Report - s1-filecr.xyz/02b823794110a399?download_token=57c9abe70aeecfde521bab21acfe12822f8bf47d0b3c68fb2663661dd67238ae

Report Overview

Submitted URL
s1-filecr.xyz/02b823794110a399?download_token=57c9abe70aeecfde521bab21acfe12822f8bf47d0b3c68fb2663661dd67238ae
IP
51.195.6.135
ASN
#16276 OVH SAS
Submitted
2022-09-14 06:48:00
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
26

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
s1-filecr.xyz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	14 kB	763 kB	51.195.6.135
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.3 kB	6.2 kB	23.33.119.27
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.35
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	998 B	65 kB	142.250.74.163
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.27
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.3 kB	4.9 kB	142.250.74.3
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	44.237.51.86
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	73 kB	34.120.237.76
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	811 B	1.5 kB	142.250.74.10

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-14	medium	s1-filecr.xyz/02b823794110a399?download_token=57c9abe70aeecfde521bab21acfe12822f8bf47d0b3c68fb2663661dd67238ae	Malware
2022-09-14	medium	s1-filecr.xyz/themes/spirit/assets/frontend/js/flickity.min.js	Malware
2022-09-14	medium	s1-filecr.xyz/themes/spirit/assets/frontend/js/typed.min.js	Malware
2022-09-14	medium	s1-filecr.xyz/themes/spirit/assets/frontend/js/datepicker.js	Malware
2022-09-14	medium	s1-filecr.xyz/themes/spirit/assets/frontend/js/granim.min.js	Malware
2022-09-14	medium	s1-filecr.xyz/themes/spirit/assets/frontend/js/jquery.steps.min.js	Malware
2022-09-14	medium	s1-filecr.xyz/themes/spirit/assets/frontend/js/countdown.min.js	Malware
2022-09-14	medium	s1-filecr.xyz/themes/spirit/assets/frontend/js/smooth-scroll.min.js	Malware
2022-09-14	medium	s1-filecr.xyz/themes/spirit/assets/frontend/js/jquery-3.1.1.min.js	Malware
2022-09-14	medium	s1-filecr.xyz/themes/spirit/assets/frontend/js/jquery.dataTables.min.js	Malware
2022-09-14	medium	s1-filecr.xyz/themes/spirit/assets/frontend/js/scripts.js	Malware
2022-09-14	medium	s1-filecr.xyz/error?e=File+can+not+be+located%2C+please+try+again+later.	Malware
2022-09-14	medium	s1-filecr.xyz/02b823794110a399?download_token=57c9abe70aeecfde521bab21acfe12822f8bf47d0b3c68fb2663661dd67238ae	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (10)

	URL	Size	First Seen	Last Seen
	s1-filecr.xyz/themes/spirit/assets/frontend/js/scripts.js	112 kB	2023-03-07	2024-04-17
Pretty URL s1-filecr.xyz/themes/spirit/assets/frontend/js/scripts.js IP 51.195.6.135 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:47:38 Last Seen2024-04-17 06:01:37 Times Seen4373 Hash ccd6c308b2b8e36ae154d7bacea4240d f7d2f7195150771246dd599dbb4ff3bc2f0f2179 fc2a8bf60f1e7577697c0b457c01aeeecfd2b18ea68c93e2d374bf6d95fbe7a0 Loading...

	s1-filecr.xyz/error?e=File+can+not+be+located%2C+please+try+again+later.	292 B	2023-03-07	2024-04-19
Pretty URL s1-filecr.xyz/error?e=File+can+not+be+located%2C+please+try+again+later. IP 51.195.6.135 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:01 Last Seen2024-04-19 11:03:11 Times Seen2525 Hash f6038f840321581380bcf8e68fbec2ed 9c64ca84baabd04b9994597b90882d8ec7158ba2 fc7d223cc022e6a00869dea89642667579b0ca033afb07bb0070c7b7a0fd23c3 Loading...

	s1-filecr.xyz/themes/spirit/assets/frontend/js/jquery.steps.min.js	14 kB	2023-03-07	2024-04-17
Pretty URL s1-filecr.xyz/themes/spirit/assets/frontend/js/jquery.steps.min.js IP 51.195.6.135 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:35:25 Last Seen2024-04-17 06:01:37 Times Seen4529 Hash 4c5e9f4e84d32b7df69af7420b355e03 14e1e287ec98e8cc0a992ee996783b0c42f9ec0f c9459a9e11e4c63fb7a30d2a644e80b733fc9599302ef3da8142cbe8f9d9333d Loading...

	s1-filecr.xyz/themes/spirit/assets/frontend/js/countdown.min.js	5.3 kB	2023-03-07	2024-04-19
Pretty URL s1-filecr.xyz/themes/spirit/assets/frontend/js/countdown.min.js IP 51.195.6.135 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-19 15:43:39 Times Seen7480 Hash 5d3ff3c3fbaa67cc639501f44eeb07be bd66e4cd58de09c198e7abc77fa4c883955d189e 2249399b2268c260d0698542503d16afebc80e437c846239f12196744ebbd40f Loading...

	s1-filecr.xyz/themes/spirit/assets/frontend/js/smooth-scroll.min.js	6.0 kB	2023-03-07	2024-04-17
Pretty URL s1-filecr.xyz/themes/spirit/assets/frontend/js/smooth-scroll.min.js IP 51.195.6.135 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:35:25 Last Seen2024-04-17 06:01:37 Times Seen4083 Hash b67e171349c4716dd7bb15c018a2c8c1 60b204148c0eed83b06043897d1cbd54709eab66 8daef829c397c41e42a1f9faffc25aa4834334e5305805419933a1b44b6c1e30 Loading...

	s1-filecr.xyz/themes/spirit/assets/frontend/js/jquery.dataTables.min.js	70 kB	2023-03-07	2024-04-19
Pretty URL s1-filecr.xyz/themes/spirit/assets/frontend/js/jquery.dataTables.min.js IP 51.195.6.135 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:10 Last Seen2024-04-19 22:32:12 Times Seen6416 Hash 737f853e9fd6a31d62f5028e88663c9f cf144f2ab49f53a69fbfe10d3588fc23437d2736 6c3ca64b7acfdd29b3ca6f1b9b46696369abd462d4546182085c347f72211841 Loading...

	s1-filecr.xyz/themes/spirit/assets/frontend/js/datepicker.js	21 kB	2023-03-07	2024-04-12
Pretty URL s1-filecr.xyz/themes/spirit/assets/frontend/js/datepicker.js IP 51.195.6.135 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:01 Last Seen2024-04-12 16:04:51 Times Seen4636 Hash 8cfe207a6a21c7495cfb751c761217a6 35d686a6c4ecc9946c35444ce93e110cb0e1611c 804e3c2608de23694fa71684178e2f9815115d56ee022ec770e1fcb208847acc Loading...

	s1-filecr.xyz/themes/spirit/assets/frontend/js/granim.min.js	11 kB	2023-03-07	2024-04-17
Pretty URL s1-filecr.xyz/themes/spirit/assets/frontend/js/granim.min.js IP 51.195.6.135 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:35:25 Last Seen2024-04-17 06:01:37 Times Seen4388 Hash 2c16a9a724563fc0c306abb5bdeb03fe 90c2032537714e66059a3eaa150b93f3c9c80163 997a15cf01d5118cb0106587f441c32de2074c8dc12d85cf7c7dc430e2ee342e Loading...

	s1-filecr.xyz/themes/spirit/assets/frontend/js/jquery-3.1.1.min.js	87 kB	2023-03-07	2024-04-19
Pretty URL s1-filecr.xyz/themes/spirit/assets/frontend/js/jquery-3.1.1.min.js IP 51.195.6.135 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:34 Last Seen2024-04-19 22:33:55 Times Seen263024 Hash e071abda8fe61194711cfc2ab99fe104 f647a6d37dc4ca055ced3cf64bbc1f490070acba 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf Loading...

	s1-filecr.xyz/themes/spirit/assets/frontend/js/typed.min.js	3.9 kB	2023-03-07	2024-04-19
Pretty URL s1-filecr.xyz/themes/spirit/assets/frontend/js/typed.min.js IP 51.195.6.135 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:01 Last Seen2024-04-19 11:03:11 Times Seen4605 Hash 2f6185a8a32a50b2b3e04849f44359d4 0e5501588c5c0d1c9462f34b0d56c21abff5bfef 914df93a9770d8a0e132b6ce3e8f1cfba0e0fae8f3b9002a3f0eb47c3d0cc97b Loading...

HTTP Transactions (58)

URL IP Response Size

s1-filecr.xyz/02b823794110a399?download_token=57c9abe70aeecfde521bab21acfe12822f8bf47d0b3c68fb2663661dd67238ae

51.195.6.135

301 Moved Permanently

194 B

URL HTTP/1.1
s1-filecr.xyz/02b823794110a399?download_token=57c9abe70aeecfde521bab21acfe12822f8bf47d0b3c68fb2663661dd67238ae
IP
51.195.6.135:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
194 B (194 bytes)
Hash
ec0f2d6d8da7997a10f72a2537729e59
d6b8ca36f266d92775f5b757e65b8c10c747c30a
95e1144ae5faba1d6ea1ac58b29b1e8d0399125e4dbc6a17d50d0bf5cf3bdcf8

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /02b823794110a399?download_token=57c9abe70aeecfde521bab21acfe12822f8bf47d0b3c68fb2663661dd67238ae HTTP/1.1
Host: s1-filecr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 14 Sep 2022 06:47:50 GMT
Content-Type: text/html
Content-Length: 194
Connection: keep-alive
Location: https://s1-filecr.xyz/02b823794110a399?download_token=57c9abe70aeecfde521bab21acfe12822f8bf47d0b3c68fb2663661dd67238ae

firefox.settings.services.mozilla.com/v1/

143.204.55.27

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 14 Sep 2022 06:09:27 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: bB4aLFOVAMqVFtIgk9lO-F4Su4WAcvMmI1EW4Lzei_C6GKkXyLwzQA==
Age: 2302

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
be88d3e043e3b95b52e41812e50fb634
0318ba1ce487817ea7cba61dd9413bed29213800
b5f178d23e633283f226cca7a9ae79b01e6cab2299ff7065c980d3a9953212fd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B5F178D23E633283F226CCA7A9AE79B01E6CAB2299FF7065C980D3A9953212FD"
Last-Modified: Tue, 13 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7468
Expires: Wed, 14 Sep 2022 08:52:18 GMT
Date: Wed, 14 Sep 2022 06:47:50 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.35

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 14 Sep 2022 04:35:16 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: VfmvPArSiQqG6eEdgL0uyRObpQQ7kMsBO8yjONyqGYcvdeXNFDO4xw==
age: 7955
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 14 Sep 2022 06:47:50 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
eed70f9fdf552d9c8fea5f0ebed0ffc8
a3b46997ad958dd29694ed4a9a3c3bed3826a641
45bfabb28a680121dbc26cc31b3ccba96fdee56dcaafad248aec6ee25727bc54

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "45BFABB28A680121DBC26CC31B3CCBA96FDEE56DCAAFAD248AEC6EE25727BC54"
Last-Modified: Mon, 12 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3940
Expires: Wed, 14 Sep 2022 07:53:30 GMT
Date: Wed, 14 Sep 2022 06:47:50 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
abea4dc307fd4da34aac369f4316657c
ef7be7963fa8154c83b78d6ca8518b8448f079ff
1c50a6b2765a5108f31d7a31c98c62d293440c84e8bf63f9dac685be9e3d77d5

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 06:47:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
abea4dc307fd4da34aac369f4316657c
ef7be7963fa8154c83b78d6ca8518b8448f079ff
1c50a6b2765a5108f31d7a31c98c62d293440c84e8bf63f9dac685be9e3d77d5

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 06:47:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

s1-filecr.xyz/themes/spirit/assets/frontend/css/bootstrap.min.css

51.195.6.135

200 OK

77 kB

URL HTTP/2
s1-filecr.xyz/themes/spirit/assets/frontend/css/bootstrap.min.css
IP
51.195.6.135:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (65324)
Size
77 kB (76917 bytes)
Hash
bc48830f50049b0cbbe3dd417755a347
e5cdb6545f9b4bce4eeda78f64a714e2de4d0e09
7d56baeec9679114562cdc56d3f28cb9a43263cada11b1f64809851e7a8b1419

HTTP Headers

GET /themes/spirit/assets/frontend/css/bootstrap.min.css HTTP/1.1
Host: s1-filecr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s1-filecr.xyz/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=2qn212788o32rpb49ev9rf8cg7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Wed, 14 Sep 2022 06:47:50 GMT
content-type: text/css
content-length: 76917
last-modified: Sat, 26 Sep 2020 15:46:36 GMT
etag: "5f6f625c-12c75"
accept-ranges: bytes
X-Firefox-Spdy: h2

s1-filecr.xyz/themes/spirit/assets/frontend/css/stack-interface.css

51.195.6.135

200 OK

3.1 kB

URL HTTP/2
s1-filecr.xyz/themes/spirit/assets/frontend/css/stack-interface.css
IP
51.195.6.135:0
ASN
#16276 OVH SAS

File type
Unicode text, UTF-8 text
Size
3.1 kB (3082 bytes)
Hash
6406d626f8bfc1e6815698bfecf9a2f8
a918901be3ab1b9bb4ce9980db521eb4731bb82b
f620d1bf10d3f45a7b19edd4f863090c5dd5031411918508493634c4018e81b7

HTTP Headers

GET /themes/spirit/assets/frontend/css/stack-interface.css HTTP/1.1
Host: s1-filecr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s1-filecr.xyz/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=2qn212788o32rpb49ev9rf8cg7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Wed, 14 Sep 2022 06:47:50 GMT
content-type: text/css
content-length: 3082
last-modified: Sat, 26 Sep 2020 15:46:36 GMT
etag: "5f6f625c-c0a"
accept-ranges: bytes
X-Firefox-Spdy: h2

s1-filecr.xyz/themes/spirit/assets/frontend/css/socicon.css

51.195.6.135

200 OK

9.3 kB

URL HTTP/2
s1-filecr.xyz/themes/spirit/assets/frontend/css/socicon.css
IP
51.195.6.135:0
ASN
#16276 OVH SAS

File type
ASCII text
Size
9.3 kB (9283 bytes)
Hash
b23fff7d228bbe8796ad8b3d280e3401
1a9861031bda4d3c1cb58564107d8b777982750b
17beb90ae4f385180d6b7d184dcb640ccd2a360e4ee03af0254c83b00ef87202

HTTP Headers

GET /themes/spirit/assets/frontend/css/socicon.css HTTP/1.1
Host: s1-filecr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s1-filecr.xyz/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=2qn212788o32rpb49ev9rf8cg7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Wed, 14 Sep 2022 06:47:50 GMT
content-type: text/css
content-length: 9283
last-modified: Sat, 26 Sep 2020 15:46:36 GMT
etag: "5f6f625c-2443"
accept-ranges: bytes
X-Firefox-Spdy: h2

s1-filecr.xyz/themes/spirit/assets/frontend/css/lightbox.min.css

51.195.6.135

200 OK

3.7 kB

URL HTTP/2
s1-filecr.xyz/themes/spirit/assets/frontend/css/lightbox.min.css
IP
51.195.6.135:0
ASN
#16276 OVH SAS

File type
ASCII text
Size
3.7 kB (3668 bytes)
Hash
40cab6b747df96a8a66f5c0ac4e034dd
85dd24bc614fb1ecaeb873f4e686213aa53927c3
798da60d899fcd9aa5074834d88b63c398dd72af5711ed48d7f68dde8dc8db5e

HTTP Headers

GET /themes/spirit/assets/frontend/css/lightbox.min.css HTTP/1.1
Host: s1-filecr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s1-filecr.xyz/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=2qn212788o32rpb49ev9rf8cg7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Wed, 14 Sep 2022 06:47:50 GMT
content-type: text/css
content-length: 3668
last-modified: Sat, 26 Sep 2020 15:46:36 GMT
etag: "5f6f625c-e54"
accept-ranges: bytes
X-Firefox-Spdy: h2

s1-filecr.xyz/themes/spirit/assets/frontend/css/flickity.css

51.195.6.135

200 OK

2.4 kB

URL HTTP/2
s1-filecr.xyz/themes/spirit/assets/frontend/css/flickity.css
IP
51.195.6.135:0
ASN
#16276 OVH SAS

File type
ASCII text
Size
2.4 kB (2392 bytes)
Hash
5439695b076327f53edcda86d192856b
d938327051f0bf044bc65b68721ad3193bd2ef12
1709404c1e9beb94953cc95fcc3477e7cb4213e03bfe9bbe0f8a37877c1c6e42

HTTP Headers

GET /themes/spirit/assets/frontend/css/flickity.css HTTP/1.1
Host: s1-filecr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s1-filecr.xyz/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=2qn212788o32rpb49ev9rf8cg7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Wed, 14 Sep 2022 06:47:50 GMT
content-type: text/css
content-length: 2392
last-modified: Sat, 26 Sep 2020 15:46:36 GMT
etag: "5f6f625c-958"
accept-ranges: bytes
X-Firefox-Spdy: h2

s1-filecr.xyz/themes/spirit/assets/frontend/css/jquery.steps.css

51.195.6.135

200 OK

5.6 kB

URL HTTP/2
s1-filecr.xyz/themes/spirit/assets/frontend/css/jquery.steps.css
IP
51.195.6.135:0
ASN
#16276 OVH SAS

File type
ASCII text
Size
5.6 kB (5638 bytes)
Hash
a0ed38e9ba9498867df1f62407377def
6d2278f924b80328695e8fe5213b252ae499fc77
70110803124af60b1e1dc1ea3c0408353947b4a0d7000f47873c85287de875d5

HTTP Headers

GET /themes/spirit/assets/frontend/css/jquery.steps.css HTTP/1.1
Host: s1-filecr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s1-filecr.xyz/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=2qn212788o32rpb49ev9rf8cg7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Wed, 14 Sep 2022 06:47:50 GMT
content-type: text/css
content-length: 5638
last-modified: Sat, 26 Sep 2020 15:46:36 GMT
etag: "5f6f625c-1606"
accept-ranges: bytes
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.27

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Wed, 14 Sep 2022 06:03:22 GMT
Expires: Wed, 14 Sep 2022 06:59:57 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: uLT0qljxDtR2puJa7w4wA8f87XvWi_qZ3JriI2DltvMdraBSQB0vhg==
Age: 2668

s1-filecr.xyz/themes/spirit/assets/frontend/css/font-awesome.min.css

51.195.6.135

200 OK

59 kB

URL HTTP/2
s1-filecr.xyz/themes/spirit/assets/frontend/css/font-awesome.min.css
IP
51.195.6.135:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (58929)
Size
59 kB (59115 bytes)
Hash
66e407beb68fdbb8bacd87d91ddf7829
5ed55601e30871fb757dc4b78a40a432f9a3600b
eb98a660b34391ce502005c6b8553af83defcf0832489134efb499498051d1d9

HTTP Headers

GET /themes/spirit/assets/frontend/css/font-awesome.min.css HTTP/1.1
Host: s1-filecr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s1-filecr.xyz/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=2qn212788o32rpb49ev9rf8cg7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Wed, 14 Sep 2022 06:47:50 GMT
content-type: text/css
content-length: 59115
last-modified: Sat, 26 Sep 2020 15:46:36 GMT
etag: "5f6f625c-e6eb"
accept-ranges: bytes
X-Firefox-Spdy: h2

s1-filecr.xyz/themes/spirit/assets/frontend/css/custom.css

51.195.6.135

200 OK

7.7 kB

URL HTTP/2
s1-filecr.xyz/themes/spirit/assets/frontend/css/custom.css
IP
51.195.6.135:0
ASN
#16276 OVH SAS

File type
assembler source, ASCII text, with CRLF line terminators
Size
7.7 kB (7688 bytes)
Hash
38f44a7729b532fd9f94dcc4e1547101
484dda581fb85abfccc7873496061bcb352ecd22
4c7ecb7df5a5d283345eec84b2a9d4f5f55299fa65a0ab1ccc6e2bd92422b8af

HTTP Headers

GET /themes/spirit/assets/frontend/css/custom.css HTTP/1.1
Host: s1-filecr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s1-filecr.xyz/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=2qn212788o32rpb49ev9rf8cg7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Wed, 14 Sep 2022 06:47:50 GMT
content-type: text/css
content-length: 7688
last-modified: Wed, 14 Oct 2020 12:34:48 GMT
etag: "5f86f068-1e08"
accept-ranges: bytes
X-Firefox-Spdy: h2

s1-filecr.xyz/themes/spirit/assets/frontend/css/iconsmind.css

51.195.6.135

200 OK

96 kB

URL HTTP/2
s1-filecr.xyz/themes/spirit/assets/frontend/css/iconsmind.css
IP
51.195.6.135:0
ASN
#16276 OVH SAS

File type
ASCII text
Size
96 kB (96447 bytes)
Hash
39aa385af1cfd640bac73a09de3ac9fe
6d17dff21d04138cd8ab3ef9dfe1eae79994834c
0909de268b3276cb7464acb2f86701f62974a893dd374312908a3f8efc363438

HTTP Headers

GET /themes/spirit/assets/frontend/css/iconsmind.css HTTP/1.1
Host: s1-filecr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s1-filecr.xyz/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=2qn212788o32rpb49ev9rf8cg7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Wed, 14 Sep 2022 06:47:50 GMT
content-type: text/css
content-length: 96447
last-modified: Sat, 26 Sep 2020 15:46:36 GMT
etag: "5f6f625c-178bf"
accept-ranges: bytes
X-Firefox-Spdy: h2

s1-filecr.xyz/themes/spirit/assets/frontend/css/theme.css

51.195.6.135

200 OK

197 kB

URL HTTP/2
s1-filecr.xyz/themes/spirit/assets/frontend/css/theme.css
IP
51.195.6.135:0
ASN
#16276 OVH SAS

File type
assembler source text\012- assembler source, ASCII text
Size
197 kB (197080 bytes)
Hash
0070ae7b5bb75d59ef0f36de1f3cb4b4
58b9bcb364df74184f35e8dc0231b3573cb9c332
db7c96fb23e5c19f26d7de6f407cef6c779c2a207c8c2e16615e8e9b3e89efd8

HTTP Headers

GET /themes/spirit/assets/frontend/css/theme.css HTTP/1.1
Host: s1-filecr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s1-filecr.xyz/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=2qn212788o32rpb49ev9rf8cg7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Wed, 14 Sep 2022 06:47:50 GMT
content-type: text/css
content-length: 197080
last-modified: Sat, 26 Sep 2020 15:46:36 GMT
etag: "5f6f625c-301d8"
accept-ranges: bytes
X-Firefox-Spdy: h2

s1-filecr.xyz/themes/spirit/assets/frontend/js/flickity.min.js

51.195.6.135

200 OK

54 kB

URL HTTP/2
s1-filecr.xyz/themes/spirit/assets/frontend/js/flickity.min.js
IP
51.195.6.135:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (32032)
Size
54 kB (53861 bytes)
Hash
81a84001ccd9bdd589d1b4f187311b15
5cdf8cb0d97b5b16a5f812e1541ad387a7cb8af5
5a28889b1faf91d12eeb5b5d173c50135eefd7fdc29a951b365340cf473bd9b2

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /themes/spirit/assets/frontend/js/flickity.min.js HTTP/1.1
Host: s1-filecr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s1-filecr.xyz/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=2qn212788o32rpb49ev9rf8cg7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Wed, 14 Sep 2022 06:47:50 GMT
content-type: application/javascript
content-length: 53861
last-modified: Sat, 26 Sep 2020 15:46:36 GMT
etag: "5f6f625c-d265"
accept-ranges: bytes
X-Firefox-Spdy: h2

s1-filecr.xyz/themes/spirit/assets/frontend/js/typed.min.js

51.195.6.135

200 OK

3.9 kB

URL HTTP/2
s1-filecr.xyz/themes/spirit/assets/frontend/js/typed.min.js
IP
51.195.6.135:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (3949), with no line terminators
Size
3.9 kB (3949 bytes)
Hash
2f6185a8a32a50b2b3e04849f44359d4
0e5501588c5c0d1c9462f34b0d56c21abff5bfef
914df93a9770d8a0e132b6ce3e8f1cfba0e0fae8f3b9002a3f0eb47c3d0cc97b

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /themes/spirit/assets/frontend/js/typed.min.js HTTP/1.1
Host: s1-filecr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s1-filecr.xyz/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=2qn212788o32rpb49ev9rf8cg7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Wed, 14 Sep 2022 06:47:50 GMT
content-type: application/javascript
content-length: 3949
last-modified: Sat, 26 Sep 2020 15:46:36 GMT
etag: "5f6f625c-f6d"
accept-ranges: bytes
X-Firefox-Spdy: h2

s1-filecr.xyz/themes/spirit/assets/frontend/js/datepicker.js

51.195.6.135

200 OK

21 kB

URL HTTP/2
s1-filecr.xyz/themes/spirit/assets/frontend/js/datepicker.js
IP
51.195.6.135:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (12692), with CRLF line terminators
Size
21 kB (20975 bytes)
Hash
8cfe207a6a21c7495cfb751c761217a6
35d686a6c4ecc9946c35444ce93e110cb0e1611c
804e3c2608de23694fa71684178e2f9815115d56ee022ec770e1fcb208847acc

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /themes/spirit/assets/frontend/js/datepicker.js HTTP/1.1
Host: s1-filecr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s1-filecr.xyz/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=2qn212788o32rpb49ev9rf8cg7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Wed, 14 Sep 2022 06:47:50 GMT
content-type: application/javascript
content-length: 20975
last-modified: Sat, 26 Sep 2020 15:46:36 GMT
etag: "5f6f625c-51ef"
accept-ranges: bytes
X-Firefox-Spdy: h2

s1-filecr.xyz/themes/spirit/assets/frontend/js/granim.min.js

51.195.6.135

200 OK

11 kB

URL HTTP/2
s1-filecr.xyz/themes/spirit/assets/frontend/js/granim.min.js
IP
51.195.6.135:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (10573)
Size
11 kB (10634 bytes)
Hash
2c16a9a724563fc0c306abb5bdeb03fe
90c2032537714e66059a3eaa150b93f3c9c80163
997a15cf01d5118cb0106587f441c32de2074c8dc12d85cf7c7dc430e2ee342e

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /themes/spirit/assets/frontend/js/granim.min.js HTTP/1.1
Host: s1-filecr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s1-filecr.xyz/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=2qn212788o32rpb49ev9rf8cg7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Wed, 14 Sep 2022 06:47:50 GMT
content-type: application/javascript
content-length: 10634
last-modified: Sat, 26 Sep 2020 15:46:36 GMT
etag: "5f6f625c-298a"
accept-ranges: bytes
X-Firefox-Spdy: h2

s1-filecr.xyz/themes/spirit/assets/frontend/js/jquery.steps.min.js

51.195.6.135

200 OK

14 kB

URL HTTP/2
s1-filecr.xyz/themes/spirit/assets/frontend/js/jquery.steps.min.js
IP
51.195.6.135:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (13686)
Size
14 kB (13857 bytes)
Hash
4c5e9f4e84d32b7df69af7420b355e03
14e1e287ec98e8cc0a992ee996783b0c42f9ec0f
c9459a9e11e4c63fb7a30d2a644e80b733fc9599302ef3da8142cbe8f9d9333d

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /themes/spirit/assets/frontend/js/jquery.steps.min.js HTTP/1.1
Host: s1-filecr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s1-filecr.xyz/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=2qn212788o32rpb49ev9rf8cg7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Wed, 14 Sep 2022 06:47:50 GMT
content-type: application/javascript
content-length: 13857
last-modified: Sat, 26 Sep 2020 15:46:36 GMT
etag: "5f6f625c-3621"
accept-ranges: bytes
X-Firefox-Spdy: h2

s1-filecr.xyz/themes/spirit/assets/frontend/js/countdown.min.js

51.195.6.135

200 OK

5.3 kB

URL HTTP/2
s1-filecr.xyz/themes/spirit/assets/frontend/js/countdown.min.js
IP
51.195.6.135:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (4136)
Size
5.3 kB (5339 bytes)
Hash
5d3ff3c3fbaa67cc639501f44eeb07be
bd66e4cd58de09c198e7abc77fa4c883955d189e
2249399b2268c260d0698542503d16afebc80e437c846239f12196744ebbd40f

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /themes/spirit/assets/frontend/js/countdown.min.js HTTP/1.1
Host: s1-filecr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s1-filecr.xyz/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=2qn212788o32rpb49ev9rf8cg7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Wed, 14 Sep 2022 06:47:50 GMT
content-type: application/javascript
content-length: 5339
last-modified: Sat, 26 Sep 2020 15:46:36 GMT
etag: "5f6f625c-14db"
accept-ranges: bytes
X-Firefox-Spdy: h2

s1-filecr.xyz/themes/spirit/assets/frontend/js/smooth-scroll.min.js

51.195.6.135

200 OK

6.0 kB

URL HTTP/2
s1-filecr.xyz/themes/spirit/assets/frontend/js/smooth-scroll.min.js
IP
51.195.6.135:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (4887)
Size
6.0 kB (6006 bytes)
Hash
b67e171349c4716dd7bb15c018a2c8c1
60b204148c0eed83b06043897d1cbd54709eab66
8daef829c397c41e42a1f9faffc25aa4834334e5305805419933a1b44b6c1e30

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /themes/spirit/assets/frontend/js/smooth-scroll.min.js HTTP/1.1
Host: s1-filecr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s1-filecr.xyz/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=2qn212788o32rpb49ev9rf8cg7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Wed, 14 Sep 2022 06:47:50 GMT
content-type: application/javascript
content-length: 6006
last-modified: Sat, 26 Sep 2020 15:46:36 GMT
etag: "5f6f625c-1776"
accept-ranges: bytes
X-Firefox-Spdy: h2

s1-filecr.xyz/themes/spirit/assets/frontend/js/jquery-3.1.1.min.js

51.195.6.135

200 OK

87 kB

URL HTTP/2
s1-filecr.xyz/themes/spirit/assets/frontend/js/jquery-3.1.1.min.js
IP
51.195.6.135:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (32030)
Size
87 kB (86709 bytes)
Hash
e071abda8fe61194711cfc2ab99fe104
f647a6d37dc4ca055ced3cf64bbc1f490070acba
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /themes/spirit/assets/frontend/js/jquery-3.1.1.min.js HTTP/1.1
Host: s1-filecr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s1-filecr.xyz/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=2qn212788o32rpb49ev9rf8cg7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Wed, 14 Sep 2022 06:47:50 GMT
content-type: application/javascript
content-length: 86709
last-modified: Sat, 26 Sep 2020 15:46:36 GMT
etag: "5f6f625c-152b5"
accept-ranges: bytes
X-Firefox-Spdy: h2

s1-filecr.xyz/themes/spirit/assets/frontend/js/jquery.dataTables.min.js

51.195.6.135

200 OK

70 kB

URL HTTP/2
s1-filecr.xyz/themes/spirit/assets/frontend/js/jquery.dataTables.min.js
IP
51.195.6.135:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (768)
Size
70 kB (69604 bytes)
Hash
737f853e9fd6a31d62f5028e88663c9f
cf144f2ab49f53a69fbfe10d3588fc23437d2736
6c3ca64b7acfdd29b3ca6f1b9b46696369abd462d4546182085c347f72211841

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /themes/spirit/assets/frontend/js/jquery.dataTables.min.js HTTP/1.1
Host: s1-filecr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s1-filecr.xyz/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=2qn212788o32rpb49ev9rf8cg7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Wed, 14 Sep 2022 06:47:50 GMT
content-type: application/javascript
content-length: 69604
last-modified: Sat, 26 Sep 2020 15:46:36 GMT
etag: "5f6f625c-10fe4"
accept-ranges: bytes
X-Firefox-Spdy: h2

s1-filecr.xyz/themes/spirit/assets/images/logo/logo-whitebg.png

51.195.6.135

200 OK

6.5 kB

URL HTTP/2
s1-filecr.xyz/themes/spirit/assets/images/logo/logo-whitebg.png
IP
51.195.6.135:0
ASN
#16276 OVH SAS

File type
PNG image data, 431 x 94, 8-bit/color RGBA, non-interlaced\012- data
Size
6.5 kB (6487 bytes)
Hash
88b2ad9d81e2bdf1f6e3b17a637f2029
1a0764a7cb830d3fca90e2c78a9e1ce6f0a3ed40
2ec3e0692321a2805e95db5716e5e92d35e20f49dc1a3e9796a5def6e6254e82

HTTP Headers

GET /themes/spirit/assets/images/logo/logo-whitebg.png HTTP/1.1
Host: s1-filecr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s1-filecr.xyz/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=2qn212788o32rpb49ev9rf8cg7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Wed, 14 Sep 2022 06:47:50 GMT
content-type: image/png
content-length: 6487
last-modified: Sat, 26 Sep 2020 15:46:36 GMT
etag: "5f6f625c-1957"
accept-ranges: bytes
X-Firefox-Spdy: h2

s1-filecr.xyz/themes/spirit/assets/images/logo/logo.png

51.195.6.135

200 OK

6.3 kB

URL HTTP/2
s1-filecr.xyz/themes/spirit/assets/images/logo/logo.png
IP
51.195.6.135:0
ASN
#16276 OVH SAS

File type
PNG image data, 431 x 94, 8-bit/color RGBA, non-interlaced\012- data
Size
6.3 kB (6311 bytes)
Hash
fbacfafaffafec65fc4114568cb60858
bd497e5f6747dffe54893e7947275c56efccf53d
3393c294229659297948d0e84894dfe1f8814ca0905711bcee4e2ab213c473ea

HTTP Headers

GET /themes/spirit/assets/images/logo/logo.png HTTP/1.1
Host: s1-filecr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s1-filecr.xyz/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=2qn212788o32rpb49ev9rf8cg7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Wed, 14 Sep 2022 06:47:50 GMT
content-type: image/png
content-length: 6311
last-modified: Sat, 26 Sep 2020 15:46:36 GMT
etag: "5f6f625c-18a7"
accept-ranges: bytes
X-Firefox-Spdy: h2

s1-filecr.xyz/themes/spirit/assets/frontend/fonts/stack-interface.woff2?33839631

51.195.6.135

200 OK

4.3 kB

URL HTTP/2
s1-filecr.xyz/themes/spirit/assets/frontend/fonts/stack-interface.woff2?33839631
IP
51.195.6.135:0
ASN
#16276 OVH SAS

File type
Web Open Font Format (Version 2), TrueType, length 4292, version 1.0\012- data
Size
4.3 kB (4292 bytes)
Hash
ae072782b361d2afdbf43db08d3cfb73
f3db2e65b53d97491672f8631e21d6d05905cc88
31205df908aed9881f6d2d3ae7d38975252bf99e38268978b4236dc3c314754b

HTTP Headers

GET /themes/spirit/assets/frontend/fonts/stack-interface.woff2?33839631 HTTP/1.1
Host: s1-filecr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://s1-filecr.xyz/themes/spirit/assets/frontend/css/stack-interface.css
Cookie: filehosting=2qn212788o32rpb49ev9rf8cg7
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Wed, 14 Sep 2022 06:47:51 GMT
content-type: application/octet-stream
content-length: 4292
last-modified: Sat, 26 Sep 2020 15:46:36 GMT
etag: "5f6f625c-10c4"
accept-ranges: bytes
X-Firefox-Spdy: h2

s1-filecr.xyz/themes/spirit/assets/frontend/js/scripts.js

51.195.6.135

200 OK

472 B

URL HTTP/2
s1-filecr.xyz/themes/spirit/assets/frontend/js/scripts.js
IP
51.195.6.135:0
ASN
#16276 OVH SAS

File type
data
Size
472 B (472 bytes)
Hash
abea4dc307fd4da34aac369f4316657c
ef7be7963fa8154c83b78d6ca8518b8448f079ff
1c50a6b2765a5108f31d7a31c98c62d293440c84e8bf63f9dac685be9e3d77d5

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /themes/spirit/assets/frontend/js/scripts.js HTTP/1.1
Host: s1-filecr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s1-filecr.xyz/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=2qn212788o32rpb49ev9rf8cg7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Wed, 14 Sep 2022 06:47:50 GMT
content-type: application/javascript
content-length: 111905
last-modified: Wed, 14 Oct 2020 17:17:02 GMT
etag: "5f87328e-1b521"
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b7e665b6b70fa840ee6a1417da402132
658fa05afcf7752e8cb02979c28874efb0f4ddd8
9905cee109c441b937300b368ceccd186877a0923164bf3e1eb0971a2a224400

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 06:47:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b7e665b6b70fa840ee6a1417da402132
658fa05afcf7752e8cb02979c28874efb0f4ddd8
9905cee109c441b937300b368ceccd186877a0923164bf3e1eb0971a2a224400

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 06:47:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b7e665b6b70fa840ee6a1417da402132
658fa05afcf7752e8cb02979c28874efb0f4ddd8
9905cee109c441b937300b368ceccd186877a0923164bf3e1eb0971a2a224400

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 06:47:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b7e665b6b70fa840ee6a1417da402132
658fa05afcf7752e8cb02979c28874efb0f4ddd8
9905cee109c441b937300b368ceccd186877a0923164bf3e1eb0971a2a224400

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 06:47:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.163

200 OK

45 kB

URL HTTP/2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size
45 kB (44856 bytes)
Hash
565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

HTTP Headers

GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://s1-filecr.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 13 Sep 2022 08:31:01 GMT
expires: Wed, 13 Sep 2023 08:31:01 GMT
cache-control: public, max-age=31536000
age: 80210
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2

142.250.74.163

200 OK

18 kB

URL HTTP/2
fonts.gstatic.com/s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 17820, version 1.0\012- data
Size
18 kB (17820 bytes)
Hash
3d5107abaf7bf4df5478bd04625c0929
b04d394caabf6ea3e500b74781dc2bfd54f3c18d
9ad0a22b0c58240a7a92b4c01aa31f39a5918dea6a8fdfa77e63042abc4fca31

HTTP Headers

GET /s/opensans/v34/memQYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWq8tWZ0Pw86hd0Rk8ZkWVAewA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://s1-filecr.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 12 Sep 2022 19:07:15 GMT
expires: Tue, 12 Sep 2023 19:07:15 GMT
cache-control: public, max-age=31536000
age: 128436
last-modified: Mon, 15 Aug 2022 18:13:12 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b7e665b6b70fa840ee6a1417da402132
658fa05afcf7752e8cb02979c28874efb0f4ddd8
9905cee109c441b937300b368ceccd186877a0923164bf3e1eb0971a2a224400

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 06:47:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

s1-filecr.xyz/themes/spirit/assets/frontend/img/favicon/apple-touch-icon.png

51.195.6.135

200 OK

5.0 kB

URL HTTP/2
s1-filecr.xyz/themes/spirit/assets/frontend/img/favicon/apple-touch-icon.png
IP
51.195.6.135:0
ASN
#16276 OVH SAS

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
5.0 kB (5016 bytes)
Hash
a9a8c24cea41bed7ef78ed1d12d48291
cd86d71e15b97ab602e0e39bb6e9bbaf6779f4d7
3b379c83d1c0b117cec88debed9390723daffc2fb99cf51cc2175c47169d190e

HTTP Headers

GET /themes/spirit/assets/frontend/img/favicon/apple-touch-icon.png HTTP/1.1
Host: s1-filecr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s1-filecr.xyz/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=2qn212788o32rpb49ev9rf8cg7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Wed, 14 Sep 2022 06:47:51 GMT
content-type: image/png
content-length: 5016
last-modified: Sat, 26 Sep 2020 15:46:36 GMT
etag: "5f6f625c-1398"
accept-ranges: bytes
X-Firefox-Spdy: h2

s1-filecr.xyz/themes/spirit/assets/frontend/img/favicon/favicon-16x16.png

51.195.6.135

200 OK

447 B

URL HTTP/2
s1-filecr.xyz/themes/spirit/assets/frontend/img/favicon/favicon-16x16.png
IP
51.195.6.135:0
ASN
#16276 OVH SAS

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
447 B (447 bytes)
Hash
f3d5da06fe8d5a2425d5d229285e5eea
01032b864f3c74bbf44771e2ba41eeb2251fad90
d11d596429d3543bfb07191a87a67a8c22e198113c6f3a109158a5a85bf82f26

HTTP Headers

GET /themes/spirit/assets/frontend/img/favicon/favicon-16x16.png HTTP/1.1
Host: s1-filecr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s1-filecr.xyz/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=2qn212788o32rpb49ev9rf8cg7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
date: Wed, 14 Sep 2022 06:47:51 GMT
content-type: image/png
content-length: 447
last-modified: Sat, 26 Sep 2020 15:46:36 GMT
etag: "5f6f625c-1bf"
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e96dbe1b54932c8f447bbbfc9d31cfb0
b15d4a54fbdf95b0af8bd34b6f8ef03055eef0cd
427326963ac1ef6ddeeaf52ab07807c694b82effa6111671ada8270b1faecdae

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5453
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 06:47:51 GMT
Last-Modified: Wed, 14 Sep 2022 05:16:58 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

44.237.51.86

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.237.51.86:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: MD7aOvrzvs1KYcc02d316g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: usp7ImaKC+DXnVpChgNXAhuNV0s=

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10921
Expires: Wed, 14 Sep 2022 09:49:53 GMT
Date: Wed, 14 Sep 2022 06:47:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10921
Expires: Wed, 14 Sep 2022 09:49:53 GMT
Date: Wed, 14 Sep 2022 06:47:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10921
Expires: Wed, 14 Sep 2022 09:49:53 GMT
Date: Wed, 14 Sep 2022 06:47:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10921
Expires: Wed, 14 Sep 2022 09:49:53 GMT
Date: Wed, 14 Sep 2022 06:47:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10921
Expires: Wed, 14 Sep 2022 09:49:53 GMT
Date: Wed, 14 Sep 2022 06:47:52 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8cb650f7-1b0f-4a3d-898f-97b846afe9db.jpeg

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8cb650f7-1b0f-4a3d-898f-97b846afe9db.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10138 bytes)
Hash
0789404fdbe3613d465d8fa89a63d7b8
0617d2e513097ca415a1d07cd39b1cb64d832ecf
80e55e383f354113c3694bbcc00fd1c544a97079bd3c462f1b90e952c0634bac

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8cb650f7-1b0f-4a3d-898f-97b846afe9db.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10138
x-amzn-requestid: bdf798d9-6729-4363-a900-f32c4041d0c7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YU5qsGZ-oAMFQ1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631ea311-7b146c0620a83d5c00446f87;Sampled=0
x-amzn-remapped-date: Mon, 12 Sep 2022 03:10:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OM9K72ukk0cuyR1ZcV5xWXnEd8U9OgeQi7bkCe0Pzn3BfdLMvSdSXg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 03:09:32 GMT
age: 13100
etag: "0617d2e513097ca415a1d07cd39b1cb64d832ecf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8c86775f-a6ef-49b2-85ad-4272db5b9f42.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9467 bytes)
Hash
80786e640acccfa61ef2aaa27a2a95fa
94663318844e6567f2d160d620eb9ed777fba2a3
686348c1aa038c5109c39c3491524a98bcfc5b1559568391ba7fb240a285a064

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8c86775f-a6ef-49b2-85ad-4272db5b9f42.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9467
x-amzn-requestid: d14b460e-2aa5-41c8-9a8b-4da671156014
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yauv3HJJoAMFWgg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f7fe-0643dea6458034ab51d840d5;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:37:02 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: rVAqQoiN5d1Ph-lVvB7luXmG0zQJuvLi8I_B-xGbJjLkyyAid6rktw==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 22:07:08 GMT
etag: "94663318844e6567f2d160d620eb9ed777fba2a3"
content-type: image/jpeg
age: 31244
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

17 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7859b5f-1c86-429e-be16-f7b41657b096.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
17 kB (16980 bytes)
Hash
d7be52d818b206e064541ef4f4b0786b
7674123112859fd79ee9214c5308ad6a5e4ed015
bb011cf1e3c97c42f22c0553b64c23f120fa52d4bc7b56b5bde5678226aff0ce

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7859b5f-1c86-429e-be16-f7b41657b096.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 16980
x-amzn-requestid: 7c555cd5-4a33-452e-82d4-cac3282c0b0f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYZfRHYOoAMFtIw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320092e-0bbd43cc499db9ed24226439;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 04:38:06 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: m4lRTnfzeQluGV3fqyeSS6yLeU8tcfijOqcqyVdZ2L2pENHfWdrUHg==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 09:39:44 GMT
age: 76088
etag: "7674123112859fd79ee9214c5308ad6a5e4ed015"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34a3d36b-806f-4fea-a370-b26c1e8473d0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.0 kB (5988 bytes)
Hash
f5befd5bb8e6d5dad2465be69d5a33e4
e5b46c3ca439a09950290cada1af5e27cede10f2
4dc0a3373fb4c1830c4e2420dddbcbe8dceecf10e969cbe8d02368e41207832c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34a3d36b-806f-4fea-a370-b26c1e8473d0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5988
x-amzn-requestid: a0d81c7a-14e3-443d-8fb7-19241f06d3c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yaux0H77IAMF2_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f80b-0fe6fbbe75e891b925f88dc2;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:37:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3PbHWkNMa0XkuY_FcTO22i9YwMdqlJPCho7FlBwdbuUnbWrOv0w5Hg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 21:59:03 GMT
age: 31729
etag: "e5b46c3ca439a09950290cada1af5e27cede10f2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F660a99ba-8fb8-48d5-9b57-24bf119b1397.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.2 kB (8164 bytes)
Hash
d4d699a7d242c123b1f4912f4c534b87
42a6d9d5b99f94166f6ffbcfe510d19da97f3105
5b631de5a0c94dcd5a943a5be7f990ba7e9174449a9f732ef2448fb590e1b3d9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F660a99ba-8fb8-48d5-9b57-24bf119b1397.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8164
x-amzn-requestid: 1c9b16e9-7ba7-45a9-842d-151e70aaf48f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YauxUG3XIAMFbCA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f808-0c82bf512f8464187a9994fa;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:37:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: m2Wi-Ma_XppIdxDZcottTKm0wb7Y9kpvE3dMnQaesiQ-024MTIClKw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 21:37:12 GMT
age: 33040
etag: "42a6d9d5b99f94166f6ffbcfe510d19da97f3105"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2b71bb0-fd92-43d0-8cd0-b426d0b88ee8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (15547 bytes)
Hash
56811a1a20a467464e1f3da171ef8b14
366b2090d409d694b72b4b4131df46dd65d69c5a
4c208fb88884166adf4ecc5882f75948b4a87d85c76ad6e7137e8edbd125c996

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2b71bb0-fd92-43d0-8cd0-b426d0b88ee8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 15547
x-amzn-requestid: a78f7d90-84c3-4198-88bf-1d722c37f09f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yauv4EUDoAMF13A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f7ff-49535e5525606250306488ba;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:37:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: CWzE6n2U7hSFcSIHX5z76DPIid9pvbOqM6ikOlegBxzbuRThMeLKZA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Tue, 13 Sep 2022 21:46:14 GMT
etag: "366b2090d409d694b72b4b4131df46dd65d69c5a"
content-type: image/jpeg
age: 32498
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

s1-filecr.xyz/error?e=File+can+not+be+located%2C+please+try+again+later.

51.195.6.135

200 OK

0 B

URL HTTP/2
s1-filecr.xyz/error?e=File+can+not+be+located%2C+please+try+again+later.
IP
51.195.6.135:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /error?e=File+can+not+be+located%2C+please+try+again+later. HTTP/1.1
Host: s1-filecr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: filehosting=2qn212788o32rpb49ev9rf8cg7
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.0 (Ubuntu)
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, no-cache
date: Wed, 14 Sep 2022 06:47:50 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/icon?family=Material+Icons

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/icon?family=Material+Icons
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s1-filecr.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 14 Sep 2022 06:47:50 GMT
date: Wed, 14 Sep 2022 06:47:50 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

s1-filecr.xyz/02b823794110a399?download_token=57c9abe70aeecfde521bab21acfe12822f8bf47d0b3c68fb2663661dd67238ae

51.195.6.135

302 Found

0 B

URL HTTP/2
s1-filecr.xyz/02b823794110a399?download_token=57c9abe70aeecfde521bab21acfe12822f8bf47d0b3c68fb2663661dd67238ae
IP
51.195.6.135:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /02b823794110a399?download_token=57c9abe70aeecfde521bab21acfe12822f8bf47d0b3c68fb2663661dd67238ae HTTP/1.1
Host: s1-filecr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 302 Found
server: nginx/1.14.0 (Ubuntu)
content-type: text/html; charset=UTF-8
location: https://s1-filecr.xyz/error?e=File+can+not+be+located%2C+please+try+again+later.
set-cookie: filehosting=2qn212788o32rpb49ev9rf8cg7; expires=Thu, 15-Sep-2022 06:47:50 GMT; Max-Age=86400; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, no-cache
date: Wed, 14 Sep 2022 06:47:50 GMT
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans:200,300,400,400i,500,600,700%7CMerriweather:300,300i

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Open+Sans:200,300,400,400i,500,600,700%7CMerriweather:300,300i
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Open+Sans:200,300,400,400i,500,600,700%7CMerriweather:300,300i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s1-filecr.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 14 Sep 2022 06:47:50 GMT
date: Wed, 14 Sep 2022 06:47:50 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations