host: ww1.binanceairddrop.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww1.binanceairddrop.us/
Content-Type: application/json
Origin: http://ww1.binanceairddrop.us
Connection: keep-alive
Cookie: sid=b7c5a8de-c064-11ed-8e27-8860a345ec62; parking_session=ad9fac89-136e-d5d2-7ff6-eaa85735c304
Content-Length: 0
HTTP/1.1 200 OK
Server: openresty
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sat, 11 Mar 2023 23:30:35 GMT
X-Version: 2.103.3
Set-Cookie: parking_session=ad9fac89-136e-d5d2-7ff6-eaa85735c304; expires=Sat, 11-Mar-2023 23:45:35 GMT; Max-Age=900; path=/; httponly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
ww1.binanceairddrop.us/px.gif?ch=1&rn=6.357223222647137
199.59.243.223200 OK 42 B URL HTTP/1.1 ww1.binanceairddrop.us/px.gif?ch=1&rn=6.357223222647137
IP 199.59.243.223:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /px.gif?ch=1&rn=6.357223222647137 HTTP/1.1
Host: ww1.binanceairddrop.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.binanceairddrop.us/
Cookie: sid=b7c5a8de-c064-11ed-8e27-8860a345ec62; parking_session=ad9fac89-136e-d5d2-7ff6-eaa85735c304
HTTP/1.1 200 OK
Server: openresty
Date: Sat, 11 Mar 2023 23:30:35 GMT
Content-Type: image/gif
Content-Length: 42
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Accept-Ranges: bytes
ww1.binanceairddrop.us/px.gif?ch=2&rn=6.357223222647137
199.59.243.223200 OK 42 B URL HTTP/1.1 ww1.binanceairddrop.us/px.gif?ch=2&rn=6.357223222647137
IP 199.59.243.223:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /px.gif?ch=2&rn=6.357223222647137 HTTP/1.1
Host: ww1.binanceairddrop.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.binanceairddrop.us/
Cookie: sid=b7c5a8de-c064-11ed-8e27-8860a345ec62; parking_session=ad9fac89-136e-d5d2-7ff6-eaa85735c304
HTTP/1.1 200 OK
Server: openresty
Date: Sat, 11 Mar 2023 23:30:35 GMT
Content-Type: image/gif
Content-Length: 42
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 5252b94db30dbb3d1ed4d623a82796ba
8aa9abb5061cba18d1287372ff89188b605baeab
8805ee0008dcd8d53965d9cdf481ad34d739685ea2284e3d1739be1062662ef3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 11 Mar 2023 23:30:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ww1.binanceairddrop.us/favicon.ico
199.59.243.223200 OK 0 B URL HTTP/1.1 ww1.binanceairddrop.us/favicon.ico
IP 199.59.243.223:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: ww1.binanceairddrop.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww1.binanceairddrop.us/
Cookie: sid=b7c5a8de-c064-11ed-8e27-8860a345ec62; parking_session=ad9fac89-136e-d5d2-7ff6-eaa85735c304
HTTP/1.1 200 OK
Server: openresty
Date: Sat, 11 Mar 2023 23:30:35 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Wed, 15 Sep 2021 19:38:30 GMT
Connection: keep-alive
ETag: "61424bb6-0"
x-backend-server: ip-10-201-16-158.ec2.internal
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash ec6311aff40cad7ab34f00d36611b030
cf544610c8266b570673ea252aafe9339f145707
155dc155e18b34ee37d7c61224e421db376a38ac40e6fbf6c2939d8747a01c9b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 11 Mar 2023 23:30:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 3cc6bb5386113ad77c87eee7ec9bfb23
eff45385e978207c25a2fef04ef2cdf412fd7167
455dbcbbb3049a04bed4eed22a106cda507192ad8c704ba833b300c473affc71
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 11 Mar 2023 23:30:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
partner.googleadservices.com/gampad/cookie.js?domain=ww1.binanceairddrop.us&client=dp-bodis30_3ph&product=SAS&callback=__sasCookie
142.250.74.34200 OK 246 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=ww1.binanceairddrop.us&client=dp-bodis30_3ph&product=SAS&callback=__sasCookie
IP 142.250.74.34:0
File type ASCII text, with very long lines (376), with no line terminators
Hash e596cde740726bf0a256657e55f6c1fc
be6b48d3cfebbcaf9b80106faa225f733525b758
fed9f848669a46afc7ea52ca45112db597e6edf7482fcafb6f4171a0fe6d318a
GET /gampad/cookie.js?domain=ww1.binanceairddrop.us&client=dp-bodis30_3ph&product=SAS&callback=__sasCookie HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww1.binanceairddrop.us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 11 Mar 2023 23:30:35 GMT
server: cafe
cache-control: private
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2573307db8caef0a070ba3ebd4f61e2e
28e8cb63280e9b5e4184017cb22aa5f197007450
87e4699d8ded9c722f137c21826dfe419beb8675f226b91081342c90838cb818
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87E4699D8DED9C722F137C21826DFE419BEB8675F226B91081342C90838CB818"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21315
Expires: Sun, 12 Mar 2023 05:25:50 GMT
Date: Sat, 11 Mar 2023 23:30:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2573307db8caef0a070ba3ebd4f61e2e
28e8cb63280e9b5e4184017cb22aa5f197007450
87e4699d8ded9c722f137c21826dfe419beb8675f226b91081342c90838cb818
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87E4699D8DED9C722F137C21826DFE419BEB8675F226B91081342C90838CB818"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21315
Expires: Sun, 12 Mar 2023 05:25:50 GMT
Date: Sat, 11 Mar 2023 23:30:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2573307db8caef0a070ba3ebd4f61e2e
28e8cb63280e9b5e4184017cb22aa5f197007450
87e4699d8ded9c722f137c21826dfe419beb8675f226b91081342c90838cb818
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87E4699D8DED9C722F137C21826DFE419BEB8675F226B91081342C90838CB818"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21315
Expires: Sun, 12 Mar 2023 05:25:50 GMT
Date: Sat, 11 Mar 2023 23:30:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2573307db8caef0a070ba3ebd4f61e2e
28e8cb63280e9b5e4184017cb22aa5f197007450
87e4699d8ded9c722f137c21826dfe419beb8675f226b91081342c90838cb818
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87E4699D8DED9C722F137C21826DFE419BEB8675F226B91081342C90838CB818"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21315
Expires: Sun, 12 Mar 2023 05:25:50 GMT
Date: Sat, 11 Mar 2023 23:30:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2573307db8caef0a070ba3ebd4f61e2e
28e8cb63280e9b5e4184017cb22aa5f197007450
87e4699d8ded9c722f137c21826dfe419beb8675f226b91081342c90838cb818
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87E4699D8DED9C722F137C21826DFE419BEB8675F226B91081342C90838CB818"
Last-Modified: Sat, 11 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21315
Expires: Sun, 12 Mar 2023 05:25:50 GMT
Date: Sat, 11 Mar 2023 23:30:35 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13023a0e-6076-492b-85f7-561f44c10dbc.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13023a0e-6076-492b-85f7-561f44c10dbc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash eec0a8ace7d436f1b1274597ce85d1e5
b77e1a9598e9623fa633adc18cf1109420f93f85
aae51362b60519c7193c4c8b71215147d382e337ac257ce1aed362b05f840db9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13023a0e-6076-492b-85f7-561f44c10dbc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8229
x-amzn-requestid: d45ea140-a43e-4c2d-8aea-0f15df3f2385
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BoszIHh_IAMF-qg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640cf4e0-714cd100321abf0f2b27939d;Sampled=0
x-amzn-remapped-date: Sat, 11 Mar 2023 21:38:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: MWzxECUzh6ZVuXfHr8wzJEcfxJbVgK8sM_wYPGALRCwbCW-h4HpK_Q==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 de2dd11312f7d5ad3bcd0cb112c7fd0e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 11 Mar 2023 21:57:00 GMT
age: 5615
etag: "b77e1a9598e9623fa633adc18cf1109420f93f85"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.google.com/adsense/domains/caf.js
216.58.211.4200 OK 56 kB URL HTTP/2 www.google.com/adsense/domains/caf.js
IP 216.58.211.4:0
Hash 1689b880f7dfa0359adbaaa8e58e7482
e7c7d79da0ac7bfa7b89793919d0051091a03e1e
85010c27d4e0ffb69bcabc69cb34eb4fc96e7ee57b10bf6ca0dab4fda2a236ce
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww1.binanceairddrop.us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Sat, 11 Mar 2023 23:30:35 GMT
expires: Sat, 11 Mar 2023 23:30:35 GMT
cache-control: private, max-age=3600
etag: "18099727730304129435"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4bb5622b-64bb-44a9-ae57-cd90f8333c17.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4bb5622b-64bb-44a9-ae57-cd90f8333c17.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 215253944e7c16879f238738b0fbf474
4846fb7dd877767c913aa2f1a02df39dc7a53da0
e1cfdf434170527599c62e41e745d05c4a1a3359bf59ff7ea6b7ac4630fa0b44
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4bb5622b-64bb-44a9-ae57-cd90f8333c17.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6782
x-amzn-requestid: f174b4ff-b25f-4280-8ade-b081e71a7269
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BotvIHO9oAMF1xA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640cf660-3b09471827484d894f9e73cf;Sampled=0
x-amzn-remapped-date: Sat, 11 Mar 2023 21:45:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: EpLtRgVZS5sXGraZvaFcS5uDvRgWKlMw28MECwlY3va2plYTVUTErg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 85ee490c179dc0af42b771f11421073e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 11 Mar 2023 22:01:10 GMT
age: 5365
etag: "4846fb7dd877767c913aa2f1a02df39dc7a53da0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0217c8c-9f5f-43b3-9d27-0f8eaac36f26.webp
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0217c8c-9f5f-43b3-9d27-0f8eaac36f26.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 26033b42139d27c847cf9881a17e0332
b196fbef36c2a5242abfc5d7115f1efd39499453
028dd1c86eaab6b991ad3dcb7fda21cdcfe8f9b22155c6bcb9363fbe379096ec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa0217c8c-9f5f-43b3-9d27-0f8eaac36f26.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4512
x-amzn-requestid: e9ba0dc3-3e1a-4ff5-8d0d-57386ced2fb1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BotIeGZ-IAMFmBQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640cf569-1a45fa73148fb01f3822ee29;Sampled=0
x-amzn-remapped-date: Sat, 11 Mar 2023 21:40:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: wkfdSY68kDN6OsZ-rUHVYuqwBOHFh2lupX6GUYdmi25d3Ae2CEl6vw==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 d15b6a95f7c8298444f59a99d8027cec.cloudfront.net (CloudFront), 1.1 google
date: Sat, 11 Mar 2023 21:40:57 GMT
age: 6578
etag: "b196fbef36c2a5242abfc5d7115f1efd39499453"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8e665056-b1ff-4dc7-b901-397a9f3f3389.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8e665056-b1ff-4dc7-b901-397a9f3f3389.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 84547d233db9291b8e2fb5eee1b92683
bb18380c07584b011b8d642d4e4401e0aeb4fae6
aba1c323ca556072319069c496a51e77cb4e85927947ed336e509326fcd961cd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8e665056-b1ff-4dc7-b901-397a9f3f3389.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6948
x-amzn-requestid: 79dd07a8-a13e-42bd-b26a-7a58a26fc119
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BjaHhGYDoAMFVAA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640ad6fc-3fc73b5f476846b768e1e36e;Sampled=0
x-amzn-remapped-date: Fri, 10 Mar 2023 07:06:36 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: w4fVNSvR-8Jwh7aS_Kpp1Ro9rfsiIIjTlIZAig4PYfA8r8G5SdOFnQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 6bdc2963c9ed59b475ec36c35e5932a4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 11 Mar 2023 07:25:16 GMT
age: 57919
etag: "bb18380c07584b011b8d642d4e4401e0aeb4fae6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfe3b026-408f-4d8a-8fbd-5c6ae59ab237.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfe3b026-408f-4d8a-8fbd-5c6ae59ab237.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ebf97627ec9fd083bf5c22de39a524b5
35866e5d26ee25485d090011a1d50ec603d6761b
0b518329364fb793881cb0ff5ef464ecc4cd90c3694dcb7cfef40d0958446a14
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfe3b026-408f-4d8a-8fbd-5c6ae59ab237.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5381
x-amzn-requestid: 6507e3ee-6ce1-46d3-89d7-409b6d7000f2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BosvnHK_IAMFdkQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640cf4ca-3d2fb61641f8b1212fc60c8c;Sampled=0
x-amzn-remapped-date: Sat, 11 Mar 2023 21:38:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: NkNRsBnupSmAJQk4lWdlmuZBFtNai49WoU6vDJCj1pkH2MJ-Qx0hjQ==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 6bdc2963c9ed59b475ec36c35e5932a4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 11 Mar 2023 21:40:56 GMT
age: 6579
etag: "35866e5d26ee25485d090011a1d50ec603d6761b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash be71491cee9b47dc3ffb23b4fdff25b3
79c7d22c8df6d305f46c5779ccb9f25169d4d111
e785896e5840fb901ddd0118bef3ccad6b59a96d8eef0e8ccd9c95a3c261ba45
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F87df4bcd-c6cd-4a0c-a9f5-dffb7f36d2e4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8487
x-amzn-requestid: 92381f1a-0140-47e9-a971-594a7de36c3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BkEcBGizoAMFgOA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640b1ab3-1a54b65a5d7083e62dcb85ab;Sampled=0
x-amzn-remapped-date: Fri, 10 Mar 2023 11:55:31 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: Nn4eV-UeuWZ02ANOxzTUSgE4UODtaZxeIjp8UJfU8PgUny2shFaDjQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 74ab105148338444981d1b2277ffd9c4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 11 Mar 2023 21:42:25 GMT
age: 6490
etag: "79c7d22c8df6d305f46c5779ccb9f25169d4d111"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 3cc6bb5386113ad77c87eee7ec9bfb23
eff45385e978207c25a2fef04ef2cdf412fd7167
455dbcbbb3049a04bed4eed22a106cda507192ad8c704ba833b300c473affc71
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 11 Mar 2023 23:30:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3c5612c5131d59819b60bcd3123fbe1e
86f82bfa3a20987ac256d2efd06dc95c0df285e8
00fc14cc05fb85329d10ee97f1c959244f274c67d56a37f4eb8006acd0e867bf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 11 Mar 2023 23:30:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3c5612c5131d59819b60bcd3123fbe1e
86f82bfa3a20987ac256d2efd06dc95c0df285e8
00fc14cc05fb85329d10ee97f1c959244f274c67d56a37f4eb8006acd0e867bf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 11 Mar 2023 23:30:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 4a9b39972b71943cb095149b5cc3144c
3472b7124648cd6d8bf14d04ea0054840671bd4e
a16f0dc0ecfd501b921fab26d10a6218ec7e4b92a455a5170e39dca2d4b9e9e2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 11 Mar 2023 23:30:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c11248ad196c57fdf878000b4591a416
f86236c890bcceaf313e5021bf8ef6669688ea77
550e8187d0a76ef1d3127e200c20ab609ee72a44bc05c040bf178f4c8ec5eebc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 11 Mar 2023 23:30:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff
142.250.74.97200 OK 278 B URL HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff
IP 142.250.74.97:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (306)
Hash bb7fc36f627255dd4783f849dca0932e
80e89ef8f3c2c8ee982523757fce214ea7323a69
735f48c2876099e6a731c65fc46ec1ec133c316e0997d04eb0ee246741bee647
GET /ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 278
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Sat, 11 Mar 2023 04:11:52 GMT
expires: Sun, 12 Mar 2023 03:11:52 GMT
cache-control: public, max-age=82800
last-modified: Tue, 09 Feb 2021 14:15:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding
age: 69523
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 4a9b39972b71943cb095149b5cc3144c
3472b7124648cd6d8bf14d04ea0054840671bd4e
a16f0dc0ecfd501b921fab26d10a6218ec7e4b92a455a5170e39dca2d4b9e9e2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 11 Mar 2023 23:30:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/michroma/v16/PN_zRfy9qWD8fEagAPg9pTk.woff2
216.58.207.227200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/michroma/v16/PN_zRfy9qWD8fEagAPg9pTk.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 17156, version 1.0\012- data
Hash 402cbe860d64ae2e13145e34cbc7889c
7af4691dc306b7583365b9ff2ead0c1f6db017c5
da748253b458c5fc9c9a5e3c108b1cda280f52df4008702b9cea695ec23332aa
GET /s/michroma/v16/PN_zRfy9qWD8fEagAPg9pTk.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17156
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 Mar 2023 18:08:28 GMT
expires: Fri, 08 Mar 2024 18:08:28 GMT
cache-control: public, max-age=31536000
age: 192127
last-modified: Tue, 26 Apr 2022 14:38:29 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Michroma&display=swap
142.250.74.74200 OK 552 B URL HTTP/2 fonts.googleapis.com/css?family=Michroma&display=swap
IP 142.250.74.74:0
File type ASCII text, with very long lines (390)
Hash 3ae821533645aa6e503e21990703c050
7f98fde15e93e75afad6c3b8738e9d6ae7e53e46
2cad3d8109f565218b15713f3c3992b8301f949fc73dd8b28b8bb2a41887350f
GET /css?family=Michroma&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 11 Mar 2023 23:30:35 GMT
date: Sat, 11 Mar 2023 23:30:35 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 4a9b39972b71943cb095149b5cc3144c
3472b7124648cd6d8bf14d04ea0054840671bd4e
a16f0dc0ecfd501b921fab26d10a6218ec7e4b92a455a5170e39dca2d4b9e9e2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 11 Mar 2023 23:30:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c11248ad196c57fdf878000b4591a416
f86236c890bcceaf313e5021bf8ef6669688ea77
550e8187d0a76ef1d3127e200c20ab609ee72a44bc05c040bf178f4c8ec5eebc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 11 Mar 2023 23:30:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/quicksand/v30/6xK-dSZaM9iE8KbpRA_LJ3z8mH9BOJvgkP8o58a-wg.woff2
216.58.207.227200 OK 14 kB URL HTTP/2 fonts.gstatic.com/s/quicksand/v30/6xK-dSZaM9iE8KbpRA_LJ3z8mH9BOJvgkP8o58a-wg.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 13888, version 1.0\012- data
Hash 099548fac114f5f6498c5c75b943581d
7505fcaf9f4fe36634352b322a9f5fed1256a9f6
e36165510050fc4ef1d87cc430dd4d1d0f6a705c5f4aa7b3a97493921884bb05
GET /s/quicksand/v30/6xK-dSZaM9iE8KbpRA_LJ3z8mH9BOJvgkP8o58a-wg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ww1.binanceairddrop.us
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13888
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 09 Mar 2023 18:06:05 GMT
expires: Fri, 08 Mar 2024 18:06:05 GMT
cache-control: public, max-age=31536000
age: 192270
last-modified: Mon, 18 Jul 2022 19:12:09 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ww1.binanceairddrop.us/_tr
199.59.243.223200 OK 22 B URL HTTP/1.1 ww1.binanceairddrop.us/_tr
IP 199.59.243.223:0
File type ASCII text, with no line terminators
Hash 5cfde9b47de2d84bd26fc473632647c0
fd53c70631b6068328be57daec71bd94bf004d41
47fd05ef74fef5da03fa22483e63fc977cad8e026ae41dadbbcc3745907f306b
Analyzer Verdict Alert fortinet Phishing
POST /_tr HTTP/1.1
Host: ww1.binanceairddrop.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww1.binanceairddrop.us/
Content-Type: application/json
Origin: http://ww1.binanceairddrop.us
Content-Length: 1665
Connection: keep-alive
Cookie: sid=b7c5a8de-c064-11ed-8e27-8860a345ec62; parking_session=ad9fac89-136e-d5d2-7ff6-eaa85735c304; __gsas=ID=406c8a46844d457f:T=1678577435:S=ALNI_MaI7yRK2PA7jORARP_RdaG3qJIeQg
HTTP/1.1 200 OK
Server: openresty
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sat, 11 Mar 2023 23:30:35 GMT
X-Version: 2.103.3
Set-Cookie: parking_session=ad9fac89-136e-d5d2-7ff6-eaa85735c304; expires=Sat, 11-Mar-2023 23:45:35 GMT; Max-Age=900; path=/; httponly
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip