r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1456357aecbd23f21ad98da57e0127eb
7074815b39fa8da9013883971d665e4c1b0797ea
f3eba265ee64870b2f822f1511b36c747d763c382557789cdad8be1d3b52d1f5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F3EBA265EE64870B2F822F1511B36C747D763C382557789CDAD8BE1D3B52D1F5"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10153
Expires: Wed, 23 Nov 2022 08:53:30 GMT
Date: Wed, 23 Nov 2022 06:04:17 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b59d95402dfb464c176610284ba13f65
1a6c62fb0d48654dd204b66161bb03fefe60f71a
40cfd59b890ec5a3570603d28d90bd7e5c506babd52c2ece93e09f1c7b2a6880
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6456
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 06:04:17 GMT
Last-Modified: Wed, 23 Nov 2022 04:16:41 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
1dcu-0rg-ver1fy.tk/otp.html
146.190.53.99200 OK 30 kB URL HTTP/1.1 1dcu-0rg-ver1fy.tk/otp.html
IP 146.190.53.99:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2737), with CRLF line terminators
Hash 12f3e57b7e64e987f3fc91ce9c80d517
04d8c98c5c7bf842cc11ac155232af42fe01fd95
3ce9a13e1b6f80ba1b1ff55289fcc09634e1f7d60a89ff46da0cbf63992027c5
Analyzer Verdict Alert fortinet Phishing
GET /otp.html HTTP/1.1
Host: 1dcu-0rg-ver1fy.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Wed, 23 Nov 2022 06:04:17 GMT
Server: Apache
Last-Modified: Tue, 23 Aug 2022 11:48:06 GMT
Accept-Ranges: bytes
Content-Length: 29728
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 054ff0d1a0a43f7cb1d78dbd34e27f99
3caf54f3de1d6a8c6f6454083f8b8e7dec77db54
fcdcef8306ae31f20c366489e1f88aa40b08f154d25d45f4055c4f8cdef47634
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FCDCEF8306AE31F20C366489E1F88AA40B08F154D25D45F4055C4F8CDEF47634"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6099
Expires: Wed, 23 Nov 2022 07:45:56 GMT
Date: Wed, 23 Nov 2022 06:04:17 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 23 Nov 2022 05:17:07 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2830
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 23 Nov 2022 06:04:17 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: rUE0Sl8zGN5IJACJNMWCrmeqBbhygqEuhLAMAyyZC/FmQMzNL4hV1d8oFBz2daSowDOZMas7hps=
x-amz-request-id: CKR72NZFHES2A752
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 23 Nov 2022 05:39:53 GMT
age: 1464
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
assets.adobedtm.com/c710ed4af822/4edff89d26dd/launch-1574d0b03693.min.js
23.38.200.237200 OK 74 kB URL HTTP/2 assets.adobedtm.com/c710ed4af822/4edff89d26dd/launch-1574d0b03693.min.js
IP 23.38.200.237:0
File type ASCII text, with very long lines (32768)
Hash c8e5e4603713b2afef04641fbdaadcf8
ba70173dec1981bb9419e44373987917c15512e8
3beb4f3ae29074fd5cfbd0c211659e3fe7499219b644bef22f79e4898cf92427
GET /c710ed4af822/4edff89d26dd/launch-1574d0b03693.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "97a1294fe9ebfd08669e214fcc839024:1658495611.885198"
last-modified: Fri, 22 Jul 2022 13:13:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 73977
cache-control: max-age=3600
expires: Wed, 23 Nov 2022 07:04:17 GMT
date: Wed, 23 Nov 2022 06:04:17 GMT
access-control-allow-origin: http://1dcu-0rg-ver1fy.tk
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
23.38.200.237200 OK 12 kB URL HTTP/2 assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
IP 23.38.200.237:0
File type ASCII text, with very long lines (32768)
Hash e616df092766c7ab7904619f971a35cc
a960429c42802a43e3ce728fc4d1e8bdab10e606
082ae7647bfdb639846791e5c0ca39b96544dff3aed0c365973c9589cd5b091e
GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 12163
expires: Wed, 23 Nov 2022 07:04:17 GMT
date: Wed, 23 Nov 2022 06:04:17 GMT
cache-control: no-cache
access-control-allow-origin: http://1dcu-0rg-ver1fy.tk
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js
23.38.200.237200 OK 1.6 kB URL HTTP/2 assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js
IP 23.38.200.237:0
File type ASCII text, with very long lines (3155)
Hash e672de61b277fc72de4299829bfbb31c
157a7409922d58a02dad3ba879d04eb2a3ef8f3d
e1a1c2a6f2ed4ffb63ebfda157eaf12c6ee3973be4da649eb63e0402c0d29215
GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 1597
expires: Wed, 23 Nov 2022 07:04:17 GMT
date: Wed, 23 Nov 2022 06:04:17 GMT
cache-control: no-cache
access-control-allow-origin: http://1dcu-0rg-ver1fy.tk
timing-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 8c2defc78644e325a099df277a2415e7
1c80c7bf5d54fa97d14538cb0445c9b35df6735e
370359185bed26aafe6e53811b1d60aebb59f015364820200388ade0391f0828
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6280
Cache-Control: max-age=161993
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 06:04:17 GMT
Etag: "637d7522-1d7"
Expires: Fri, 25 Nov 2022 03:04:10 GMT
Last-Modified: Wed, 23 Nov 2022 01:19:30 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 250c38ab40f8f7dfc87403e5af7cc294
928a6a87b523fa9b1fecd43ebdfcb8c5e0e704f5
8b5d5b32f274563352e5109f4434c99e77ca3ff2e7ca30830976024b67ca09b9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5796
Cache-Control: max-age=120410
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 06:04:17 GMT
Etag: "637cd498-1d7"
Expires: Thu, 24 Nov 2022 15:31:07 GMT
Last-Modified: Tue, 22 Nov 2022 13:54:32 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
1dcu-0rg-ver1fy.tk/js/config.js
146.190.53.99404 Not Found 315 B URL HTTP/1.1 1dcu-0rg-ver1fy.tk/js/config.js
IP 146.190.53.99:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /js/config.js HTTP/1.1
Host: 1dcu-0rg-ver1fy.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/otp.html
HTTP/1.1 404 Not Found
Date: Wed, 23 Nov 2022 06:04:17 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 250c38ab40f8f7dfc87403e5af7cc294
928a6a87b523fa9b1fecd43ebdfcb8c5e0e704f5
8b5d5b32f274563352e5109f4434c99e77ca3ff2e7ca30830976024b67ca09b9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5796
Cache-Control: max-age=120410
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 06:04:17 GMT
Etag: "637cd498-1d7"
Expires: Thu, 24 Nov 2022 15:31:07 GMT
Last-Modified: Tue, 22 Nov 2022 13:54:32 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
1dcu-0rg-ver1fy.tk/js/loader_only.js
146.190.53.99404 Not Found 315 B URL HTTP/1.1 1dcu-0rg-ver1fy.tk/js/loader_only.js
IP 146.190.53.99:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /js/loader_only.js HTTP/1.1
Host: 1dcu-0rg-ver1fy.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/otp.html
HTTP/1.1 404 Not Found
Date: Wed, 23 Nov 2022 06:04:17 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3112f83b1f76e35638243c821aa871ff
b3d5154ecef5ba83518e5eb210ced6441ec98f8a
410560011ff7047a822ad2abf8d6127f79204000979bbffe7469636880731bc8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=87267
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 06:04:17 GMT
Etag: "637c69c4-1d7"
Expires: Thu, 24 Nov 2022 06:18:44 GMT
Last-Modified: Tue, 22 Nov 2022 06:18:44 GMT
Server: nginx
Content-Length: 471
mpsnare.iesnare.com/general5/wdp.js?loaderVer=5.2.2&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false
54.195.39.4200 OK 19 kB URL HTTP/1.1 mpsnare.iesnare.com/general5/wdp.js?loaderVer=5.2.2&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false
IP 54.195.39.4:0
File type ASCII text, with very long lines (1056)
Hash 94b9932603ac621ed9ac45a0fa9a86c9
94cab0acf9c618f81aed696f977ee150b0197654
c1f82b5e19d93d63d1ebb696afcfa7d847b47d7ad5320533d2e35b4ca3068be3
GET /general5/wdp.js?loaderVer=5.2.2&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false HTTP/1.1
Host: mpsnare.iesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 06:04:17 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: io_token_7c6a6574-f011-4c9a-abdd-9894a102ccef=naoyG3d5CM8ATVw72KNLY3TLL8m968EBds6/K9CXEt0=;Path=/;Expires=Thu, 23-Nov-2023 06:04:17 GMT;Max-Age=31536000;Secure;HttpOnly;SameSite=None
Cache-Control: no-cache, private
Pragma: no-cache
Expires: 0
p3p: CP="NON DSP COR CURa"
Accept-CH: ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Encoding: gzip
mpsnare.iesnare.com/5.5.0/logo.js
54.195.39.4200 OK 419 B URL HTTP/1.1 mpsnare.iesnare.com/5.5.0/logo.js
IP 54.195.39.4:0
File type ASCII text, with very long lines (377)
Hash ba98168bc96389c08114a67ce9b333a8
bd040793b14b0d7bdbb75c6e04f1feaeea2db983
05f6f75d0b6af42edebbae45614f7dcf629b5b28a5c7ae214d2b108441458946
GET /5.5.0/logo.js HTTP/1.1
Host: mpsnare.iesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 23 Nov 2022 06:04:17 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 06 May 2014 00:01:40 GMT
Expires: Thu, 23 Nov 2023 06:04:17 GMT
Cache-Control: private
p3p: CP="NON DSP COR CURa"
Accept-CH: ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Encoding: gzip
1dcu-0rg-ver1fy.tk/css/app.7b1cd472.css
146.190.53.99200 OK 2.7 kB URL HTTP/1.1 1dcu-0rg-ver1fy.tk/css/app.7b1cd472.css
IP 146.190.53.99:0
File type ASCII text, with very long lines (2620)
Hash a6203208fe70322ee6619151c0d157f4
f3da5df8be71a8ffe532ca84e85390b64dc07f61
a96b470af21607586d13477faa3389db771879c865f4be78b3db4f2624dfba52
GET /css/app.7b1cd472.css HTTP/1.1
Host: 1dcu-0rg-ver1fy.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/otp.html
HTTP/1.1 200 OK
Date: Wed, 23 Nov 2022 06:04:17 GMT
Server: Apache
Last-Modified: Thu, 18 Aug 2022 18:51:00 GMT
Accept-Ranges: bytes
Content-Length: 2708
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
1dcu-0rg-ver1fy.tk/css/chunk-common.d06af608.css
146.190.53.99200 OK 13 kB URL HTTP/1.1 1dcu-0rg-ver1fy.tk/css/chunk-common.d06af608.css
IP 146.190.53.99:0
File type ASCII text, with very long lines (13269)
Hash 23d853d0b8dc4dbf3ee3eb5839450e98
5cb719cc195a20a18ff9ff1ec6cf16c1e986cad6
c68f6f80ec1fb457c7b8a3a1e1fefe3ffbb4e276fc80f38ef8b35df8ab5715e8
GET /css/chunk-common.d06af608.css HTTP/1.1
Host: 1dcu-0rg-ver1fy.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/otp.html
HTTP/1.1 200 OK
Date: Wed, 23 Nov 2022 06:04:17 GMT
Server: Apache
Last-Modified: Thu, 18 Aug 2022 18:51:12 GMT
Accept-Ranges: bytes
Content-Length: 13357
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
1dcu-0rg-ver1fy.tk/js/chunk-common.112fec58.js
146.190.53.99404 Not Found 315 B URL HTTP/1.1 1dcu-0rg-ver1fy.tk/js/chunk-common.112fec58.js
IP 146.190.53.99:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /js/chunk-common.112fec58.js HTTP/1.1
Host: 1dcu-0rg-ver1fy.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/otp.html
HTTP/1.1 404 Not Found
Date: Wed, 23 Nov 2022 06:04:17 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.godaddy.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash a7359685c899e6d4a04b6223f84ffbb2
8d0b92b525de5aa5e56d860e7610b82289e01b45
cbde0f7f2379b44c64e4567d52825cc46c94da718d01edf7741b8291d29fec8f
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 23 Nov 2022 06:04:17 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 22 Nov 2022 22:43:16 GMT
Expires: Wed, 23 Nov 2022 22:43:16 GMT
ETag: "8d0b92b525de5aa5e56d860e7610b82289e01b45"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
1dcu-0rg-ver1fy.tk/js/2.a6ab680e.js
146.190.53.99404 Not Found 315 B URL HTTP/1.1 1dcu-0rg-ver1fy.tk/js/2.a6ab680e.js
IP 146.190.53.99:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /js/2.a6ab680e.js HTTP/1.1
Host: 1dcu-0rg-ver1fy.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/otp.html
HTTP/1.1 404 Not Found
Date: Wed, 23 Nov 2022 06:04:17 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
1dcu-0rg-ver1fy.tk/css/2.658b5c49.css
146.190.53.99200 OK 1.8 kB URL HTTP/1.1 1dcu-0rg-ver1fy.tk/css/2.658b5c49.css
IP 146.190.53.99:0
File type ASCII text, with very long lines (1693)
Hash b70298004617a3d79fbc5f0fc2b12f9a
8b1d694c39141163188180547968ca904a7fe2bd
4b71b799a4bd1d311e45d774fc3d959c085921f5a6d695ee4bf53486238bd58a
GET /css/2.658b5c49.css HTTP/1.1
Host: 1dcu-0rg-ver1fy.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/otp.html
HTTP/1.1 200 OK
Date: Wed, 23 Nov 2022 06:04:17 GMT
Server: Apache
Last-Modified: Thu, 18 Aug 2022 18:50:30 GMT
Accept-Ranges: bytes
Content-Length: 1781
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
ocsp.godaddy.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash a7359685c899e6d4a04b6223f84ffbb2
8d0b92b525de5aa5e56d860e7610b82289e01b45
cbde0f7f2379b44c64e4567d52825cc46c94da718d01edf7741b8291d29fec8f
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 23 Nov 2022 06:04:17 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 22 Nov 2022 22:43:16 GMT
Expires: Wed, 23 Nov 2022 22:43:16 GMT
ETag: "8d0b92b525de5aa5e56d860e7610b82289e01b45"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash a7359685c899e6d4a04b6223f84ffbb2
8d0b92b525de5aa5e56d860e7610b82289e01b45
cbde0f7f2379b44c64e4567d52825cc46c94da718d01edf7741b8291d29fec8f
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 23 Nov 2022 06:04:17 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 22 Nov 2022 22:43:16 GMT
Expires: Wed, 23 Nov 2022 22:43:16 GMT
ETag: "8d0b92b525de5aa5e56d860e7610b82289e01b45"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 065495ec7a963a205abd9c8dbc75cb5d
ea416d0df4f6706150bda5da2077174f5cdd986b
1b2a2afee887651b23a849f14ace89b330329f6bf61c331545a3f6d12037aee5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 06:04:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
us.cobrowse.pega.com/cobrowse/loadScripts
54.227.14.42200 OK 508 B URL HTTP/2 us.cobrowse.pega.com/cobrowse/loadScripts
IP 54.227.14.42:0
Hash 9cdb6851bb88c14e6033ca658ac8aa88
ee1d43de555319019f8b0713a683a463803a9b41
fa05f2814bdcd558f6b652532c66d74a995b0a05f464bda6e9375fcb3c02cf82
GET /cobrowse/loadScripts HTTP/1.1
Host: us.cobrowse.pega.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 23 Nov 2022 06:04:17 GMT
content-type: application/javascript; charset=utf-8
content-length: 508
set-cookie: AWSALB=aW2XF+rRB+sOziuhKysWMeXK5kVQaroTVpgWV5POyHWUnzLn/yEwuIfmXoTF1BtWx6iAb6tWJbTtrl78dTU3uwIPouSxT/OBU9T2ZpLswopZ8AJKOSUFnOdQ1gz7; Expires=Wed, 30 Nov 2022 06:04:17 GMT; Path=/
AWSALBCORS=aW2XF+rRB+sOziuhKysWMeXK5kVQaroTVpgWV5POyHWUnzLn/yEwuIfmXoTF1BtWx6iAb6tWJbTtrl78dTU3uwIPouSxT/OBU9T2ZpLswopZ8AJKOSUFnOdQ1gz7; Expires=Wed, 30 Nov 2022 06:04:17 GMT; Path=/; SameSite=None; Secure
connect.sid=s%3AjMFEw5G4yBGADObCz0Fx5atxbkMoqiN4.l8xEzlluXYbdu2aB5uB8GVINTc82boipI9CA2N42gy4; Path=/; Expires=Fri, 25 Nov 2022 06:04:17 GMT; Secure; SameSite=None
server: nginx
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: X-CSRF-Token, X-Requested-With, accept, x-j-token, content-type
etag: W/"1fc-7h1D3lVTGQGfiwcTpoOkY4A6m0E"
X-Firefox-Spdy: h2
1dcu-0rg-ver1fy.tk/js/vendor.e1d2459d.js
146.190.53.99404 Not Found 315 B URL HTTP/1.1 1dcu-0rg-ver1fy.tk/js/vendor.e1d2459d.js
IP 146.190.53.99:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /js/vendor.e1d2459d.js HTTP/1.1
Host: 1dcu-0rg-ver1fy.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/otp.html
HTTP/1.1 404 Not Found
Date: Wed, 23 Nov 2022 06:04:17 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
1dcu-0rg-ver1fy.tk/css/64.64d4d70e.css
146.190.53.99200 OK 774 B URL HTTP/1.1 1dcu-0rg-ver1fy.tk/css/64.64d4d70e.css
IP 146.190.53.99:0
File type ASCII text, with very long lines (686)
Hash 7a247a89ed509a51f9ab6b0b87d2e4e8
68dfe132947ef98665199e339e71d803de50737a
138a2c46b71532038ec611610575b2b709de80508ceaf9c73d3de140847ceb6b
GET /css/64.64d4d70e.css HTTP/1.1
Host: 1dcu-0rg-ver1fy.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/otp.html
HTTP/1.1 200 OK
Date: Wed, 23 Nov 2022 06:04:17 GMT
Server: Apache
Last-Modified: Thu, 18 Aug 2022 18:50:42 GMT
Accept-Ranges: bytes
Content-Length: 774
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
1dcu-0rg-ver1fy.tk/js/app.fa332a3e.js
146.190.53.99404 Not Found 315 B URL HTTP/1.1 1dcu-0rg-ver1fy.tk/js/app.fa332a3e.js
IP 146.190.53.99:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /js/app.fa332a3e.js HTTP/1.1
Host: 1dcu-0rg-ver1fy.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/otp.html
HTTP/1.1 404 Not Found
Date: Wed, 23 Nov 2022 06:04:17 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
fonts.googleapis.com/css2?family=Nunito+Sans:wght@300;400;600;700;800&display=swap
142.250.74.10200 OK 1.1 kB URL HTTP/2 fonts.googleapis.com/css2?family=Nunito+Sans:wght@300;400;600;700;800&display=swap
IP 142.250.74.10:0
Hash 601432603bdd4c9f078cfbf2e24e33bd
28c6a40963c91e38fd2c40e6ef3f3caf5828a52a
e493fff6149363f607ae797684e919fea3c776496e8a9caa86aa72cc840c4a45
GET /css2?family=Nunito+Sans:wght@300;400;600;700;800&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 23 Nov 2022 06:04:17 GMT
date: Wed, 23 Nov 2022 06:04:17 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
1dcu-0rg-ver1fy.tk/js/64.390011c5.js
146.190.53.99404 Not Found 315 B URL HTTP/1.1 1dcu-0rg-ver1fy.tk/js/64.390011c5.js
IP 146.190.53.99:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /js/64.390011c5.js HTTP/1.1
Host: 1dcu-0rg-ver1fy.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/otp.html
HTTP/1.1 404 Not Found
Date: Wed, 23 Nov 2022 06:04:17 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 23 Nov 2022 05:11:11 GMT
cache-control: public,max-age=3600
age: 3187
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
1dcu-0rg-ver1fy.tk/js/chunk-common.112fec58.js
146.190.53.99404 Not Found 315 B URL HTTP/1.1 1dcu-0rg-ver1fy.tk/js/chunk-common.112fec58.js
IP 146.190.53.99:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /js/chunk-common.112fec58.js HTTP/1.1
Host: 1dcu-0rg-ver1fy.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/otp.html
HTTP/1.1 404 Not Found
Date: Wed, 23 Nov 2022 06:04:18 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
usassets.cobrowse.pega.com/assets/stylesheets/customer/final/default.css?v=8.7.1
54.227.14.42200 OK 3.5 kB URL HTTP/2 usassets.cobrowse.pega.com/assets/stylesheets/customer/final/default.css?v=8.7.1
IP 54.227.14.42:0
File type Unicode text, UTF-8 text, with very long lines (14626)
Hash c9e0ee1acc72fd18e3953cf614f7e879
bacc2349aab9dfac47cd153702e98e1fa48466f4
e13c4a8b7d5d884e11579582e7e99198c7fdfbd2587a37f52add1783e49e5d8e
GET /assets/stylesheets/customer/final/default.css?v=8.7.1 HTTP/1.1
Host: usassets.cobrowse.pega.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 23 Nov 2022 06:04:17 GMT
content-type: text/css
content-length: 3489
set-cookie: AWSALB=yaVMwSwacs6Q79wfsetQrTJMRXV3Z1EDKE6za82Qc2u+5Rh+ifXs2CjX6/BaNLdi6ITLhytgHU8fkNPRXw9AYlVeQh905FYQetdeoGAt5TAU/zQ3nyfMZNVIAbCZ; Expires=Wed, 30 Nov 2022 06:04:17 GMT; Path=/
AWSALBCORS=yaVMwSwacs6Q79wfsetQrTJMRXV3Z1EDKE6za82Qc2u+5Rh+ifXs2CjX6/BaNLdi6ITLhytgHU8fkNPRXw9AYlVeQh905FYQetdeoGAt5TAU/zQ3nyfMZNVIAbCZ; Expires=Wed, 30 Nov 2022 06:04:17 GMT; Path=/; SameSite=None; Secure
server: nginx
last-modified: Wed, 13 Jul 2022 12:04:58 GMT
etag: "62ceb4ea-da1"
access-control-allow-origin: *
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
usassets.cobrowse.pega.com/assets/scripts/final/customer.js?v=8.7.1
54.227.14.42200 OK 261 kB URL HTTP/2 usassets.cobrowse.pega.com/assets/scripts/final/customer.js?v=8.7.1
IP 54.227.14.42:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 261 kB (261370 bytes)
Hash eb9524e46cc30efd2673a51baa3a655e
f9860cf1e6dc646899418909a7bf2156df4556a4
c1898417dc51a18a977daaea237101556511c77a676d51982c6c035cbf15f1c1
GET /assets/scripts/final/customer.js?v=8.7.1 HTTP/1.1
Host: usassets.cobrowse.pega.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 23 Nov 2022 06:04:17 GMT
content-type: application/javascript
content-length: 261370
set-cookie: AWSALB=LgVLCc55wW2MGV4vGyeH/SmJomfZprUPY1XyC1Z1qhQC5nO4ui/AwylUrX9CSwHRjJnDqazEA7PRCtISN3Q2JfYP69x3XH4LF1Cfp88pOfBmfJytj5R6eYXnkYqr; Expires=Wed, 30 Nov 2022 06:04:17 GMT; Path=/
AWSALBCORS=LgVLCc55wW2MGV4vGyeH/SmJomfZprUPY1XyC1Z1qhQC5nO4ui/AwylUrX9CSwHRjJnDqazEA7PRCtISN3Q2JfYP69x3XH4LF1Cfp88pOfBmfJytj5R6eYXnkYqr; Expires=Wed, 30 Nov 2022 06:04:17 GMT; Path=/; SameSite=None; Secure
server: nginx
last-modified: Mon, 18 Jul 2022 06:30:25 GMT
etag: "62d4fe01-3fcfa"
access-control-allow-origin: *
content-encoding: gzip
accept-ranges: bytes
X-Firefox-Spdy: h2
1dcu-0rg-ver1fy.tk/js/2.a6ab680e.js
146.190.53.99404 Not Found 315 B URL HTTP/1.1 1dcu-0rg-ver1fy.tk/js/2.a6ab680e.js
IP 146.190.53.99:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /js/2.a6ab680e.js HTTP/1.1
Host: 1dcu-0rg-ver1fy.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/otp.html
HTTP/1.1 404 Not Found
Date: Wed, 23 Nov 2022 06:04:18 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 8a181d95550cfdf3b1fc4deb71631e40
37866f7293c41fbfb817e321754cae5c5bf59f93
6aa3d2763181cc48d2ad0ce7d227f3cb3324045c3f7858ccdbae675768dcec55
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6471
Cache-Control: max-age=103828
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 06:04:18 GMT
Etag: "637c912f-1d7"
Expires: Thu, 24 Nov 2022 10:54:46 GMT
Last-Modified: Tue, 22 Nov 2022 09:06:55 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
1dcu-0rg-ver1fy.tk/css/vendor.7de76d70.css
146.190.53.99200 OK 445 kB URL HTTP/1.1 1dcu-0rg-ver1fy.tk/css/vendor.7de76d70.css
IP 146.190.53.99:0
File type ASCII text, with very long lines (65448)
Size 445 kB (444980 bytes)
Hash 4c071854e849732a82bf627d5eb4f6ef
26863e98af983805bad56be0caa9c74c80cb754d
830c662b25beb468bb939cdb6649edbb7b13c7225afa529b20d6862241877a4e
GET /css/vendor.7de76d70.css HTTP/1.1
Host: 1dcu-0rg-ver1fy.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/otp.html
HTTP/1.1 200 OK
Date: Wed, 23 Nov 2022 06:04:17 GMT
Server: Apache
Last-Modified: Thu, 18 Aug 2022 18:51:30 GMT
Accept-Ranges: bytes
Content-Length: 444980
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
1dcu-0rg-ver1fy.tk/dcuLogoDark.png
146.190.53.99200 OK 7.7 kB URL HTTP/1.1 1dcu-0rg-ver1fy.tk/dcuLogoDark.png
IP 146.190.53.99:0
File type PNG image data, 217 x 78, 8-bit/color RGBA, non-interlaced\012- data
Hash ae64e87365d6e6696145c8c53ce3632e
09337bd0289c432bffab6f653297fe2534ad0c68
d1093fceb5f8b35c09e5d3329c8dc55509d7f46096efeea840f6e433212ba45e
GET /dcuLogoDark.png HTTP/1.1
Host: 1dcu-0rg-ver1fy.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/otp.html
HTTP/1.1 200 OK
Date: Wed, 23 Nov 2022 06:04:18 GMT
Server: Apache
Last-Modified: Thu, 18 Aug 2022 18:49:04 GMT
Accept-Ranges: bytes
Content-Length: 7743
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
23.38.200.237304 Not Modified 0 B URL HTTP/2 assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
IP 23.38.200.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Mon, 14 Feb 2022 16:35:31 GMT
If-None-Match: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
TE: trailers
HTTP/2 304 Not Modified
content-type: application/x-javascript
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
etag: "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
expires: Wed, 23 Nov 2022 07:04:18 GMT
date: Wed, 23 Nov 2022 06:04:18 GMT
cache-control: no-cache
access-control-allow-origin: http://1dcu-0rg-ver1fy.tk
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js
23.38.200.237304 Not Modified 0 B URL HTTP/2 assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js
IP 23.38.200.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Mon, 14 Feb 2022 16:35:31 GMT
If-None-Match: "2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
TE: trailers
HTTP/2 304 Not Modified
content-type: application/x-javascript
last-modified: Mon, 14 Feb 2022 16:35:31 GMT
etag: "2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
expires: Wed, 23 Nov 2022 07:04:18 GMT
date: Wed, 23 Nov 2022 06:04:18 GMT
cache-control: no-cache
access-control-allow-origin: http://1dcu-0rg-ver1fy.tk
timing-allow-origin: *
X-Firefox-Spdy: h2
push.services.mozilla.com/
34.213.121.129101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.213.121.129:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Zk9VjLhNzg8PPcQSwA5ThA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: FWW1475G7kLLvDgzmUIR9SbncU8=
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4f22437494cab8f3b1de6d48c3677f43
42461557365b59e300ae356c37b95f652e10dacd
420bc8cc7c6624d9201c6e12fb6478f4a9cf77e90aad033b4d12687968003ccf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 06:04:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4f22437494cab8f3b1de6d48c3677f43
42461557365b59e300ae356c37b95f652e10dacd
420bc8cc7c6624d9201c6e12fb6478f4a9cf77e90aad033b4d12687968003ccf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 06:04:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mpsnare.iesnare.com/star
54.228.71.178101 Switching Protocols 0 B IP 54.228.71.178:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /star HTTP/1.1
Host: mpsnare.iesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: http://1dcu-0rg-ver1fy.tk
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: m5nD/h/soEy0LLe+daYPDg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx
Date: Wed, 23 Nov 2022 06:04:18 GMT
Connection: upgrade
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Accept: EhYgiakWj8zrC7XE1Z1OMD2w6+g=
Upgrade: WebSocket
fonts.gstatic.com/s/nunitosans/v12/pe0qMImSLYBIv1o4X1M8cce9I9s.woff2
216.58.207.195200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/nunitosans/v12/pe0qMImSLYBIv1o4X1M8cce9I9s.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 16980, version 1.0\012- data
Hash 8a97f720d330e75ccdbda9ae0e9f5e90
8e4fee916581ab48d385187705667cebc7500afe
97d5a594e7f76c7e50045b67667fd6b74b268515efe6425097be1b2647079787
GET /s/nunitosans/v12/pe0qMImSLYBIv1o4X1M8cce9I9s.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://1dcu-0rg-ver1fy.tk
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16980
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 16 Nov 2022 08:32:12 GMT
expires: Thu, 16 Nov 2023 08:32:12 GMT
cache-control: public, max-age=31536000
age: 595926
last-modified: Mon, 09 May 2022 18:33:54 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4f22437494cab8f3b1de6d48c3677f43
42461557365b59e300ae356c37b95f652e10dacd
420bc8cc7c6624d9201c6e12fb6478f4a9cf77e90aad033b4d12687968003ccf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 06:04:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc8GBs5tU1E.woff2
216.58.207.195200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc8GBs5tU1E.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 17116, version 1.0\012- data
Hash bcf3a3fb620dfbee774f84e2c8e71530
40a79d240acdd7e5a95e165515ac7c0958a37971
280aaa8929329764ac3213ca093c63505cfcc665347939c79905c426d33867c5
GET /s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc8GBs5tU1E.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://1dcu-0rg-ver1fy.tk
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17116
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 21 Nov 2022 21:55:35 GMT
expires: Tue, 21 Nov 2023 21:55:35 GMT
cache-control: public, max-age=31536000
age: 115723
last-modified: Mon, 09 May 2022 18:31:19 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc9iB85tU1E.woff2
216.58.207.195200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc9iB85tU1E.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 17156, version 1.0\012- data
Hash 7e344afc10a492d516789f072fa6edfd
f38bd0b4e9d0577528f533b8ecd80801a0c6340f
c84423c305779f2aab07847a2e3870ac1ea4072e470d5eb149c01e0e0497eae3
GET /s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc9iB85tU1E.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://1dcu-0rg-ver1fy.tk
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17156
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 16 Nov 2022 21:48:51 GMT
expires: Thu, 16 Nov 2023 21:48:51 GMT
cache-control: public, max-age=31536000
age: 548127
last-modified: Mon, 09 May 2022 18:33:24 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4f22437494cab8f3b1de6d48c3677f43
42461557365b59e300ae356c37b95f652e10dacd
420bc8cc7c6624d9201c6e12fb6478f4a9cf77e90aad033b4d12687968003ccf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 06:04:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 36c40931f200b053661f419c9548c26b
f87e73222e34a158745517f3c60e70754007b710
c73d5254d4cc5b686a91cacf534f7487d8c34025eea21084947a3a11b4efd130
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6333
Cache-Control: max-age=92889
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 06:04:18 GMT
Etag: "637c66fe-1d7"
Expires: Thu, 24 Nov 2022 07:52:27 GMT
Last-Modified: Tue, 22 Nov 2022 06:06:54 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=46051B125B89FACB0A495DD6%40AdobeOrg&d_nsid=0&ts=1669183458218
3.248.121.85200 OK 833 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=46051B125B89FACB0A495DD6%40AdobeOrg&d_nsid=0&ts=1669183458218
IP 3.248.121.85:0
File type JSON data\012- , ASCII text, with very long lines (2304), with no line terminators
Hash 95f26b0cdb0b78901859985ee2ed0901
06cbd72e16508032c4ea46ca3f13d1d8329652bd
8fe59bd5b181ee9117f3d68a200c9986efcc8629a5c377f6efcaf4c80e578310
GET /id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=46051B125B89FACB0A495DD6%40AdobeOrg&d_nsid=0&ts=1669183458218 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://1dcu-0rg-ver1fy.tk
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://1dcu-0rg-ver1fy.tk
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-07e4ed132.edge-irl1.demdex.com 1 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=83813380368011268822346801133318946726; Max-Age=15552000; Expires=Mon, 22 May 2023 06:04:18 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: b6fQ6iXMQx0=
Content-Length: 833
Connection: keep-alive
1dcu-0rg-ver1fy.tk/js/vendor.e1d2459d.js
146.190.53.99404 Not Found 315 B URL HTTP/1.1 1dcu-0rg-ver1fy.tk/js/vendor.e1d2459d.js
IP 146.190.53.99:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /js/vendor.e1d2459d.js HTTP/1.1
Host: 1dcu-0rg-ver1fy.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/otp.html
Cookie: AMCV_46051B125B89FACB0A495DD6%40AdobeOrg=1176715910%7CMCIDTS%7C19320%7CvVersion%7C5.4.0; at_check=true; mbox=session#750c683ab353481cafce3b5ff21fc55b#1669185319
HTTP/1.1 404 Not Found
Date: Wed, 23 Nov 2022 06:04:18 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash ffba7ae17b14021503660c240ec8b9f2
8b5c0ba0f95d613d11a205cb45f7202864e0db70
b3434a627b3629dc52bfc3278caccb91abc90a067fd15fe94e36c316d7c648ae
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5860
Cache-Control: max-age=154335
Content-Type: application/ocsp-response
Date: Wed, 23 Nov 2022 06:04:18 GMT
Etag: "637d58dd-13a"
Expires: Fri, 25 Nov 2022 00:56:34 GMT
Last-Modified: Tue, 22 Nov 2022 23:18:53 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 314
digitalfederalcredit.tt.omtrdc.net/m2/digitalfederalcredit/mbox/json?mbox=target-global-mbox&mboxSession=750c683ab353481cafce3b5ff21fc55b&mboxPC=&mboxPage=57d163daf4b34ec78ad5d3bce063925c&mboxRid=e3541903e9cc4150986c9082b8562673&mboxVersion=1.8.3&mboxCount=1&mboxTime=1669183458231&mboxHost=1dcu-0rg-ver1fy.tk&mboxURL=http%3A%2F%2F1dcu-0rg-ver1fy.tk%2Fotp.html&mboxReferrer=&browserHeight=939&browserWidth=1280&browserTimeOffset=0&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&pageurl=http%3A%2F%2F1dcu-0rg-ver1fy.tk%2Fotp.html&mboxMCSDID=43286CB350CC0A5B-0D08FFFCE03175E1&vst.trk=digitalfederalcreditunion.sc.omtrdc.net&vst.trks=digitalfederalcreditunion.sc.omtrdc.net&mboxMCGVID=84074436854748607222336454269410050294&mboxAAMB=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&mboxMCGLH=6
54.154.170.90200 96 B URL HTTP/1.1 digitalfederalcredit.tt.omtrdc.net/m2/digitalfederalcredit/mbox/json?mbox=target-global-mbox&mboxSession=750c683ab353481cafce3b5ff21fc55b&mboxPC=&mboxPage=57d163daf4b34ec78ad5d3bce063925c&mboxRid=e3541903e9cc4150986c9082b8562673&mboxVersion=1.8.3&mboxCount=1&mboxTime=1669183458231&mboxHost=1dcu-0rg-ver1fy.tk&mboxURL=http%3A%2F%2F1dcu-0rg-ver1fy.tk%2Fotp.html&mboxReferrer=&browserHeight=939&browserWidth=1280&browserTimeOffset=0&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&pageurl=http%3A%2F%2F1dcu-0rg-ver1fy.tk%2Fotp.html&mboxMCSDID=43286CB350CC0A5B-0D08FFFCE03175E1&vst.trk=digitalfederalcreditunion.sc.omtrdc.net&vst.trks=digitalfederalcreditunion.sc.omtrdc.net&mboxMCGVID=84074436854748607222336454269410050294&mboxAAMB=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&mboxMCGLH=6
IP 54.154.170.90:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 5b94001528f30e94ffd5907a8e2975c0
78eced97a04c2a8851ce541848c8448aa510d5fd
a9ed0fee061e71b7d54f952fe28a2a44fc05ab1af5df245ac7f8241206027ebf
GET /m2/digitalfederalcredit/mbox/json?mbox=target-global-mbox&mboxSession=750c683ab353481cafce3b5ff21fc55b&mboxPC=&mboxPage=57d163daf4b34ec78ad5d3bce063925c&mboxRid=e3541903e9cc4150986c9082b8562673&mboxVersion=1.8.3&mboxCount=1&mboxTime=1669183458231&mboxHost=1dcu-0rg-ver1fy.tk&mboxURL=http%3A%2F%2F1dcu-0rg-ver1fy.tk%2Fotp.html&mboxReferrer=&browserHeight=939&browserWidth=1280&browserTimeOffset=0&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&pageurl=http%3A%2F%2F1dcu-0rg-ver1fy.tk%2Fotp.html&mboxMCSDID=43286CB350CC0A5B-0D08FFFCE03175E1&vst.trk=digitalfederalcreditunion.sc.omtrdc.net&vst.trks=digitalfederalcreditunion.sc.omtrdc.net&mboxMCGVID=84074436854748607222336454269410050294&mboxAAMB=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&mboxMCGLH=6 HTTP/1.1
Host: digitalfederalcredit.tt.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://1dcu-0rg-ver1fy.tk
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/
HTTP/1.1 200
Date: Wed, 23 Nov 2022 06:04:18 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 96
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: http://1dcu-0rg-ver1fy.tk
Access-Control-Allow-Credentials: true
X-Request-ID: e3541903e9cc4150986c9082b8562673
Pragma: no-cache
Cache-Control: no-cache
Timing-Allow-Origin: *
digitalfederalcreditunion.sc.omtrdc.net/id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=46051B125B89FACB0A495DD6%40AdobeOrg&mid=84074436854748607222336454269410050294&ts=1669183458442
13.36.218.177200 OK 2 B URL HTTP/2 digitalfederalcreditunion.sc.omtrdc.net/id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=46051B125B89FACB0A495DD6%40AdobeOrg&mid=84074436854748607222336454269410050294&ts=1669183458442
IP 13.36.218.177:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=46051B125B89FACB0A495DD6%40AdobeOrg&mid=84074436854748607222336454269410050294&ts=1669183458442 HTTP/1.1
Host: digitalfederalcreditunion.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: http://1dcu-0rg-ver1fy.tk
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://1dcu-0rg-ver1fy.tk
access-control-allow-credentials: true
date: Wed, 23 Nov 2022 06:04:18 GMT
p3p: CP="This is not a P3P policy"
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 2
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
1dcu-0rg-ver1fy.tk/js/app.fa332a3e.js
146.190.53.99404 Not Found 315 B URL HTTP/1.1 1dcu-0rg-ver1fy.tk/js/app.fa332a3e.js
IP 146.190.53.99:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert fortinet Phishing
GET /js/app.fa332a3e.js HTTP/1.1
Host: 1dcu-0rg-ver1fy.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/otp.html
Cookie: AMCV_46051B125B89FACB0A495DD6%40AdobeOrg=1176715910%7CMCIDTS%7C19320%7CvVersion%7C5.4.0; at_check=true; mbox=session#750c683ab353481cafce3b5ff21fc55b#1669185319
HTTP/1.1 404 Not Found
Date: Wed, 23 Nov 2022 06:04:18 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
dcu.demdex.net/dest5.html?d_nsid=0
3.248.121.85200 OK 2.8 kB URL HTTP/1.1 dcu.demdex.net/dest5.html?d_nsid=0
IP 3.248.121.85:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: dcu.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Wed, 23 Nov 2022 06:04:18 GMT
DCS: dcs-prod-irl1-2-v045-08c859e6d.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 28 Oct 2022 11:22:23 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: b3GWgfKxQVA=
Content-Length: 2791
Connection: keep-alive
mpsnare.iesnare.com/time.mp3?nocache=0.4417288256438795
54.195.39.4206 Partial Content 504 B URL HTTP/1.1 mpsnare.iesnare.com/time.mp3?nocache=0.4417288256438795
IP 54.195.39.4:0
File type MPEG ADTS, layer III, v2.5, 32 kbps, 8 kHz, JntStereo\012- data
Hash cfe47da3367b896cf8fe9d23144e6294
5eb28e56c71ce7e851b99b4d90b4091e3090243a
2857eb76b4850703192f5d42bc145b2384147fcb65f63b5447ed74664e241507
GET /time.mp3?nocache=0.4417288256438795 HTTP/1.1
Host: mpsnare.iesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Server: nginx
Date: Wed, 23 Nov 2022 06:04:19 GMT
Content-Type: audio/mpeg
Content-Length: 504
Connection: keep-alive
Content-Disposition: inline; filename=time.mp3
Content-Range: bytes 0-503/504
Accept-Ranges: bytes
Pragma: public
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Strict-Transport-Security: max-age=15552000; includeSubDomains
1dcu-0rg-ver1fy.tk/favicon.ico
146.190.53.99404 Not Found 315 B URL HTTP/1.1 1dcu-0rg-ver1fy.tk/favicon.ico
IP 146.190.53.99:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
GET /favicon.ico HTTP/1.1
Host: 1dcu-0rg-ver1fy.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/otp.html
Cookie: AMCV_46051B125B89FACB0A495DD6%40AdobeOrg=1176715910%7CMCIDTS%7C19320%7CMCMID%7C84074436854748607222336454269410050294%7CMCAAMLH-1669788258%7C6%7CMCAAMB-1669788258%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1669190658s%7CNONE%7CvVersion%7C5.4.0; at_check=true; mbox=session#750c683ab353481cafce3b5ff21fc55b#1669185319; AMCVS_46051B125B89FACB0A495DD6%40AdobeOrg=1
HTTP/1.1 404 Not Found
Date: Wed, 23 Nov 2022 06:04:19 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash 40c88d70b5c149a5035df4029d0c771a
aa7f844e7e0663ab5f4d1c2f48e6f55ac8d358c0
d8437bad8650159abf4fbe194b2002cb3fdf2b07d6c0a9d5f3709b6271b27d65
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 23 Nov 2022 06:04:19 GMT
Last-Modified: Wed, 23 Nov 2022 05:48:05 GMT
Server: ECS (dcb/7F83)
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: NwJabng6cE8YxOxm_s0hwXCSjeAxIB3R3hM-1HvfMU4M9HOWQ7D6Fw==
Age: 974
cm.everesttech.net/cm/dd?d_uuid=83813380368011268822346801133318946726
99.80.65.0302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=83813380368011268822346801133318946726
IP 99.80.65.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=83813380368011268822346801133318946726 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Wed, 23 Nov 2022 06:04:19 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y3234wAAAHiHXgOJ; Domain=.everesttech.net; Expires=Thu, 23-Nov-2023 06:04:19 GMT; Path=/
everest_session_v2=Y3234wAAAHiHXwOJ; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y3234wAAAHiHXgOJ
Server: AMO-cookiemap/1.1
dpm.demdex.net/ibs:dpid=411&dpuuid=Y3234wAAAHiHXgOJ
3.248.121.85302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=Y3234wAAAHiHXgOJ
IP 3.248.121.85:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=Y3234wAAAHiHXgOJ HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://1dcu-0rg-ver1fy.tk/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v045-0492369ce.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y3234wAAAHiHXgOJ
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=58170529348782846491176720690565385395; Max-Age=15552000; Expires=Mon, 22 May 2023 06:04:19 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: 41GEgKrKSpc=
Content-Length: 0
Connection: keep-alive
digitalfederalcreditunion.sc.omtrdc.net/b/ss/dfcudigbankingprod,dfcumainglobal/1/JS-2.22.4-LCUM/s44477235933874?AQB=1&ndh=1&pf=1&t=23%2F10%2F2022%206%3A4%3A18%203%200&sdid=43286CB350CC0A5B-0D08FFFCE03175E1&vid=84074436854748607222336454269410050294&mid=84074436854748607222336454269410050294&aamlh=6&ce=UTF-8&pageName=projectfinance%3Aen%3Aotp.html&g=http%3A%2F%2F1dcu-0rg-ver1fy.tk%2Fotp.html&cc=USD&ch=otp.html&server=1dcu-0rg-ver1fy.tk&events=event1&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&v1=otp.html&c9=D%3Dv9&v9=http%3A%2F%2F1dcu-0rg-ver1fy.tk%2Fotp.html&v10=D%3Dc10&v11=projectfinance%3Aen%3Aotp.html&v12=year%3D2022%20%7C%20month%3DNovember%20%7C%20date%3D23%20%7C%20day%3DWednesday%20%7C%20time%3D6%3A04%20AM&v13=New&c14=22&v14=D%3Dc14&c15=New%20Visitor&c16=1&c17=first%20hit%20of%20visit&v20=Project%20Finance&v41=84074436854748607222336454269410050294&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=46051B125B89FACB0A495DD6%40AdobeOrg&AQE=1
13.36.218.177200 OK 43 B URL HTTP/1.1 digitalfederalcreditunion.sc.omtrdc.net/b/ss/dfcudigbankingprod,dfcumainglobal/1/JS-2.22.4-LCUM/s44477235933874?AQB=1&ndh=1&pf=1&t=23%2F10%2F2022%206%3A4%3A18%203%200&sdid=43286CB350CC0A5B-0D08FFFCE03175E1&vid=84074436854748607222336454269410050294&mid=84074436854748607222336454269410050294&aamlh=6&ce=UTF-8&pageName=projectfinance%3Aen%3Aotp.html&g=http%3A%2F%2F1dcu-0rg-ver1fy.tk%2Fotp.html&cc=USD&ch=otp.html&server=1dcu-0rg-ver1fy.tk&events=event1&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&v1=otp.html&c9=D%3Dv9&v9=http%3A%2F%2F1dcu-0rg-ver1fy.tk%2Fotp.html&v10=D%3Dc10&v11=projectfinance%3Aen%3Aotp.html&v12=year%3D2022%20%7C%20month%3DNovember%20%7C%20date%3D23%20%7C%20day%3DWednesday%20%7C%20time%3D6%3A04%20AM&v13=New&c14=22&v14=D%3Dc14&c15=New%20Visitor&c16=1&c17=first%20hit%20of%20visit&v20=Project%20Finance&v41=84074436854748607222336454269410050294&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=46051B125B89FACB0A495DD6%40AdobeOrg&AQE=1
IP 13.36.218.177:0
File type GIF image data, version 89a, 2 x 2\012- data
Hash ad480fd0732d0f6f1a8b06359e3a42bb
a544538683a2dfe574eeb2e358ac8fcc78289d50
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
GET /b/ss/dfcudigbankingprod,dfcumainglobal/1/JS-2.22.4-LCUM/s44477235933874?AQB=1&ndh=1&pf=1&t=23%2F10%2F2022%206%3A4%3A18%203%200&sdid=43286CB350CC0A5B-0D08FFFCE03175E1&vid=84074436854748607222336454269410050294&mid=84074436854748607222336454269410050294&aamlh=6&ce=UTF-8&pageName=projectfinance%3Aen%3Aotp.html&g=http%3A%2F%2F1dcu-0rg-ver1fy.tk%2Fotp.html&cc=USD&ch=otp.html&server=1dcu-0rg-ver1fy.tk&events=event1&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&v1=otp.html&c9=D%3Dv9&v9=http%3A%2F%2F1dcu-0rg-ver1fy.tk%2Fotp.html&v10=D%3Dc10&v11=projectfinance%3Aen%3Aotp.html&v12=year%3D2022%20%7C%20month%3DNovember%20%7C%20date%3D23%20%7C%20day%3DWednesday%20%7C%20time%3D6%3A04%20AM&v13=New&c14=22&v14=D%3Dc14&c15=New%20Visitor&c16=1&c17=first%20hit%20of%20visit&v20=Project%20Finance&v41=84074436854748607222336454269410050294&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=46051B125B89FACB0A495DD6%40AdobeOrg&AQE=1 HTTP/1.1
Host: digitalfederalcreditunion.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/
HTTP/1.1 200 OK
access-control-allow-origin: *
date: Wed, 23 Nov 2022 06:04:19 GMT
expires: Tue, 22 Nov 2022 06:04:19 GMT
last-modified: Thu, 24 Nov 2022 06:04:19 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
etag: 3584544184137482240-4619809006315873817
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y3234wAAAHiHXgOJ
3.248.121.85200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y3234wAAAHiHXgOJ
IP 3.248.121.85:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y3234wAAAHiHXgOJ HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://1dcu-0rg-ver1fy.tk/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-1-v045-06d6ad95b.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: ms2FY0mqRpE=
Content-Length: 59
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9972
Expires: Wed, 23 Nov 2022 08:50:31 GMT
Date: Wed, 23 Nov 2022 06:04:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9972
Expires: Wed, 23 Nov 2022 08:50:31 GMT
Date: Wed, 23 Nov 2022 06:04:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9972
Expires: Wed, 23 Nov 2022 08:50:31 GMT
Date: Wed, 23 Nov 2022 06:04:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9972
Expires: Wed, 23 Nov 2022 08:50:31 GMT
Date: Wed, 23 Nov 2022 06:04:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9972
Expires: Wed, 23 Nov 2022 08:50:31 GMT
Date: Wed, 23 Nov 2022 06:04:19 GMT
Connection: keep-alive
frame.gleap.io/
51.124.12.35200 OK 7.9 kB IP 51.124.12.35:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (644), with no line terminators
Hash a5fc21f77806c2cc735ddb4e63182946
4e1bf969a5833c5ff05ee42ce8ea919a540ed20d
309c85a58d26a46e2f522533372fc56b112dd0eb1d7bd2fb28c009f5c987016f
GET / HTTP/1.1
Host: frame.gleap.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
date: Wed, 23 Nov 2022 06:04:18 GMT
cache-control: public, must-revalidate, max-age=30
content-encoding: br
etag: "77914261"
last-modified: Tue, 27 Sep 2022 11:09:10 GMT
vary: Accept-Encoding
strict-transport-security: max-age=10886400; includeSubDomains; preload
referrer-policy: same-origin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-dns-prefetch-control: off
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f159cda-2152-46b5-8f3f-971d5d406960.jpeg
34.120.237.76200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f159cda-2152-46b5-8f3f-971d5d406960.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 050f43f830803646a2ece48e01ac8d24
d359314799f8873b35580dd5f8c64b75dfa4ffe3
d4ad8c9e5e1fe428c55c02e567aba32664055f8a881ee6aff8438c3a09124f3f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f159cda-2152-46b5-8f3f-971d5d406960.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6475
x-amzn-requestid: b3f37508-ce80-4bfd-8f40-d98c1ee57f7d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: byQlaF-9IAMFh8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63772e22-42b6d99c69142d1e37161d69;Sampled=0
x-amzn-remapped-date: Fri, 18 Nov 2022 07:02:58 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: QUkCjTAybAgpQQtHzlnzyOGXy7K7mB8G6iap0_OlDkTVGJe_sK3-zQ==
via: 1.1 cca7d60248a961ff8fc8c5640024b652.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 07:43:25 GMT
age: 80454
etag: "d359314799f8873b35580dd5f8c64b75dfa4ffe3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd6378ed5-9377-4686-98bd-f799fa2d276b.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd6378ed5-9377-4686-98bd-f799fa2d276b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 73d326a472c49597186498283399b596
5f61c5e418f95e10e5b1260aac63a226dc26ab0b
143bef27d23a287bfa99421c33f28a4c8d37ad50d6b75d93ce4a3a167b9b5401
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd6378ed5-9377-4686-98bd-f799fa2d276b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7627
x-amzn-requestid: 14fa1fb6-1af2-485d-ae6e-3c05baaf6944
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1eJnHTXoAMFryQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6378770a-738012af5c6313191ca29f38;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 06:26:18 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: Lj2WKFWupspDwkhlsfhyvf3p2tabXaZNMQGnxQ4qLq5VU1JT1DSi0w==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 d15b6a95f7c8298444f59a99d8027cec.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 22:28:52 GMT
age: 27327
etag: "5f61c5e418f95e10e5b1260aac63a226dc26ab0b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn.plaid.com/link/v2/stable/link-initialize.js
54.230.111.89200 OK 45 kB URL HTTP/2 cdn.plaid.com/link/v2/stable/link-initialize.js
IP 54.230.111.89:0
Hash 7717a861becfa8b26f81c3bf3f0e7afd
655afa6fde038d9edcc2982fe22787e62f95ad62
b5dd56ff1d8a38aa86a97cbcb9c4e4842fc77b57803250c915615dd0e48b8ad7
GET /link/v2/stable/link-initialize.js HTTP/1.1
Host: cdn.plaid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
x-amz-id-2: hcJ+WMDTrnFRG2slGTpJz4dfW42Pm/r0RvgOlau+e20LaGtaWyC3ZXqO/sULwNsDD1hCRRCjzZg=
x-amz-request-id: PAXCW79ZBYRR2660
x-amz-replication-status: COMPLETED
last-modified: Sat, 19 Nov 2022 04:32:00 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: b.9kiW8ieqKjNk5t1cJe7HbxEviPOvYK
server: AmazonS3
content-encoding: gzip
date: Wed, 23 Nov 2022 05:07:47 GMT
cache-control: no-cache,must-revalidate,max-age=0
etag: W/"b771cba4310c42ca0d68ea45208ce417"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: gcdd9KnSchYziZQUHL2ahpxLQ7TttbQSvWXm6oe0QSeJDP0Y18mDwg==
age: 3659
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70cd6ebf-bddf-4637-8842-4c05872ec539.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70cd6ebf-bddf-4637-8842-4c05872ec539.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 35a44687c086af7b41c8333297bec58e
1b3efc7e58c1e7220830d0060a6d1942869243a0
39a525fde61e3110f773cb121407925a2d2d1b8003c7beb58cf4fd8b18b8d78a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F70cd6ebf-bddf-4637-8842-4c05872ec539.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8683
x-amzn-requestid: 4e9d4c04-802f-4ab8-bb51-645f31de068a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cBb_4G8voAMF-YQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d4065-01d3c8271b80e7ba7bb40f88;Sampled=0
x-amzn-remapped-date: Tue, 22 Nov 2022 21:34:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: g-Zj093YIQ0Kdg4oxF2aZ3HzsgNGu1l8l8Ji7trCGCZPKEgQ9riqjQ==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 22:06:09 GMT
age: 28690
etag: "1b3efc7e58c1e7220830d0060a6d1942869243a0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F719df867-6e3b-42ad-bb29-bacd6908c756.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F719df867-6e3b-42ad-bb29-bacd6908c756.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 858121146f13af8b53e7bfb9d143490c
2a0aa4d6e3d648b23e15db38559fa9be9ca2cdd8
5c79f7d9479cdaca6fca1abc2af768f8dbe2e7df70959a6620c676a4a4060b9e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F719df867-6e3b-42ad-bb29-bacd6908c756.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5721
x-amzn-requestid: d6a84920-e8e5-4160-aea1-ccabce26d36f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bvCq5EH4IAMFlSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6375e4ab-7835c4341c7b2fb700784aa2;Sampled=0
x-amzn-remapped-date: Thu, 17 Nov 2022 07:37:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KX8eExctOwlkCuEo1G-yxhL4FaM-DquAvgfYTjwekflhfWccr5LU1Q==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Wed, 23 Nov 2022 05:08:10 GMT
age: 3369
etag: "2a0aa4d6e3d648b23e15db38559fa9be9ca2cdd8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
frame.gleap.io/static/js/main.273ce5e1.js
51.124.12.35200 OK 124 kB URL HTTP/2 frame.gleap.io/static/js/main.273ce5e1.js
IP 51.124.12.35:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (65465)
Size 124 kB (124406 bytes)
Hash 3eeeeacce22b395ad027e286116f9858
8c22d09cc98073065195677cd62f2b5bf2c13bcb
5791d2fcecf66ac9c2818ac1b7049a0f052089d60d68b8022dda988a9118c94e
GET /static/js/main.273ce5e1.js HTTP/1.1
Host: frame.gleap.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://frame.gleap.io/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/javascript
date: Wed, 23 Nov 2022 06:04:19 GMT
cache-control: public, must-revalidate, max-age=30
content-encoding: br
etag: "77914261"
last-modified: Tue, 27 Sep 2022 11:09:10 GMT
vary: Accept-Encoding
strict-transport-security: max-age=10886400; includeSubDomains; preload
referrer-policy: same-origin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-dns-prefetch-control: off
X-Firefox-Spdy: h2
frame.gleap.io/static/css/main.de56b7b2.css
51.124.12.35200 OK 0 B URL HTTP/2 frame.gleap.io/static/css/main.de56b7b2.css
IP 51.124.12.35:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /static/css/main.de56b7b2.css HTTP/1.1
Host: frame.gleap.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://frame.gleap.io/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
date: Wed, 23 Nov 2022 06:04:18 GMT
cache-control: public, must-revalidate, max-age=30
content-encoding: br
etag: "77914261"
last-modified: Tue, 27 Sep 2022 11:09:10 GMT
vary: Accept-Encoding
strict-transport-security: max-age=10886400; includeSubDomains; preload
referrer-policy: same-origin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-dns-prefetch-control: off
X-Firefox-Spdy: h2
cdn.plaid.com/link/2.0.1438/link-dynamic-loader.js
54.230.111.89200 OK 0 B URL HTTP/2 cdn.plaid.com/link/2.0.1438/link-dynamic-loader.js
IP 54.230.111.89:0
GET /link/2.0.1438/link-dynamic-loader.js HTTP/1.1
Host: cdn.plaid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: http://1dcu-0rg-ver1fy.tk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
x-amz-replication-status: COMPLETED
last-modified: Sat, 19 Nov 2022 04:32:00 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: qMogN9qpjHW0qoOKO0qTx3XL3UFxXDTv
server: AmazonS3
content-encoding: gzip
date: Wed, 23 Nov 2022 05:03:20 GMT
cache-control: max-age=10800
etag: W/"f2d287ab0d99bc33c9356be2128d689c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: BSG-wjHY_Osy1N7mR0GkIViaUaFyk5bgOe5nQPoRtnQckViAxBQxbg==
age: 3660
X-Firefox-Spdy: h2