r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7010
Expires: Mon, 06 Feb 2023 01:46:54 GMT
Date: Sun, 05 Feb 2023 23:50:04 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1cdc095521e9ee2606059be447d1fdd5
02b5d0a5b5823e2338daf7e144700babe2a213af
8bda3aabcf331c2bfcc4c7023cd797c760fd301dc353641bb95048e072f66c66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BDA3AABCF331C2BFCC4C7023CD797C760FD301DC353641BB95048E072F66C66"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3211
Expires: Mon, 06 Feb 2023 00:43:35 GMT
Date: Sun, 05 Feb 2023 23:50:04 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13207
Expires: Mon, 06 Feb 2023 03:30:11 GMT
Date: Sun, 05 Feb 2023 23:50:04 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 05 Feb 2023 23:33:59 GMT
content-type: application/json
age: 965
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: +PIcoP8TQguOv6sXQWIsqk9mhEgVQgi9EVLOvQsYbxCvvHRABtuzpLiVdn9hZuBjoKsYZmUOPO8=
x-amz-request-id: PP7VZ260HQM9FEY3
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 05 Feb 2023 22:53:28 GMT
age: 3396
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
hgashfoundation.org/widgt/8c80dfaf63180ce46
301 Moved Permanently 260 B URL HTTP/2 hgashfoundation.org/widgt/8c80dfaf63180ce46
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 27601d531cb7bf6c8fda4ebadedb01b3
e36a5b5baa2d985862c7d49e276c349460e87a2e
76f3fd3852a4aa6ea66c72990276529eb0295d7e4c5fc7c32d67f73ee984cd80
Analyzer Verdict Alert openphish SBB
fortinet Phishing
GET /widgt/8c80dfaf63180ce46 HTTP/1.1
Host: hgashfoundation.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
location: https://hgashfoundation.org/widgt/8c80dfaf63180ce46/
cache-control: max-age=3600
expires: Mon, 06 Feb 2023 00:50:04 GMT
content-length: 260
content-type: text/html; charset=iso-8859-1
date: Sun, 05 Feb 2023 23:50:04 GMT
server: Apache
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 23:50:05 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 05 Feb 2023 23:07:20 GMT
age: 2565
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11823
Expires: Mon, 06 Feb 2023 03:07:08 GMT
Date: Sun, 05 Feb 2023 23:50:05 GMT
Connection: keep-alive
i.ibb.co/rvJSbmd/button-anmelden-mit-swisspass.png
200 OK 4.0 kB URL HTTP/2 i.ibb.co/rvJSbmd/button-anmelden-mit-swisspass.png
IP
File type PNG image data, 354 x 64, 8-bit/color RGBA, non-interlaced\012- data
Hash 72e93030e66c338d5d027ec9e37e3b7f
c1592c93a34f1678ee4352454f0b2a351b915fff
2935f6cbdebc3fdf2a3807e29d6cb7c47ae93ab1b509f9c8fec2f61bd524abd0
GET /rvJSbmd/button-anmelden-mit-swisspass.png HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hgashfoundation.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 23:50:05 GMT
content-type: image/png
content-length: 3957
last-modified: Sun, 17 Jul 2022 18:01:43 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: r5ZsrzyBwjarDEd8X+FOvA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: v4lbIjrU8JjrRHo6beomJ5TteBg=
i.ibb.co/GFpD5vY/button-anmelden-mit-swissid.png
200 OK 3.8 kB URL HTTP/2 i.ibb.co/GFpD5vY/button-anmelden-mit-swissid.png
IP
File type PNG image data, 329 x 64, 8-bit/color RGBA, non-interlaced\012- data
Hash dbd2afa8bf308dd811cc16a670bb62ec
b3eaabd3bbf82c958117270041b9371a3b691fe7
bd640fb21af72b1ef707112f2b83238f8a6bec2a585fdc40da41c9346eecb4bd
GET /GFpD5vY/button-anmelden-mit-swissid.png HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hgashfoundation.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 23:50:05 GMT
content-type: image/png
content-length: 3803
last-modified: Sun, 17 Jul 2022 18:03:53 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/base.min.css
200 OK 6.9 kB URL HTTP/2 hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/base.min.css
IP
File type ASCII text, with very long lines (52542), with no line terminators
Hash c79531a0a1779753009c253cffee9bc6
2ed73254bd3d4b197dc3e4a01425d97483cfe2ab
326cd6aceb61088088eb6b8047ada48d35e35c9248a1a444d6335df41760679a
GET /widgt/8c80dfaf63180ce46/index_files/base.min.css HTTP/1.1
Host: hgashfoundation.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hgashfoundation.org/widgt/8c80dfaf63180ce46/
Cookie: PHPSESSID=f9so1m0pjuvts8aftsu7msg297
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 04 Feb 2023 21:00:16 GMT
accept-ranges: bytes
cache-control: public, must-revalidate, proxy-revalidate
expires: Tue, 07 Mar 2023 23:50:05 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 6936
content-type: text/css
date: Sun, 05 Feb 2023 23:50:05 GMT
server: Apache
X-Firefox-Spdy: h2
hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/12.min.js
200 OK 1.9 kB URL HTTP/2 hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/12.min.js
IP
File type ASCII text, with very long lines (7298), with no line terminators
Hash cfe6cbaf32be5f360496235e68351495
9b3e28894ebc49390982df4bf3ea5be13e3fd5e7
e5c31c29a3f3e7b76cecc329688d7677acec8dee2575fdc7fe70b89331900aff
Analyzer Verdict Alert fortinet Phishing
GET /widgt/8c80dfaf63180ce46/index_files/12.min.js HTTP/1.1
Host: hgashfoundation.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hgashfoundation.org/widgt/8c80dfaf63180ce46/
Cookie: PHPSESSID=f9so1m0pjuvts8aftsu7msg297
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 04 Feb 2023 21:00:16 GMT
accept-ranges: bytes
cache-control: public, must-revalidate, proxy-revalidate
expires: Tue, 07 Mar 2023 23:50:05 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 1866
content-type: application/x-javascript
date: Sun, 05 Feb 2023 23:50:05 GMT
server: Apache
X-Firefox-Spdy: h2
hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/lux.js
200 OK 6.6 kB URL HTTP/2 hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/lux.js
IP
File type ASCII text, with very long lines (18304)
Hash 189305965d105ea6bed6750e3e7838c2
21097aac5c5fffcf720ce8dd4d1bd5a78ae02f4f
d199e0d9547e6af3b35f3fab8be99ead022e1f5e439a7628910bc9c47c62952a
Analyzer Verdict Alert fortinet Phishing
GET /widgt/8c80dfaf63180ce46/index_files/lux.js HTTP/1.1
Host: hgashfoundation.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hgashfoundation.org/widgt/8c80dfaf63180ce46/
Cookie: PHPSESSID=f9so1m0pjuvts8aftsu7msg297
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 04 Feb 2023 21:00:16 GMT
accept-ranges: bytes
cache-control: public, must-revalidate, proxy-revalidate
expires: Tue, 07 Mar 2023 23:50:05 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 6552
content-type: application/x-javascript
date: Sun, 05 Feb 2023 23:50:05 GMT
server: Apache
X-Firefox-Spdy: h2
cdn-icons-png.flaticon.com/512/197/197571.png
200 OK 12 kB URL HTTP/2 cdn-icons-png.flaticon.com/512/197/197571.png
IP
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash 85ca59c60c9179d7b3e9b6ab03b407c7
ab58b6b91fd5a7c243389fc49dff53bb7f0f94b5
9ead1bc194a3a01035de7f65160c91b32604d2c788b35a914543c34ef451cd3a
GET /512/197/197571.png HTTP/1.1
Host: cdn-icons-png.flaticon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hgashfoundation.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Mon, 14 Feb 2022 13:04:10 GMT
etag: "85ca59c60c9179d7b3e9b6ab03b407c7"
content-type: image/png
accept-ranges: bytes
content-length: 11636
unused62: 8096267
expires: Sun, 05 Feb 2023 23:50:06 GMT
date: Sun, 05 Feb 2023 23:50:06 GMT
vary: Accept-Encoding
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=31536000
x-default-rule: YES
X-Firefox-Spdy: h2
cdn-icons-png.flaticon.com/512/197/197560.png
200 OK 16 kB URL HTTP/2 cdn-icons-png.flaticon.com/512/197/197560.png
IP
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash a7d33e1998b1eee77ff4bf6a742be232
5e3fb88d04337365ff23d1fc95104323871f9f49
0d075f82e2b4f4fa762101ae95488a425d2df9f40c5b7e120954509c635879bf
GET /512/197/197560.png HTTP/1.1
Host: cdn-icons-png.flaticon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hgashfoundation.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Mon, 14 Feb 2022 13:03:22 GMT
etag: "a7d33e1998b1eee77ff4bf6a742be232"
content-type: image/png
accept-ranges: bytes
content-length: 16395
unused62: 8096267
expires: Sun, 05 Feb 2023 23:50:06 GMT
date: Sun, 05 Feb 2023 23:50:06 GMT
vary: Accept-Encoding
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=31536000
x-default-rule: YES
X-Firefox-Spdy: h2
cdn-icons-png.flaticon.com/512/197/197374.png
200 OK 20 kB URL HTTP/2 cdn-icons-png.flaticon.com/512/197/197374.png
IP
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash aac0dfefc080856931658ea9c760534e
6495d0a202721472461a53b11c79aea953184a7c
16d2af8dfe6bff63fd76dc7434e09f1c98de85b1aa8d35ab98b473bae3c1f97d
GET /512/197/197374.png HTTP/1.1
Host: cdn-icons-png.flaticon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hgashfoundation.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Mon, 14 Feb 2022 12:57:10 GMT
etag: "aac0dfefc080856931658ea9c760534e"
content-type: image/png
accept-ranges: bytes
content-length: 19575
unused62: 8096267
expires: Sun, 05 Feb 2023 23:50:06 GMT
date: Sun, 05 Feb 2023 23:50:06 GMT
vary: Accept-Encoding
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=31536000
x-default-rule: YES
X-Firefox-Spdy: h2
hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/head.min.js
200 OK 17 kB URL HTTP/2 hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/head.min.js
IP
File type Unicode text, UTF-8 text, with very long lines (50621)
Hash f9b0bf129c2c53707e82080c04ad7291
25006b936520f5ab73a887d6b807a96b2ed86466
1fe9868c9a34d9c6b9488e69a923b3f8e80671d7030bef8634ddb33b8a00272e
Analyzer Verdict Alert fortinet Phishing
GET /widgt/8c80dfaf63180ce46/index_files/head.min.js HTTP/1.1
Host: hgashfoundation.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hgashfoundation.org/widgt/8c80dfaf63180ce46/
Cookie: PHPSESSID=f9so1m0pjuvts8aftsu7msg297
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 04 Feb 2023 21:00:16 GMT
accept-ranges: bytes
cache-control: public, must-revalidate, proxy-revalidate
expires: Tue, 07 Mar 2023 23:50:05 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 16958
content-type: application/x-javascript
date: Sun, 05 Feb 2023 23:50:05 GMT
server: Apache
X-Firefox-Spdy: h2
hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/f.txt
200 OK 100 B URL HTTP/2 hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/f.txt
IP
File type ASCII text, with no line terminators
Hash bfc1048d4d1e257ff231a93bc55e2953
2fe40f4faf68137caa9a3df39754432b295bb6e2
d9e218189ff857f5c51bd09c945f591f1f5ec1940ae7a164346129f59b11017c
Analyzer Verdict Alert fortinet Phishing
GET /widgt/8c80dfaf63180ce46/index_files/f.txt HTTP/1.1
Host: hgashfoundation.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hgashfoundation.org/widgt/8c80dfaf63180ce46/
Cookie: PHPSESSID=f9so1m0pjuvts8aftsu7msg297
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 04 Feb 2023 21:00:16 GMT
accept-ranges: bytes
cache-control: public, must-revalidate, proxy-revalidate
expires: Mon, 06 Feb 2023 00:50:05 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 100
content-type: text/plain
date: Sun, 05 Feb 2023 23:50:05 GMT
server: Apache
X-Firefox-Spdy: h2
hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/2.min.js
200 OK 13 kB URL HTTP/2 hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/2.min.js
IP
File type ASCII text, with very long lines (42608)
Hash a1c2c876b8e28a065384dede052666c4
a17a7af49e62a3742ee1bb385380633d11950dfe
1b3b0f0d3c0b4e686def0cda4c17ee5faa27232803f7480a5eeb2249c234b50e
Analyzer Verdict Alert fortinet Phishing
GET /widgt/8c80dfaf63180ce46/index_files/2.min.js HTTP/1.1
Host: hgashfoundation.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hgashfoundation.org/widgt/8c80dfaf63180ce46/
Cookie: PHPSESSID=f9so1m0pjuvts8aftsu7msg297
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 04 Feb 2023 21:00:16 GMT
accept-ranges: bytes
cache-control: public, must-revalidate, proxy-revalidate
expires: Tue, 07 Mar 2023 23:50:05 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 12848
content-type: application/x-javascript
date: Sun, 05 Feb 2023 23:50:05 GMT
server: Apache
X-Firefox-Spdy: h2
hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/otTCF.js
200 OK 15 kB URL HTTP/2 hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/otTCF.js
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash b5acc7b88db4478321fd0c0efa5a644a
0afbcb059490827e56db6d6af6a2a8a8f2fc0047
699c04247ecd4df8fc9a96f950f6202fb6631373262b0262231832c314ff25b6
Analyzer Verdict Alert fortinet Phishing
GET /widgt/8c80dfaf63180ce46/index_files/otTCF.js HTTP/1.1
Host: hgashfoundation.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hgashfoundation.org/widgt/8c80dfaf63180ce46/
Cookie: PHPSESSID=f9so1m0pjuvts8aftsu7msg297
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 04 Feb 2023 21:00:16 GMT
accept-ranges: bytes
cache-control: public, must-revalidate, proxy-revalidate
expires: Tue, 07 Mar 2023 23:50:05 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 15033
content-type: application/x-javascript
date: Sun, 05 Feb 2023 23:50:05 GMT
server: Apache
X-Firefox-Spdy: h2
hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/gpt.js
200 OK 28 kB URL HTTP/2 hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/gpt.js
IP
File type ASCII text, with very long lines (42289)
Hash bc15ff2370d1e3151d527412689e9ccf
d6e7bbd07239574b003b269dcad47e90c7885a95
c73114678a7390c4bd9a2368a1ce140ca19f5eee70e28533f681016df7ad1cc2
Analyzer Verdict Alert fortinet Phishing
GET /widgt/8c80dfaf63180ce46/index_files/gpt.js HTTP/1.1
Host: hgashfoundation.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hgashfoundation.org/widgt/8c80dfaf63180ce46/
Cookie: PHPSESSID=f9so1m0pjuvts8aftsu7msg297
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 04 Feb 2023 21:00:16 GMT
accept-ranges: bytes
cache-control: public, must-revalidate, proxy-revalidate
expires: Tue, 07 Mar 2023 23:50:05 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 28344
content-type: application/x-javascript
date: Sun, 05 Feb 2023 23:50:05 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 7afb8eb5dcbd727fb69c14bfabe20e72
d4b1cc1973e4200a371f0aa8c5ec8232d780a77b
ca0a46edfe267973b60ff163d696fe7c0e862e56ee3f90f098bf309f276c987f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 23:50:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
securepubads.g.doubleclick.net/pagead/ppub_config?ippd=hgashfoundation.org
200 OK 41 B URL HTTP/2 securepubads.g.doubleclick.net/pagead/ppub_config?ippd=hgashfoundation.org
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 8492ed5078c403f8c3a4479798a00bfb
e065dde4a86bcd9aa003224e2ad1fd529cffaebc
7665454be3eb1262213bbf50c3b664bba46815edc625b2f924ec2477c3bf6fe7
GET /pagead/ppub_config?ippd=hgashfoundation.org HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hgashfoundation.org
Connection: keep-alive
Referer: https://hgashfoundation.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
date: Sun, 05 Feb 2023 23:50:06 GMT
expires: Sun, 05 Feb 2023 23:50:06 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 41
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 06-Feb-2023 00:05:06 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/f(1).txt
200 OK 199 B URL HTTP/2 hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/f(1).txt
IP
File type ASCII text, with no line terminators
Hash 90bf72e9f22b4793b9d00490c7b95b3d
db06141eb14a88aa2cc69e24d6d72b0b02f90b05
4d37e3f12a7f3f88c71f66b8a5edfe8f7af73756d897d4aa6d48566bcb61202e
Analyzer Verdict Alert fortinet Phishing
GET /widgt/8c80dfaf63180ce46/index_files/f(1).txt HTTP/1.1
Host: hgashfoundation.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hgashfoundation.org/widgt/8c80dfaf63180ce46/
Cookie: PHPSESSID=f9so1m0pjuvts8aftsu7msg297
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 04 Feb 2023 21:00:16 GMT
accept-ranges: bytes
cache-control: public, must-revalidate, proxy-revalidate
expires: Mon, 06 Feb 2023 00:50:05 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 199
content-type: text/plain
date: Sun, 05 Feb 2023 23:50:05 GMT
server: Apache
X-Firefox-Spdy: h2
hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/header.min.css
200 OK 9.5 kB URL HTTP/2 hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/header.min.css
IP
File type ASCII text, with very long lines (63430), with no line terminators
Hash 33ef3602737ef539c5c794dc3d2544b2
43c20b998f22dd31adff371a8a2375f2c84f3102
06762a5d5d29cca256ef76154cdd2e355137eb805e3bcd97446c20bd34ed0321
GET /widgt/8c80dfaf63180ce46/index_files/header.min.css HTTP/1.1
Host: hgashfoundation.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hgashfoundation.org/widgt/8c80dfaf63180ce46/
Cookie: PHPSESSID=f9so1m0pjuvts8aftsu7msg297
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 04 Feb 2023 21:00:16 GMT
accept-ranges: bytes
cache-control: public, must-revalidate, proxy-revalidate
expires: Tue, 07 Mar 2023 23:50:05 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 9492
content-type: text/css
date: Sun, 05 Feb 2023 23:50:05 GMT
server: Apache
X-Firefox-Spdy: h2
hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/0.min.js
200 OK 21 kB URL HTTP/2 hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/0.min.js
IP
File type Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Hash 7dccda900195700ee1a560b85cb687cc
4b3e5e8ae30c446f525687991d242590c2ac5593
649c20af617d0a366fdedd9a002bd19cd19edc19ad225341bb8604a93286838c
Analyzer Verdict Alert fortinet Phishing
GET /widgt/8c80dfaf63180ce46/index_files/0.min.js HTTP/1.1
Host: hgashfoundation.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hgashfoundation.org/widgt/8c80dfaf63180ce46/
Cookie: PHPSESSID=f9so1m0pjuvts8aftsu7msg297
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 04 Feb 2023 21:00:16 GMT
accept-ranges: bytes
cache-control: public, must-revalidate, proxy-revalidate
expires: Tue, 07 Mar 2023 23:50:05 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 21283
content-type: application/x-javascript
date: Sun, 05 Feb 2023 23:50:05 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 7afb8eb5dcbd727fb69c14bfabe20e72
d4b1cc1973e4200a371f0aa8c5ec8232d780a77b
ca0a46edfe267973b60ff163d696fe7c0e862e56ee3f90f098bf309f276c987f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 23:50:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/aframe.html
200 OK 542 B URL HTTP/2 hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/aframe.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (765)
Hash a1d9332bc06ba2a899e5286a5eed52e1
02746abb0bdea1f54fc96a49c00f56925e1251d9
5c94055ad055e9c45b47bffff9175a85c7d96ae71e36000773677ad7c6bbefcc
Analyzer Verdict Alert fortinet Phishing
GET /widgt/8c80dfaf63180ce46/index_files/aframe.html HTTP/1.1
Host: hgashfoundation.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hgashfoundation.org/widgt/8c80dfaf63180ce46/
Cookie: PHPSESSID=f9so1m0pjuvts8aftsu7msg297; lux_uid=167564104868559056
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 04 Feb 2023 21:00:16 GMT
accept-ranges: bytes
cache-control: public, must-revalidate, proxy-revalidate
expires: Mon, 06 Feb 2023 00:50:05 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 542
content-type: text/html
date: Sun, 05 Feb 2023 23:50:05 GMT
server: Apache
X-Firefox-Spdy: h2
hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/saved_resource(1).html
200 OK 145 B URL HTTP/2 hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/saved_resource(1).html
IP
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 5e610eda263540ba05be0d6b5cf807a2
269663c27bdb68d880847d4f7bd4b62796926c93
682e5b3b42807f8a40d9f12d20c12a824dbf1dfcda7fefab7c81a08a35c9bfca
Analyzer Verdict Alert fortinet Phishing
GET /widgt/8c80dfaf63180ce46/index_files/saved_resource(1).html HTTP/1.1
Host: hgashfoundation.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hgashfoundation.org/widgt/8c80dfaf63180ce46/
Cookie: PHPSESSID=f9so1m0pjuvts8aftsu7msg297; lux_uid=167564104868559056
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 04 Feb 2023 21:00:16 GMT
accept-ranges: bytes
cache-control: public, must-revalidate, proxy-revalidate
expires: Mon, 06 Feb 2023 00:50:05 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-length: 145
content-type: text/html
date: Sun, 05 Feb 2023 23:50:05 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash cd4f567bc39a1f4764435d2beeb78321
7f5af50f1cfd5f751268559f9ff918782fdc6eec
8c2b3cc2a0b31da2dc00a71d60209b72e399a47e90e9766f34510709b15bafd9
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 05 Feb 2023 23:50:06 GMT
Last-Modified: Sun, 05 Feb 2023 22:46:20 GMT
Server: ECS (nyb/1D28)
X-Cache: Miss from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: erb6O_Od5_bPnmVZlMhpI-wYje_OO8abH7LnKObVdjDEk12xwZ_gRA==
Age: 3827
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash cd4f567bc39a1f4764435d2beeb78321
7f5af50f1cfd5f751268559f9ff918782fdc6eec
8c2b3cc2a0b31da2dc00a71d60209b72e399a47e90e9766f34510709b15bafd9
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=86253
Date: Sun, 05 Feb 2023 23:50:06 GMT
Etag: "63deed74-1d7"
Expires: Mon, 06 Feb 2023 23:47:39 GMT
Last-Modified: Sat, 04 Feb 2023 23:42:44 GMT
Server: ECS (dcb/7F60)
X-Cache: Miss from cloudfront
Via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 54akp7nw0gHxlGrLVYzYaZhV2GoqcVtBsc55GVsPtjvu6XV_r8jYHw==
Age: 295
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash cd4f567bc39a1f4764435d2beeb78321
7f5af50f1cfd5f751268559f9ff918782fdc6eec
8c2b3cc2a0b31da2dc00a71d60209b72e399a47e90e9766f34510709b15bafd9
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=86324
Date: Sun, 05 Feb 2023 23:50:06 GMT
Etag: "63deed74-1d7"
Expires: Mon, 06 Feb 2023 23:48:50 GMT
Last-Modified: Sat, 04 Feb 2023 23:42:44 GMT
Server: ECS (dcb/7EA6)
X-Cache: Miss from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: aKoUoQ_iMWnPxzihNo-gKsmN6Ltmd40ce5EfmI-6eVCxPNgdtQ7Kpg==
Age: 366
cdn.app.sbb.ch/fonts/v1_6_subset/SBBWeb-Roman.woff2
200 OK 14 kB URL HTTP/2 cdn.app.sbb.ch/fonts/v1_6_subset/SBBWeb-Roman.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 14152, version 1.0\012- data
Hash 82e55d1865d40988204fa60522628f4b
e9d74fb23204a62c520d19b8fae3f0193539cdfb
966a89b8080879ba41c6b9f15c5efb58182c33a0d2d1e08748beb554b28b4997
GET /fonts/v1_6_subset/SBBWeb-Roman.woff2 HTTP/1.1
Host: cdn.app.sbb.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://hgashfoundation.org
Connection: keep-alive
Referer: https://hgashfoundation.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 23:50:06 GMT
content-type: application/font-woff2
content-length: 14152
server: nginx/1.23.2
last-modified: Fri, 17 Dec 2021 15:16:26 GMT
vary: Accept-Encoding
etag: "61bca9ca-3748"
expires: Mon, 05 Feb 2024 23:50:06 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With
cache-control: max-age=31536000, public, private
accept-ranges: bytes
set-cookie: 9527f1a32486d650b0687919ffd41c2b=5ef52202a6ac57adcbb1668ac157ac67; path=/; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
cdn.app.sbb.ch/fonts/v1_6_subset/SBBWeb-Thin.woff2
200 OK 15 kB URL HTTP/2 cdn.app.sbb.ch/fonts/v1_6_subset/SBBWeb-Thin.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 14592, version 1.0\012- data
Hash 5e7610c6ee3c32c6c19a945af5ba85e3
bc415536f4defc8beaceb5585a91564cb050c241
d54c676681d2c4e3b931e77908b1345441a0cf6e8f2339d4d3a56c1083aab7e6
GET /fonts/v1_6_subset/SBBWeb-Thin.woff2 HTTP/1.1
Host: cdn.app.sbb.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://hgashfoundation.org
Connection: keep-alive
Referer: https://hgashfoundation.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 23:50:06 GMT
content-type: application/font-woff2
content-length: 14592
server: nginx/1.23.2
last-modified: Fri, 17 Dec 2021 15:16:26 GMT
vary: Accept-Encoding
etag: "61bca9ca-3900"
expires: Mon, 05 Feb 2024 23:50:06 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With
cache-control: max-age=31536000, public, private
accept-ranges: bytes
set-cookie: 9527f1a32486d650b0687919ffd41c2b=6a5c9d5d60c56881decfab065714f9e7; path=/; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/sodar
200 OK 0 B URL HTTP/2 hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/sodar
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /widgt/8c80dfaf63180ce46/index_files/sodar HTTP/1.1
Host: hgashfoundation.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/aframe.html
Cookie: PHPSESSID=f9so1m0pjuvts8aftsu7msg297; lux_uid=167564104868559056
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 04 Feb 2023 21:00:16 GMT
accept-ranges: bytes
content-length: 0
cache-control: max-age=2592000
expires: Tue, 07 Mar 2023 23:50:05 GMT
date: Sun, 05 Feb 2023 23:50:05 GMT
server: Apache
X-Firefox-Spdy: h2
cdn.app.sbb.ch/fonts/v1_6_subset/SBBWeb-Bold.woff2
200 OK 14 kB URL HTTP/2 cdn.app.sbb.ch/fonts/v1_6_subset/SBBWeb-Bold.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 14272, version 1.0\012- data
Hash dc04de1d44c514385e815f3e8c1c80d7
c8932161c80c1b65e006f79f4a9d04dc2e3f8b37
f069a80a8f0838dc76f55359c8599ee04d3c66004c6513de7cbf382df4bb59e2
GET /fonts/v1_6_subset/SBBWeb-Bold.woff2 HTTP/1.1
Host: cdn.app.sbb.ch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://hgashfoundation.org
Connection: keep-alive
Referer: https://hgashfoundation.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 23:50:06 GMT
content-type: application/font-woff2
content-length: 14272
server: nginx/1.23.2
last-modified: Fri, 17 Dec 2021 15:16:26 GMT
vary: Accept-Encoding
etag: "61bca9ca-37c0"
expires: Mon, 05 Feb 2024 23:50:06 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With
cache-control: max-age=31536000, public, private
accept-ranges: bytes
set-cookie: 9527f1a32486d650b0687919ffd41c2b=c4ec8c8cc8b23a500a81798217b8ec6d; path=/; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 836bc62dbb011b6180fc7209d0061736
74e6f18561a7006a3afb6ab03559eec239ce4b36
90b197384670fdb210d364f91b423fd383d25838e38a494158a8185bef0061f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 23:50:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcScja8EW4PSt2ay-0oJAKt6aDQ00rVhyOxOTg&usqp=CAU
200 OK 2.1 kB URL HTTP/2 encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcScja8EW4PSt2ay-0oJAKt6aDQ00rVhyOxOTg&usqp=CAU
IP
File type PNG image data, 225 x 225, 8-bit colormap, non-interlaced\012- data
Hash afedfbf3c3631b837faef4a889fc02b5
ec94529aad3a180259e5114b2ea899e9a03f3bda
d5a335190307402516082d0274bde12fa482d20ce04da3a36f79296b244509e4
GET /images?q=tbn:ANd9GcScja8EW4PSt2ay-0oJAKt6aDQ00rVhyOxOTg&usqp=CAU HTTP/1.1
Host: encrypted-tbn0.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hgashfoundation.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-length: 2059
date: Sun, 05 Feb 2023 23:50:06 GMT
expires: Mon, 05 Feb 2024 23:50:06 GMT
cache-control: public, max-age=31536000
last-modified: Sat, 17 Aug 2019 00:34:41 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 836bc62dbb011b6180fc7209d0061736
74e6f18561a7006a3afb6ab03559eec239ce4b36
90b197384670fdb210d364f91b423fd383d25838e38a494158a8185bef0061f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 23:50:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10880
Expires: Mon, 06 Feb 2023 02:51:27 GMT
Date: Sun, 05 Feb 2023 23:50:07 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10880
Expires: Mon, 06 Feb 2023 02:51:27 GMT
Date: Sun, 05 Feb 2023 23:50:07 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10880
Expires: Mon, 06 Feb 2023 02:51:27 GMT
Date: Sun, 05 Feb 2023 23:50:07 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10880
Expires: Mon, 06 Feb 2023 02:51:27 GMT
Date: Sun, 05 Feb 2023 23:50:07 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3288563a-8f6e-4597-833f-b5512e91e772.png
200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3288563a-8f6e-4597-833f-b5512e91e772.png
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a24cf7b2db6d65c3fe5daf78b3309ced
a3653a9a7baea412808dd91572ff21e1a505c26f
f55ee98bab5ce53d6acc1cac7f54f089b42d5f2ffbe750d869c4f4a7bc26f715
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3288563a-8f6e-4597-833f-b5512e91e772.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13230
x-amzn-requestid: 8171829a-cf6d-4c33-99a1-f3cef7cd4475
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiTH8GoAMFYLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-1597a0f06ef3db2534a101aa;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Nvfp0sEYw5bxnFHisq80WCXh6T-LdFlPqs95tyX2epjMfhM_hjUj0A==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:03 GMT
age: 7204
etag: "a3653a9a7baea412808dd91572ff21e1a505c26f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b3e78aa-f2de-4a48-82bf-952d0a22f875.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b3e78aa-f2de-4a48-82bf-952d0a22f875.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f0f48a44e1aece8d271028a7b0684cac
9f7247a3bb9248cd281c568ebba6e52b38b00149
0a34b5dc66f170403e79b2315a7cacef1703ce3777a20914525f86d46c0cd637
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b3e78aa-f2de-4a48-82bf-952d0a22f875.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11481
x-amzn-requestid: b50de2d1-c23b-4908-8fc3-e84eea0382a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiRFL-oAMFnSw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-0254cda141886e0f39e8f8b3;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KIJ6iTpVC0gVV6Q0dd_-ZTWkwm3q0vP52N3088Rd7O9pb8D39XfnBg==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:03 GMT
age: 7204
etag: "9f7247a3bb9248cd281c568ebba6e52b38b00149"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe482817c-a09c-4952-a819-3ff2f99810ae.jpeg
200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe482817c-a09c-4952-a819-3ff2f99810ae.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 336b665bfad04ec8ed14b01bbf17566d
92102d4c75d2c7efd8197be88e3cb467d2682190
1e21687a242c058a3b442909b168c5e706175b1e93e51cfce691c6f033f795d7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe482817c-a09c-4952-a819-3ff2f99810ae.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8039
x-amzn-requestid: b36a6062-0676-4abc-820c-959bc02810f5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4pkoECwIAMF4hQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e022ea-52faddc079b7107004e8cfea;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:43:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MOgI0aopvRaUSJ-YFH6QFNpGxhUNlpnLk7VeCeOsmcrGTUYIESN2Hg==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 22:04:24 GMT
age: 6343
etag: "92102d4c75d2c7efd8197be88e3cb467d2682190"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F028c7ce9-e4c6-4453-bc20-0c0fefbadfec.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F028c7ce9-e4c6-4453-bc20-0c0fefbadfec.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b08a4dc42d2e08b2b18c9545ce9a2fdb
b688557ebba4b3c987275761e9a1f5993ad3d8a5
641402fb9282208b33877e4812cb9392b035dba85fcb3a344a2a1072d5a69f28
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F028c7ce9-e4c6-4453-bc20-0c0fefbadfec.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11630
x-amzn-requestid: 3912e3f9-44a5-405c-9edb-d8409faa0b04
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4pkUHUoIAMFzcg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e022e8-03e547e96b085d9e29a1852b;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:43:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Vrf1axqufJTrf057F6nY_97NtiM_Wt0tZXpTGN42rvAOV7a4CPe1ig==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 22:12:02 GMT
age: 5885
etag: "b688557ebba4b3c987275761e9a1f5993ad3d8a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f49c6ce-40f8-40bf-9423-2de34118bace.jpeg
200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f49c6ce-40f8-40bf-9423-2de34118bace.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 714723c38877e0d1655c7118a88ec064
809a42ce7c76cea0ce16af8172d852723c3a5f02
6bad7253694d155de31a8f5a3c635545a39aac340ca49d1bc10efb6739d4a356
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f49c6ce-40f8-40bf-9423-2de34118bace.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8981
x-amzn-requestid: 0054e925-c381-4737-bd92-32b2af3a604e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiQHRFoAMFw6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-45ea5ee33d07326c593d21d3;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ixAMZh_xOYWVESJ0jOEPOXZ4GQBDUZZsh26yEDYfl8APcBF2x2sZYg==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:03 GMT
age: 7204
etag: "809a42ce7c76cea0ce16af8172d852723c3a5f02"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7158f70-9e7b-4725-8249-e7061700f1ee.webp
200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7158f70-9e7b-4725-8249-e7061700f1ee.webp
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cb0dab387816c4b691190ec83c2f0f06
9c56d516ae0178b5b0d8bbf2b16e2e7fbe25e358
6655307747227d7905f0eca1aaefda6147e4ae443fb9fb20cdb6a336aaab5b67
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc7158f70-9e7b-4725-8249-e7061700f1ee.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8528
x-amzn-requestid: b799da5b-d52a-4d83-bdd4-9582d39d6c5e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fwCmAFYgIAMFjvQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dcb159-77235f642e8a0bdb07414dcb;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 07:01:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: EN4Mi_2U_eISge5bd6JQgkg6rGJcB2cQAyhKHOZO-g_Arj6kofRo6g==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 07:26:08 GMT
age: 59039
etag: "9c56d516ae0178b5b0d8bbf2b16e2e7fbe25e358"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
hgashfoundation.org/widgt/8c80dfaf63180ce46/
200 OK 0 B URL HTTP/2 hgashfoundation.org/widgt/8c80dfaf63180ce46/
IP
Analyzer Verdict Alert fortinet Phishing
GET /widgt/8c80dfaf63180ce46/ HTTP/1.1
Host: hgashfoundation.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
x-powered-by: PHP/7.0.33
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding
set-cookie: PHPSESSID=f9so1m0pjuvts8aftsu7msg297; path=/
content-type: text/html; charset=UTF-8
date: Sun, 05 Feb 2023 23:50:04 GMT
server: Apache
X-Firefox-Spdy: h2
hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/otBannerSdk.js
200 OK 0 B URL HTTP/2 hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/otBannerSdk.js
IP
Analyzer Verdict Alert fortinet Phishing
GET /widgt/8c80dfaf63180ce46/index_files/otBannerSdk.js HTTP/1.1
Host: hgashfoundation.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hgashfoundation.org/widgt/8c80dfaf63180ce46/
Cookie: PHPSESSID=f9so1m0pjuvts8aftsu7msg297
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 04 Feb 2023 21:00:16 GMT
accept-ranges: bytes
cache-control: public, must-revalidate, proxy-revalidate
expires: Tue, 07 Mar 2023 23:50:05 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-type: application/x-javascript
date: Sun, 05 Feb 2023 23:50:05 GMT
server: Apache
X-Firefox-Spdy: h2
hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/pubads_impl_2022071401.js
200 OK 0 B URL HTTP/2 hgashfoundation.org/widgt/8c80dfaf63180ce46/index_files/pubads_impl_2022071401.js
IP
Analyzer Verdict Alert fortinet Phishing
GET /widgt/8c80dfaf63180ce46/index_files/pubads_impl_2022071401.js HTTP/1.1
Host: hgashfoundation.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hgashfoundation.org/widgt/8c80dfaf63180ce46/
Cookie: PHPSESSID=f9so1m0pjuvts8aftsu7msg297
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 04 Feb 2023 21:00:16 GMT
accept-ranges: bytes
cache-control: public, must-revalidate, proxy-revalidate
expires: Tue, 07 Mar 2023 23:50:05 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
content-type: application/x-javascript
date: Sun, 05 Feb 2023 23:50:05 GMT
server: Apache
X-Firefox-Spdy: h2
hgashfoundation.org/favicon.ico
200 OK 0 B URL HTTP/2 hgashfoundation.org/favicon.ico
IP
GET /favicon.ico HTTP/1.1
Host: hgashfoundation.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hgashfoundation.org/widgt/8c80dfaf63180ce46/
Cookie: PHPSESSID=f9so1m0pjuvts8aftsu7msg297; lux_uid=167564104868559056
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-powered-by: PHP/7.0.33
content-encoding: gzip
vary: Accept-Encoding
cache-control: max-age=3600
expires: Mon, 06 Feb 2023 00:50:05 GMT
content-type: text/html; charset=UTF-8
date: Sun, 05 Feb 2023 23:50:05 GMT
server: Apache
X-Firefox-Spdy: h2
72.52.217.213
2.18.172.60
162.19.58.159
52.29.111.168
0.0.0.0