104.248.198.151/f/xs.x86
200 10 kB IP
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (43281)
Hash 4e37d731be022cdc3e4fb3d8867d6f67
7e3f1d2cf64037ba0da3bf8f5b94eeb72cad2185
f0505ee0689ebda4bdf559b48804d22c6c8ce0869d79a6366cee8674fb7f886b
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
NIDS Severity Alert suricata medium ET INFO x86 File Download Request from IP Address
suricata medium ET HUNTING Suspicious GET Request for .x86
GET /f/xs.x86 HTTP/1.1
Host: 104.248.198.151
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 25 Mar 2023 08:54:19 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Vary: Accept-Encoding
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5d9435c884bf4a0777fdf4b57079ae09
7f04b9db47ffeec90ac6397416b7553e5336a550
fe77420ec3a11f547cf5172b68d30faa4fe0c13165ae305f0013b02914e61084
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FE77420EC3A11F547CF5172B68D30FAA4FE0C13165AE305F0013B02914E61084"
Last-Modified: Sat, 25 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5508
Expires: Sat, 25 Mar 2023 10:26:08 GMT
Date: Sat, 25 Mar 2023 08:54:20 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dfd491ebe7381221b3674c2c8bf9e566
d2ac5badf17f348c28a52e9db10e6eb80e5a231a
34a026664386054b0b73c36cd1ddfce023551ee41963df0e38248bac1e1eb56c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "34A026664386054B0B73C36CD1DDFCE023551EE41963DF0E38248BAC1E1EB56C"
Last-Modified: Fri, 24 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7552
Expires: Sat, 25 Mar 2023 11:00:12 GMT
Date: Sat, 25 Mar 2023 08:54:20 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Alert, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 25 Mar 2023 08:15:22 GMT
content-type: application/json
age: 2338
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dc2752d83fbed82852248898a132467a
b27a6b4af2e07663a58cafb641513f7224c7a7c3
ea7838393d83805a7b8a2b01bd09e4423617c4da285b983a11e9ba36266810d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EA7838393D83805A7B8A2B01BD09E4423617C4DA285B983A11E9BA36266810D5"
Last-Modified: Wed, 22 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14537
Expires: Sat, 25 Mar 2023 12:56:37 GMT
Date: Sat, 25 Mar 2023 08:54:20 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: mDodzdQVdRBIOwyOolaLUMHB/f7XnfZ8FROPZ72pjAgkvKtPz+J+h8wISod1IHSw+lwb7W/R0Bpoaos5KsXZnw==
x-amz-request-id: SAE4C4J5ARMTBW7E
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 25 Mar 2023 08:00:42 GMT
age: 3218
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
104.248.198.151/js/vendors-main.m.d184ed05.chunk.js
200 6.0 kB URL HTTP/1.1 104.248.198.151/js/vendors-main.m.d184ed05.chunk.js
IP
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (19748)
Hash 353aa07ab75f8003f39ab11bbd1b7c9e
af3badcf2125977484f816dcd70b40e6cebf528f
ecc6d6e389eb715ba973d112bf919537d4b4acc547e2a4cc900806a05b76cf81
Analyzer Verdict Alert quad9 Sinkholed
GET /js/vendors-main.m.d184ed05.chunk.js HTTP/1.1
Host: 104.248.198.151
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://104.248.198.151/f/xs.x86
HTTP/1.1 200
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 25 Mar 2023 08:54:20 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: max-age=31536000
Accept-Ranges: bytes
ETag: W/"19806-1605082808000"
Last-Modified: Wed, 11 Nov 2020 08:20:08 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
104.248.198.151/js/main.m.6f69b5a0.js
200 11 kB URL HTTP/1.1 104.248.198.151/js/main.m.6f69b5a0.js
IP
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (28285)
Hash 127d7be464cb45c11e3f1ac00129052f
08368e4a3e49e5d3c19579984d78e18a4070d8b1
3f4fb9162f5c7a96f6718cf1141cfc500c825abdd81df546646168abe6056c3a
Analyzer Verdict Alert quad9 Sinkholed
GET /js/main.m.6f69b5a0.js HTTP/1.1
Host: 104.248.198.151
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://104.248.198.151/f/xs.x86
HTTP/1.1 200
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 25 Mar 2023 08:54:20 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: max-age=31536000
Accept-Ranges: bytes
ETag: W/"28329-1605082808000"
Last-Modified: Wed, 11 Nov 2020 08:20:08 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Mar 2023 08:54:20 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
104.248.198.151/api/users/current
401 0 B URL HTTP/1.1 104.248.198.151/api/users/current
IP
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /api/users/current HTTP/1.1
Host: 104.248.198.151
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://104.248.198.151/f/xs.x86
Connection: keep-alive
HTTP/1.1 401
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 25 Mar 2023 08:54:20 GMT
Content-Length: 0
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
104.248.198.151/api/l10n/index?locale=en-US
200 50 kB URL HTTP/1.1 104.248.198.151/api/l10n/index?locale=en-US
IP
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Hash 10cc882196fccab20bad7f9be46dc34e
5a6bea5d58ac24b3385705948ad77bb3455dbea1
d1d0df6643eed17029b598c14fc3799cfbf22228cdfd30a5de0027e59e5990cf
Analyzer Verdict Alert quad9 Sinkholed
GET /api/l10n/index?locale=en-US HTTP/1.1
Host: 104.248.198.151
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://104.248.198.151/f/xs.x86
Connection: keep-alive
HTTP/1.1 200
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 25 Mar 2023 08:54:20 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, must-revalidate
Sonar-Version: 7.9.5.38598
Content-Encoding: gzip
Vary: Accept-Encoding
104.248.198.151/api/navigation/global
401 0 B URL HTTP/1.1 104.248.198.151/api/navigation/global
IP
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /api/navigation/global HTTP/1.1
Host: 104.248.198.151
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://104.248.198.151/f/xs.x86
Connection: keep-alive
HTTP/1.1 401
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 25 Mar 2023 08:54:20 GMT
Content-Length: 0
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
104.248.198.151/js/17.m.7c19ad00.chunk.js
200 13 kB URL HTTP/1.1 104.248.198.151/js/17.m.7c19ad00.chunk.js
IP
ASN #14061 DIGITALOCEAN-ASN
Hash 0a8752041abf0421db227b2ff66585c9
7fccfb611898287650d07a849c0e492f33ff0573
87d8f241343fe0bddf3613ea48578639ce77298943c4c6b8e64e157448143e07
Analyzer Verdict Alert quad9 Sinkholed
GET /js/17.m.7c19ad00.chunk.js HTTP/1.1
Host: 104.248.198.151
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://104.248.198.151/f/xs.x86
HTTP/1.1 200
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 25 Mar 2023 08:54:20 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: max-age=31536000
Accept-Ranges: bytes
ETag: W/"47505-1605082808000"
Last-Modified: Wed, 11 Nov 2020 08:20:08 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
104.248.198.151/js/9.m.437592dd.chunk.js
200 18 kB URL HTTP/1.1 104.248.198.151/js/9.m.437592dd.chunk.js
IP
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (34594)
Hash 21fb7b1a51bb02234d9a75f6e5af6387
a211e40fbb790f4fa0de87400a3cad7d1006130e
1d7874d0257bd116e1418c1941928e601c3637aecb50bc9a41bdb733cbbb1f0a
Analyzer Verdict Alert quad9 Sinkholed
GET /js/9.m.437592dd.chunk.js HTTP/1.1
Host: 104.248.198.151
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://104.248.198.151/f/xs.x86
HTTP/1.1 200
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 25 Mar 2023 08:54:20 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: max-age=31536000
Accept-Ranges: bytes
ETag: W/"59416-1605082808000"
Last-Modified: Wed, 11 Nov 2020 08:20:08 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
104.248.198.151/sessions/new?return_to=%2Ff%2Fxs.x86
200 10 kB URL HTTP/1.1 104.248.198.151/sessions/new?return_to=%2Ff%2Fxs.x86
IP
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (43281)
Hash 4e37d731be022cdc3e4fb3d8867d6f67
7e3f1d2cf64037ba0da3bf8f5b94eeb72cad2185
f0505ee0689ebda4bdf559b48804d22c6c8ce0869d79a6366cee8674fb7f886b
Analyzer Verdict Alert quad9 Sinkholed
NIDS Severity Alert suricata medium ET INFO x86 File Download Request from IP Address
GET /sessions/new?return_to=%2Ff%2Fxs.x86 HTTP/1.1
Host: 104.248.198.151
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://104.248.198.151/f/xs.x86
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 25 Mar 2023 08:54:20 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Vary: Accept-Encoding
104.248.198.151/api/l10n/index?locale=en-US&ts=2023-03-25T08%3A54%3A33%2B0000
304 0 B URL HTTP/1.1 104.248.198.151/api/l10n/index?locale=en-US&ts=2023-03-25T08%3A54%3A33%2B0000
IP
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /api/l10n/index?locale=en-US&ts=2023-03-25T08%3A54%3A33%2B0000 HTTP/1.1
Host: 104.248.198.151
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://104.248.198.151/sessions/new?return_to=%2Ff%2Fxs.x86
Connection: keep-alive
HTTP/1.1 304
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 25 Mar 2023 08:54:20 GMT
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, must-revalidate
Sonar-Version: 7.9.5.38598
104.248.198.151/api/navigation/global
401 0 B URL HTTP/1.1 104.248.198.151/api/navigation/global
IP
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /api/navigation/global HTTP/1.1
Host: 104.248.198.151
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://104.248.198.151/sessions/new?return_to=%2Ff%2Fxs.x86
Connection: keep-alive
HTTP/1.1 401
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 25 Mar 2023 08:54:20 GMT
Content-Length: 0
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
104.248.198.151/js/app.m.3ee455d5.chunk.js
200 47 kB URL HTTP/1.1 104.248.198.151/js/app.m.3ee455d5.chunk.js
IP
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (65536), with no line terminators
Hash de37f25ca046a0e68790c7e74999dcbe
252de6699ba49ea6db56058440a1c5637833cf55
d3a4754f99af4b468997f258f10586d11be1df4fd27cbd88ac7bbc64925e426f
Analyzer Verdict Alert quad9 Sinkholed
GET /js/app.m.3ee455d5.chunk.js HTTP/1.1
Host: 104.248.198.151
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://104.248.198.151/sessions/new?return_to=%2Ff%2Fxs.x86
HTTP/1.1 200
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 25 Mar 2023 08:54:20 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: max-age=31536000
Accept-Ranges: bytes
ETag: W/"188922-1605082808000"
Last-Modified: Wed, 11 Nov 2020 08:20:08 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
104.248.198.151/favicon.ico
200 5.4 kB URL HTTP/1.1 104.248.198.151/favicon.ico
IP
ASN #14061 DIGITALOCEAN-ASN
File type MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash b4e4785d5852c563b9ae47cbb7af06fe
b9a7a5180304bf8af55cce900012010239c1dd80
0cb0b90207b376931f9a8fa5d518f6b1ea2ecf6b0d67d634ae01a38ecb8ad8b5
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 104.248.198.151
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://104.248.198.151/sessions/new?return_to=%2Ff%2Fxs.x86
HTTP/1.1 200
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 25 Mar 2023 08:54:20 GMT
Content-Type: image/x-icon
Content-Length: 5430
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
ETag: W/"5430-1605082808000"
Last-Modified: Wed, 11 Nov 2020 08:20:08 GMT
104.248.198.151/apple-touch-icon-180x180.png
200 6.1 kB URL HTTP/1.1 104.248.198.151/apple-touch-icon-180x180.png
IP
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash 47204bd1431a1a73ef2525bfa5509fdc
8f98e730f717699b376ed5ceb6843eb77d2b0167
040bb39fa16f1bc88f01a26d1a471de74027b2d7a00035bf638b2dbf7755974d
Analyzer Verdict Alert quad9 Sinkholed
GET /apple-touch-icon-180x180.png HTTP/1.1
Host: 104.248.198.151
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://104.248.198.151/sessions/new?return_to=%2Ff%2Fxs.x86
HTTP/1.1 200
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 25 Mar 2023 08:54:20 GMT
Content-Type: image/png
Content-Length: 6087
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
ETag: W/"6087-1605082808000"
Last-Modified: Wed, 11 Nov 2020 08:20:08 GMT
104.248.198.151/js/vendors-app.m.b88ebad0.chunk.js
200 329 B URL HTTP/1.1 104.248.198.151/js/vendors-app.m.b88ebad0.chunk.js
IP
ASN #14061 DIGITALOCEAN-ASN
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
Analyzer Verdict Alert quad9 Sinkholed
GET /js/vendors-app.m.b88ebad0.chunk.js HTTP/1.1
Host: 104.248.198.151
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://104.248.198.151/sessions/new?return_to=%2Ff%2Fxs.x86
HTTP/1.1 200
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 25 Mar 2023 08:54:20 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: max-age=31536000
Accept-Ranges: bytes
ETag: W/"165141-1605082808000"
Last-Modified: Wed, 11 Nov 2020 08:20:08 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
104.248.198.151/js/369.m.d59054c6.chunk.js
200 561 B URL HTTP/1.1 104.248.198.151/js/369.m.d59054c6.chunk.js
IP
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (512)
Hash 7fac243e44988db163177060e7411591
7108d1c2bdaa91383903e1e79d23e12a2df57857
93fc935ddce94381d7b08c22f956b69b367539c7f9ec5cf7ef4b8318c829116f
Analyzer Verdict Alert quad9 Sinkholed
GET /js/369.m.d59054c6.chunk.js HTTP/1.1
Host: 104.248.198.151
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://104.248.198.151/sessions/new?return_to=%2Ff%2Fxs.x86
HTTP/1.1 200
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 25 Mar 2023 08:54:20 GMT
Content-Type: application/javascript
Content-Length: 561
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: max-age=31536000
Accept-Ranges: bytes
ETag: W/"561-1605082808000"
Last-Modified: Wed, 11 Nov 2020 08:20:08 GMT
104.248.198.151/js/21.m.1264acfc.chunk.js
200 1.1 kB URL HTTP/1.1 104.248.198.151/js/21.m.1264acfc.chunk.js
IP
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (2205)
Hash b8a74baf9f0938feed452e83535cf9d5
f067b3715c06d671ffddc15f86dadde1124c83d0
e99b758f54c1b8b0d161b098dd1aac940a33c53ac559e2fce3f9a1e759bfa4a2
Analyzer Verdict Alert quad9 Sinkholed
GET /js/21.m.1264acfc.chunk.js HTTP/1.1
Host: 104.248.198.151
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://104.248.198.151/sessions/new?return_to=%2Ff%2Fxs.x86
HTTP/1.1 200
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 25 Mar 2023 08:54:20 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: max-age=31536000
Accept-Ranges: bytes
ETag: W/"2253-1605082808000"
Last-Modified: Wed, 11 Nov 2020 08:20:08 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
104.248.198.151/js/304.m.64d672ef.chunk.js
200 3.1 kB URL HTTP/1.1 104.248.198.151/js/304.m.64d672ef.chunk.js
IP
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (10155)
Hash a1b1015267fe5b248707e3536fe83202
47b112b1b93807719f1ff1a7e2f1727ee4a3c534
3f721d6b76ebcd57589684aceca8d9996f3ee302a471d8755f293b64c02c8fc8
Analyzer Verdict Alert quad9 Sinkholed
GET /js/304.m.64d672ef.chunk.js HTTP/1.1
Host: 104.248.198.151
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://104.248.198.151/sessions/new?return_to=%2Ff%2Fxs.x86
HTTP/1.1 200
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 25 Mar 2023 08:54:20 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: max-age=31536000
Accept-Ranges: bytes
ETag: W/"10204-1605082808000"
Last-Modified: Wed, 11 Nov 2020 08:20:08 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
104.248.198.151/js/0.m.5f1f98f2.chunk.js
200 6.0 kB URL HTTP/1.1 104.248.198.151/js/0.m.5f1f98f2.chunk.js
IP
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (17170)
Hash 487a99c96e1d753bb9b22669b9b0cbff
f063ce08faaad0703234091e1567040ea4c166e9
ec7d1a65c6bcc0658deebc73f945dc48e617a7effcb47f44afc44e7b421a8ebb
Analyzer Verdict Alert quad9 Sinkholed
GET /js/0.m.5f1f98f2.chunk.js HTTP/1.1
Host: 104.248.198.151
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://104.248.198.151/sessions/new?return_to=%2Ff%2Fxs.x86
HTTP/1.1 200
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 25 Mar 2023 08:54:20 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: max-age=31536000
Accept-Ranges: bytes
ETag: W/"18895-1605082808000"
Last-Modified: Wed, 11 Nov 2020 08:20:08 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
104.248.198.151/api/users/identity_providers
200 24 B URL HTTP/1.1 104.248.198.151/api/users/identity_providers
IP
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with no line terminators
Hash f6771007e68c1504df1f503964c8f6d5
a021d30aa08ed4bbc01c28eb2414b6aae7b7df81
757bb747ba269253666a63bb8bf42b5711e8c5af8f7e03b17b1a1888e3e74e91
Analyzer Verdict Alert quad9 Sinkholed
GET /api/users/identity_providers HTTP/1.1
Host: 104.248.198.151
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://104.248.198.151/sessions/new?return_to=%2Ff%2Fxs.x86
Connection: keep-alive
HTTP/1.1 200
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 25 Mar 2023 08:54:20 GMT
Content-Type: application/json
Content-Length: 24
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, must-revalidate
Sonar-Version: 7.9.5.38598
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 717ebcc65cb1390c2509851bac7b5878
1e04e3058329f3809bc01022d441172dcacc1aaa
3c8d41efe14dc75e001ce50aae65e133d90bcb2e2f86b2426cefe7abe4c7b588
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3C8D41EFE14DC75E001CE50AAE65E133D90BCB2E2F86B2426CEFE7ABE4C7B588"
Last-Modified: Fri, 24 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10651
Expires: Sat, 25 Mar 2023 11:51:51 GMT
Date: Sat, 25 Mar 2023 08:54:20 GMT
Connection: keep-alive
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: a9iNOjkVu3Si8XcAclVOzg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 1SuucRL8DrHAkxWlGdUHJmyiie4=
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6729
Expires: Sat, 25 Mar 2023 10:46:31 GMT
Date: Sat, 25 Mar 2023 08:54:22 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash b62c9b9530dd66bb7f03ba2ce3d835da
bf8560766de78dd925e395f59610ab2f1335e565
62a45c1bedd4241448ab43b535518e423b0500901328b3a0b984d758c9b0540d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62A45C1BEDD4241448AB43B535518E423B0500901328B3A0B984D758C9B0540D"
Last-Modified: Fri, 24 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6729
Expires: Sat, 25 Mar 2023 10:46:31 GMT
Date: Sat, 25 Mar 2023 08:54:22 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6f9abe8-74dc-41f6-984c-4a9e53a6198a.jpeg
200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6f9abe8-74dc-41f6-984c-4a9e53a6198a.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dd191e3a122d6e31f81e6e9d434c58d6
aec88022970c93289434f8097e4a663da33e5271
1f00c901ef479637ec703d7924526a970cb13dd2635b2bbb68b285df9d98e011
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe6f9abe8-74dc-41f6-984c-4a9e53a6198a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6185
x-amzn-requestid: 223de50b-9a7e-4ac7-9305-336658eec4ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTiwYHoLoAMFXtg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e1802-226bd8524ade75234053ff50;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:37:06 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Ye0ADORg1hFVLxcNVj-qS60tlfguOEtyTx_XFU4ooJOcDHqNsqV3kw==
via: 1.1 3698a5f586d9ecca74d570e41f4c8516.cloudfront.net (CloudFront), 1.1 1ec2938341958d70d56193d709c89dee.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:57:14 GMT
age: 39428
etag: "aec88022970c93289434f8097e4a663da33e5271"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg
200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c831201ad81f55c63c1b101ce854a810
0e9b952f6489f0a5f4862d3bea2fbe0ecdd379e5
c854489720d2ca4a95eef00addda0fcdaf481402d044df7725282654a97eb54a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5556
x-amzn-requestid: 6b050645-14aa-47f7-b4a5-2e27abbe5115
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM69eHE3IAMF0Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b71ef-6ab2948e2bf2578f29798372;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:23:59 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: ZQcPeutl5BzzzysPzWEzrEY8WU-0F-0twvGPT7RAX-UjNOCk3NtmMQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 27a84054de24e45f952ea4056a821764.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 05:35:57 GMT
age: 11905
etag: "0e9b952f6489f0a5f4862d3bea2fbe0ecdd379e5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca67e232-d39a-48ac-a0be-316741df0c53.jpeg
200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca67e232-d39a-48ac-a0be-316741df0c53.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aecd210f66f83c73c3450d047ae7448a
d68861e96e12e8a3f293dbae8b687f05b6e15afb
22b69c41c56e5538d91f824d5dc2e63ab5563f99ae8e429c9166f4b397cacd0e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca67e232-d39a-48ac-a0be-316741df0c53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5296
x-amzn-requestid: 11fdf0c8-244c-4cd5-bfa7-4c77d777174f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTiuzEqkIAMFXOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e17f8-5c241d63598dbf595b54ead5;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:36:56 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: b1KWFmKdRQ4DU0v5JmC7AJatpv2B5FAHKVWL7pFiyh13fqYDA5qydA==
via: 1.1 b5695e36d7fbc522ece27885d73757ae.cloudfront.net (CloudFront), 1.1 deaaf0548506de20925615eb51a7ea7e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:57:13 GMT
age: 39429
etag: "d68861e96e12e8a3f293dbae8b687f05b6e15afb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee780ea6-5b5e-419f-916d-42d0f5e1912a.jpeg
200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee780ea6-5b5e-419f-916d-42d0f5e1912a.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c7950abafdbc9bbc363ac4cd490f864f
d1356ae16dd758eb699eb62402122d4fb2f307c9
7e98a04cefe4e21aafdf261d0e819352c515695cb9250a64e316c0a5cafc143d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee780ea6-5b5e-419f-916d-42d0f5e1912a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9196
x-amzn-requestid: a63eade0-457b-48f3-bfdc-50d4f6a97363
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CK89kGECIAMFdpg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641aa856-5ce23570768e4a753ee47cf5;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 07:03:50 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Z76yj2_GJNtlI2FJQzYffZaBxC9LnaOg0quPYrSSA5LlLfUyDJoZ-g==
via: 1.1 5502255f9557c1e2c098b94110b6151c.cloudfront.net (CloudFront), 1.1 6a6653dfb47ccc5082f2a5b9d0d168ce.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Mar 2023 07:24:43 GMT
age: 5379
etag: "d1356ae16dd758eb699eb62402122d4fb2f307c9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af2ab94-b5c3-4517-b9d7-97ddb369f62d.jpeg
200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af2ab94-b5c3-4517-b9d7-97ddb369f62d.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5773974a7341690f006b052ad02c94db
1b11316c952e2195da1646dd94671669e7e3bc2b
a06b72138745500cacc919fea29536ebd4188a1c483f6123e3402458e299f16a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af2ab94-b5c3-4517-b9d7-97ddb369f62d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7800
x-amzn-requestid: bad99b1e-3923-4de9-8bea-4dd04e96f7cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTigfFGcIAMFdBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e179c-0826b92d4c4af16553503600;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:35:24 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 9AGLmjvUSTKIsYIWECOR8QwdF4PP1tP1TweUm0VYvxQ0qskqj3YuLA==
via: 1.1 3698a5f586d9ecca74d570e41f4c8516.cloudfront.net (CloudFront), 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:43:53 GMT
age: 40229
etag: "1b11316c952e2195da1646dd94671669e7e3bc2b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdaf1038f-e1d8-41a0-a039-85a85d278271.jpeg
200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdaf1038f-e1d8-41a0-a039-85a85d278271.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 02e0767e0c72d95e30337ad42f5d15b3
79aa21ca35c9d98ea7d0713d219e9b67083bdc05
7991a0c4d409cca49259cb626d0de39684635f14fad72e074b303235026673a9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdaf1038f-e1d8-41a0-a039-85a85d278271.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6511
x-amzn-requestid: 38d33f4d-2b85-4666-b778-04f4b4dfdf10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CTihSFIdIAMFRjA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641e17a1-036a28e75189d05209396933;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 21:35:29 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: eYAgUDZFGkaskq0A77VgX54hvvjtQtClrFyED3COkankS76uD7hTAQ==
via: 1.1 53ee82a7eb57de316cba44c26680b4a6.cloudfront.net (CloudFront), 1.1 1ec2938341958d70d56193d709c89dee.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Mar 2023 21:43:52 GMT
age: 40230
etag: "79aa21ca35c9d98ea7d0713d219e9b67083bdc05"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
104.248.198.151/js/vendors-app.m.b88ebad0.chunk.js
200 0 B URL HTTP/1.1 104.248.198.151/js/vendors-app.m.b88ebad0.chunk.js
IP
ASN #14061 DIGITALOCEAN-ASN
Analyzer Verdict Alert quad9 Sinkholed
GET /js/vendors-app.m.b88ebad0.chunk.js HTTP/1.1
Host: 104.248.198.151
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://104.248.198.151/f/xs.x86
HTTP/1.1 200
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 25 Mar 2023 08:54:20 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: max-age=31536000
Accept-Ranges: bytes
ETag: W/"165141-1605082808000"
Last-Modified: Wed, 11 Nov 2020 08:20:08 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
104.248.198.151/js/app.m.3ee455d5.chunk.js
200 0 B URL HTTP/1.1 104.248.198.151/js/app.m.3ee455d5.chunk.js
IP
ASN #14061 DIGITALOCEAN-ASN
Analyzer Verdict Alert quad9 Sinkholed
GET /js/app.m.3ee455d5.chunk.js HTTP/1.1
Host: 104.248.198.151
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://104.248.198.151/f/xs.x86
HTTP/1.1 200
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 25 Mar 2023 08:54:20 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Cache-Control: max-age=31536000
Accept-Ranges: bytes
ETag: W/"188922-1605082808000"
Last-Modified: Wed, 11 Nov 2020 08:20:08 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
104.248.198.151
23.36.76.226
35.241.9.150