Report - fika88.com/

Report Overview

Submitted URL
fika88.com/
IP
18.138.91.122
ASN
#16509 AMAZON-02
Submitted
2022-10-22 05:53:39
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
16

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
fika88.com	unknown			330 B	366 B	18.138.91.122
sc.casemed.net	unknown	2021-08-13T12:57:30Z	2023-02-20T15:02:17Z	729 B	1.6 kB	54.230.111.12
sc.saceted.com	unknown	2021-08-14T02:01:08Z	2023-02-20T15:02:17Z	375 B	925 B	54.230.111.8
stcdn.agbong88.com	unknown	2022-06-18T22:02:48Z	2023-02-20T15:02:17Z	406 B	316 B	104.18.14.215
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-09T05:09:18Z	758 B	2.8 kB	143.204.55.35
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-09T05:09:49Z	401 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-09T05:09:48Z	321 B	229 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-09T05:09:13Z	594 B	127 B	35.164.183.116
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-09T10:04:36Z	3.2 kB	60 kB	34.120.237.76
stcdn.b8ag.com	unknown	2022-06-18T22:02:48Z	2023-02-20T15:02:17Z	402 B	316 B	104.18.14.215
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-09T05:09:05Z	3.3 kB	8.9 kB	23.36.77.32
www.fika88.com	unknown			7.2 kB	370 kB	104.18.14.215
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-09T11:52:10Z	987 B	1.9 kB	93.184.220.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-10-22	medium	fika88.com/	Phishing
2022-10-22	medium	www.fika88.com/	Phishing
2022-10-22	medium	www.fika88.com/assets/bundles/themes/default.min.css?ver=2022051200	Phishing
2022-10-22	medium	www.fika88.com/assets/scripts/login/fps.js?ver=2022051200	Phishing
2022-10-22	medium	www.fika88.com/assets/bundles/login.min.js?ver=2022051200	Phishing
2022-10-22	medium	www.fika88.com/assets/styles/fonts/opensans/OpenSans-Regular.ttf	Phishing
2022-10-22	medium	www.fika88.com/assets/styles/images/mode/y9.svg	Phishing
2022-10-22	medium	www.fika88.com/	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (10)

	URL	Size	First Seen	Last Seen
	www.fika88.com/assets/bundles/login.min.js?ver=2022051200	146 kB	2023-03-07	2023-03-17
Pretty URL www.fika88.com/assets/bundles/login.min.js?ver=2022051200 IP 104.18.15.215 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:10:36 Last Seen2023-03-17 12:31:32 Times Seen1 Hash 2ec865c73372f1b60c50db80592996e0 21362797e2149af58c9b3de1c5a60b1752db1e13 b13c530f3fe2c0714f1ed0a446ef120a44ff193d67b69b12ddf58b7794357638 Loading...

	www.fika88.com/	795 B	2023-03-07	2023-04-02
Pretty URL www.fika88.com/ IP 104.18.14.215 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:10:36 Last Seen2023-04-02 21:26:25 Times Seen6 Hash 79aa9084f7fbc74333901db489e079fa c32b6942d6e520db31f22422844423b54b27fc27 be4974e38056f1d7431b38fe6dba06da949036e24a0d8b7111aa02e92daa81a7 Loading...

	www.fika88.com/assets/scripts/login/fps.js?ver=2022051200	2.8 kB	2023-03-07	2023-03-26
Pretty URL www.fika88.com/assets/scripts/login/fps.js?ver=2022051200 IP 104.18.15.215 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:10:36 Last Seen2023-03-26 10:25:40 Times Seen5 Hash b9bc0c24d92404f502f8eb3887c7f4bc 49291a62ec11450fa9e3ab8c8578159c48ab0a32 c1816460a3f38a8730cef83948533c53fcd89a68b9de0188a88d67ca2cdcb720 Loading...

	sc.casemed.net/di/activator.ashx	64 kB	2023-03-10	2023-03-10
Pretty URL sc.casemed.net/di/activator.ashx IP 54.230.111.12 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 12:57:32 Last Seen2023-03-10 12:57:32 Times Seen1 Hash 3345927abe10777d13ecfc947348cbe8 3da889a4d667fb05dc31f2ba043c729dd233e896 511487b13c438345a6e5547d73b0d1aa6c5faeade22a3a69edb63cb31665e3e6 Loading...

		Size	First Seen	Last Seen
	#1 Eval - d32b5e72c27f3754718ccfceb69636b8	23 B	2023-03-07	2024-02-12
Pretty Observations First Seen2023-03-07 12:55:32 Last Seen2024-02-12 01:56:44 Times Seen8 Hash d32b5e72c27f3754718ccfceb69636b8 2a25fe0073ca2e38d5ae4d522e1a0c034fb6eca6 5177947ff2cfaa7fbcd75029a5c6f49fcedfe2c75283ec424ac78e30313c6e18 Loading...

	#2 Eval - 5affbeec13c5d9dacc3a3e45d0d8c684	26 B	2023-03-07	2024-02-12
Pretty Observations First Seen2023-03-07 12:55:32 Last Seen2024-02-12 01:56:44 Times Seen8 Hash 5affbeec13c5d9dacc3a3e45d0d8c684 65c23ae88fe925aff99d5e57c697a6bf11be16bc 5976c71bc9ff7d91d5bd4f4fecdec167fbf2d608b27ce34412e9010e75138cc0 Loading...

	#3 Eval - 9eefc3334936084f0dcff61c44c62994	27 B	2023-03-07	2023-05-22
Pretty Observations First Seen2023-03-07 12:55:32 Last Seen2023-05-22 11:56:53 Times Seen6 Hash 9eefc3334936084f0dcff61c44c62994 7c4be48f953e5297378747d480e0ff6b4117cd0f 44074c38ab380125e256a3eaea554519b27e47f494b8abb22dadd137c60b6b90 Loading...

	#4 Eval - 8a924f9376157bbff120eb7fbeff7e1c	28 B	2023-03-07	2024-02-12
Pretty Observations First Seen2023-03-07 12:55:32 Last Seen2024-02-12 01:56:44 Times Seen8 Hash 8a924f9376157bbff120eb7fbeff7e1c e2ef4152b99ef28f7dd17622945a16db390f1a43 836fda26d86bb5faf05b428e8a1dbb092f52d956b487358768195f208086c09c Loading...

	#5 Eval - 2d4f5d6bd06922715b0004b44efe5fef	25 B	2023-03-07	2024-02-12
Pretty Observations First Seen2023-03-07 12:55:32 Last Seen2024-02-12 01:56:45 Times Seen8 Hash 2d4f5d6bd06922715b0004b44efe5fef e0398ff007931bc52cac9a5410be1ec6c9aa739f d9d9b52f3a6e4089c68adcc1b44f412e730fab1b25ec8e75d8d2b042fb6e52fc Loading...

	#6 Eval - c3ef083e8e71e8de48d9700df1a58bc2	29 B	2023-03-07	2024-02-12
Pretty Observations First Seen2023-03-07 12:55:32 Last Seen2024-02-12 01:56:44 Times Seen8 Hash c3ef083e8e71e8de48d9700df1a58bc2 0254fa686423363d2671af06c8f7d3eeb5342e9a dc04e4ff47db087c390fddac59993d5b05c6f4575630d769c327491b5d85757f Loading...

HTTP Transactions (42)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c19f4a1def760c07cbc4aec1d0d6c050
6ad911a7c02f5e5fdd82fa86cae0453528d53a6d
750bba81910a4bbd78ab484ba03781a36459a0aec147d7c47424e9a9bf152b40

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "750BBA81910A4BBD78AB484BA03781A36459A0AEC147D7C47424E9A9BF152B40"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14545
Expires: Sat, 22 Oct 2022 09:55:53 GMT
Date: Sat, 22 Oct 2022 05:53:28 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.35

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bdb8b66c705a7b996496d780f50c00b5
403ae92039fcc933870f51f913f78ccaf9652256
c923ed2539f4ce9f4d43743c402fbb2060a52a4cbedbf14c5f5742ab718073d6

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Content-Length, Retry-After, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 22 Oct 2022 05:52:39 GMT
Expires: Sat, 22 Oct 2022 05:59:04 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 8C6eKpm-FrXjPzB5QNmcg0TOgo5KwNYkZOPZzGX69RBG4z0O0oPfHg==
Age: 49

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9dc4f23f82148797f6d8041bdda3c7f7
6841ded3e2dd94fd762316d01efd43f7aafb8354
e229db1854a85b320cee574e805210f3adf5797136ea820c0a0ce9abcd63d4dd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E229DB1854A85B320CEE574E805210F3ADF5797136EA820C0A0CE9ABCD63D4DD"
Last-Modified: Thu, 20 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14500
Expires: Sat, 22 Oct 2022 09:55:08 GMT
Date: Sat, 22 Oct 2022 05:53:28 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: Pa7REDC7XyPxxN9R26kZTzGEKStG+jkbfz+s7UeiA0pDty8QD0QgLMiK0Qp1/SK7ihww7Z8CceA=
x-amz-request-id: QFSCG3NN531EAFAN
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 22 Oct 2022 05:37:27 GMT
age: 961
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 05:53:28 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

fika88.com/

18.138.91.122

301 Moved Permanently

178 B

URL HTTP/1.1
fika88.com/
IP
18.138.91.122:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: fika88.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 22 Oct 2022 05:53:28 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: http://www.fika88.com/

www.fika88.com/

104.18.14.215

301 Moved Permanently

0 B

URL HTTP/1.1
www.fika88.com/
IP
104.18.14.215:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: www.fika88.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Sat, 22 Oct 2022 05:53:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 22 Oct 2022 06:53:28 GMT
Location: https://www.fika88.com/
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75dff909aa390b06-OSL

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.35

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sat, 22 Oct 2022 05:43:40 GMT
Expires: Sat, 22 Oct 2022 05:58:56 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 0sHqbzimlNRiCZCvSB3bCJ5REXew6Rlxhl2j3rrZJc9sVsje_dKu7A==
Age: 588

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
4578dc3ac67d9b596e61160c7792381d
47c5daa59992938fb23c788919b0f80bcb9f1fbf
70cea524eb6047d2f5027c79802f16e2d5d6a7b703cce06b70323e42df40d258

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=100865
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 05:53:28 GMT
Etag: "63526c59-118"
Expires: Sun, 23 Oct 2022 09:54:33 GMT
Last-Modified: Fri, 21 Oct 2022 09:54:33 GMT
Server: nginx
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
f47cc320695635b544a761f72f3afc6f
b7cee764dcb0a625e0f8e0b4a4fce04548a1bf76
78608be3d0d6aaaf0364aed316b8676ab28d23c9b6a8ac6c147cf5d16e5cc283

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3393
Cache-Control: max-age=97791
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 05:53:29 GMT
Etag: "63525317-1d7"
Expires: Sun, 23 Oct 2022 09:03:20 GMT
Last-Modified: Fri, 21 Oct 2022 08:06:47 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

35.164.183.116

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.164.183.116:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: u7298rOAaMez2A1Si1akqA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: twFdh+AxI5oJl21rgetpbGljKL8=

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
56aa4d33e288d7ec3acf3ac1a61ef7f9
ac2e2f3609cc604dde554e37471567c042bf8191
544823f794ac3e837c81449d896a9dcbe94f4d59a13e293d84b5af44531141d0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "544823F794AC3E837C81449D896A9DCBE94F4D59A13E293D84B5AF44531141D0"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15150
Expires: Sat, 22 Oct 2022 10:06:00 GMT
Date: Sat, 22 Oct 2022 05:53:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
56aa4d33e288d7ec3acf3ac1a61ef7f9
ac2e2f3609cc604dde554e37471567c042bf8191
544823f794ac3e837c81449d896a9dcbe94f4d59a13e293d84b5af44531141d0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "544823F794AC3E837C81449D896A9DCBE94F4D59A13E293D84B5AF44531141D0"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15150
Expires: Sat, 22 Oct 2022 10:06:00 GMT
Date: Sat, 22 Oct 2022 05:53:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
56aa4d33e288d7ec3acf3ac1a61ef7f9
ac2e2f3609cc604dde554e37471567c042bf8191
544823f794ac3e837c81449d896a9dcbe94f4d59a13e293d84b5af44531141d0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "544823F794AC3E837C81449D896A9DCBE94F4D59A13E293D84B5AF44531141D0"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15150
Expires: Sat, 22 Oct 2022 10:06:00 GMT
Date: Sat, 22 Oct 2022 05:53:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
56aa4d33e288d7ec3acf3ac1a61ef7f9
ac2e2f3609cc604dde554e37471567c042bf8191
544823f794ac3e837c81449d896a9dcbe94f4d59a13e293d84b5af44531141d0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "544823F794AC3E837C81449D896A9DCBE94F4D59A13E293D84B5AF44531141D0"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15150
Expires: Sat, 22 Oct 2022 10:06:00 GMT
Date: Sat, 22 Oct 2022 05:53:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
56aa4d33e288d7ec3acf3ac1a61ef7f9
ac2e2f3609cc604dde554e37471567c042bf8191
544823f794ac3e837c81449d896a9dcbe94f4d59a13e293d84b5af44531141d0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "544823F794AC3E837C81449D896A9DCBE94F4D59A13E293D84B5AF44531141D0"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15150
Expires: Sat, 22 Oct 2022 10:06:00 GMT
Date: Sat, 22 Oct 2022 05:53:30 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84809f37-0e01-4278-ba97-357c4a1b454e.webp

34.120.237.76

200 OK

5.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84809f37-0e01-4278-ba97-357c4a1b454e.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.5 kB (5517 bytes)
Hash
1ee464d6a426da49571c97060e65a4e8
aef2208c82085b4dc8472ee28bc63b9a8832fe0e
704e9800cb12b9b2927e85901b21fbb22303f11bf4b052340d0fc610414e2a6d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84809f37-0e01-4278-ba97-357c4a1b454e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5517
x-amzn-requestid: 560e0ccc-0551-461d-98fd-f94d9a026fb8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-pSExDIAMFpMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6353116e-0420e4ac6cceec1749a44819;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:38:54 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: TDa1YZjZ70BYwTbiiaBV1J1WVtzXpAZ1j-wKfsviXvhbhnc8f0Huiw==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:02:32 GMT
age: 28258
etag: "aef2208c82085b4dc8472ee28bc63b9a8832fe0e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd771af0d-55ee-450f-bbb3-a9e419e74a51.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.4 kB (7372 bytes)
Hash
616e14aee034bbf77c3b74b3ea53961b
ebf69c1ff6dc9450f33aef5dc2403d4df17a4c2c
0ae716474e2837c90c658d635fb9db2c8d4cdb7bf025b8e4e9e802e3ff56b0c3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd771af0d-55ee-450f-bbb3-a9e419e74a51.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7372
x-amzn-requestid: 080f5f7f-51a8-4ef5-9acc-0c7f7f64defb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-ojEg2IAMFjPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63531169-5106c8af6e77450c33a0c899;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:38:49 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: vP9aRT8xL5F2kf36A-lMaIQ9FSAEUGo8jmx9y63iIBDdyWYujkXXPw==
via: 1.1 2e20768704c71ff3ce2e677251d27f3c.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:05:57 GMT
age: 28053
etag: "ebf69c1ff6dc9450f33aef5dc2403d4df17a4c2c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb5f34cfb-1029-497a-8d09-65db888e6f11.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.8 kB (7821 bytes)
Hash
f4fb0f4c9ac5a88678baf456107f5341
f6c54dbdfad7e243fe38c03f004c4c79f96b2892
b2fc6c453d7ed610521fcf34d7736a20191d86b485fd57236d2d2c4849cbb8d9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb5f34cfb-1029-497a-8d09-65db888e6f11.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7821
x-amzn-requestid: b3b72561-80fd-4b73-862c-ad070f135634
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-LzEkrIAMFmrQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310b1-73f427947c17f35667c0b443;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:35:45 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Mq7h4TJkHKd-I9c01ao1yJ3izpJLRiMG_Sk3_e2pQDGCyunY2RlI3Q==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:02:32 GMT
age: 28258
etag: "f6c54dbdfad7e243fe38c03f004c4c79f96b2892"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a5e4785-ab9f-452d-bc24-763f20fb6177.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12458 bytes)
Hash
549dca2052f890e6fd93fe72faed3e59
b4518ffaaadd6cdf297c22d196ee59597bef5586
fd9de6393f878755addfb2d4b83cf0c135abb4243ea9834dd013e0ae7662f389

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a5e4785-ab9f-452d-bc24-763f20fb6177.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12458
x-amzn-requestid: 1a738dda-ce4a-4bb5-bc5f-cb6c0ab0fc4a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-pTHeBIAMFsaQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6353116e-12bb631f3657342b0680bb55;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:38:54 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 5lNO9mRmBUiQ1uAp7eg_9xXM2RJxnwrnY1YRE8lwrF8Q1BRVpem2Ug==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:00:10 GMT
age: 28400
etag: "b4518ffaaadd6cdf297c22d196ee59597bef5586"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d7888fa-b929-4b9c-b42a-48eeeefeb499.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9534 bytes)
Hash
cc263c0f18e27e8b7f6b841c1e400069
06e91c12abd2c7182991312a4ca0a71c8c0b898d
98b8a8d1c1b279424ac967d0f6e333b5ba981450c3a5823695c5f4490f6d7330

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d7888fa-b929-4b9c-b42a-48eeeefeb499.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9534
x-amzn-requestid: ad6b6fb0-d36e-4aa4-abba-a931a040b0f3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-czHZgoAMFX2A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6353111e-40f2629721fa12570aa1eb86;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:37:34 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: CT7cukYC2rFTB2Je5RYw1qQBAzBSeb2sZMCdBNNCsZ346Lb89-Q_6Q==
via: 1.1 d2575afea3774df33dcf5e5ff475025e.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:08:29 GMT
age: 27901
etag: "06e91c12abd2c7182991312a4ca0a71c8c0b898d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F63f136cc-8688-48a8-a173-5f57e08e25bb.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10684 bytes)
Hash
5ef386b42bd6b9efb747cfeb3d64fb7a
db63f62383d513348c1ef231ea4fb58d7e1e044e
988cb73f0fef893d2d65a66fad0b171350102f4496fa5ba22e415d5929373d0f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F63f136cc-8688-48a8-a173-5f57e08e25bb.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10684
x-amzn-requestid: 643c8e7b-15e9-4241-8ba1-e3f4a4592373
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-okE7AoAMFjDQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63531169-705159c619bc23880acd4d42;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:38:49 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: CWLtJnrAc5b0j1aPGbuOaGuPRYzwNM0xGGP1muEwkPsih8c0iryoGw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:05:57 GMT
age: 28053
etag: "db63f62383d513348c1ef231ea4fb58d7e1e044e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.fika88.com/assets/bundles/themes/default.min.css?ver=2022051200

104.18.15.215

200 OK

2.2 kB

URL HTTP/2
www.fika88.com/assets/bundles/themes/default.min.css?ver=2022051200
IP
104.18.15.215:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (9495), with no line terminators
Size
2.2 kB (2189 bytes)
Hash
d7d6a66a0e7051484dd3ff07c64eccfc
76c4c333925fe400200c8b35c963dfe89823d5de
9ebbe5d8944f63e5abb54e4cdfaf70831fb40c35b5c59af940e6243b67e603dc

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /assets/bundles/themes/default.min.css?ver=2022051200 HTTP/1.1
Host: www.fika88.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fika88.com/
Cookie: ASP.NET_SessionId=0za2bhp4fesif2xsjgkaipma; __utms=FD57DE73776AD8339A7DE727590C8D; __RequestVerificationToken=fQjkD_dzw_-vtisRPlDPPcHmvGhGJoXAeu0NAgXzcCwhve8KiciUBfwKaADOz4kUT83b1qO9jtkM352uIvcepH-irWA1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 22 Oct 2022 05:53:30 GMT
content-type: text/css
content-length: 2189
cache-control: max-age=2592000
content-encoding: gzip
last-modified: Fri, 19 Aug 2022 01:57:50 GMT
etag: "023b166fb3d81:0"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src *; img-src 'self' data:              https://sc.detecas.com/di/ec.ashx              https://sc.saceted.com/di/ec.ashx              https://sc.casemed.net/di/ec.ashx              https://sc.detecas.com/di/activator.ashx              https://sc.saceted.com/di/activator.ashx              https://sc.casemed.net/di/activator.ashx              https://sc.detecas.com/di/hc.html              https://sc.saceted.com/di/hc.html              https://sc.casemed.net/di/hc.html              https://sc.detecas.com/di/activator.ashx              https://sc.detecas.com/di2/activator.ashx              https://ws.detecas.com              https://sc.starixsoft.com/di2/activator.ashx              https://fps.starixsoft.com/ws              https://fps.starixsoft.com/di/activator.ashx              https://sc.detecas.com/di/ec.ashx              https://sc.detecas.com/di/dd.ashx              https://pw.detecas.com              https://www.google-analytics.com              https://www.google.com              https://www.gstatic.com              https://sentry.starixplay.com;              style-src 'self' 'unsafe-inline';              script-src 'self' 'unsafe-eval' 'unsafe-inline'              https://sc.detecas.com/di/ec.ashx              https://sc.saceted.com/di/ec.ashx              https://sc.casemed.net/di/ec.ashx              https://sc.detecas.com/di/activator.ashx              https://sc.saceted.com/di/activator.ashx              https://sc.casemed.net/di/activator.ashx              https://sc.detecas.com/di/hc.html              https://sc.saceted.com/di/hc.html              https://sc.casemed.net/di/hc.html              https://www.gstatic.com              https://www.google.com              https://sc.detecas.com/di/activator.ashx              https://sc.detecas.com/di2/activator.ashx              https://ws.detecas.com              https://sc.starixsoft.com/di2/activator.ashx              https://fps.starixsoft.com/ws              https://fps.starixsoft.com/di/activator.ashx              https://sc.detecas.com/di/ec.ashx              https://sc.detecas.com/di/dd.ashx              https://www.google-analytics.com              https://sentry.starixplay.com;
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 75dff91309b90b49-OSL
X-Firefox-Spdy: h2

www.fika88.com/assets/styles/alpha.slider-captcha.css?ver=2022051200

104.18.15.215

200 OK

802 B

URL HTTP/2
www.fika88.com/assets/styles/alpha.slider-captcha.css?ver=2022051200
IP
104.18.15.215:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (3861), with CRLF line terminators
Size
802 B (802 bytes)
Hash
7f1320d9a6ea4c281f0f0675f30af692
e8c45cee95559c05e810d6ed75337e1d5e882998
702cce5aa13202b766c75e342c1f84a92aa440ef742aba767c7031073085d4bc

HTTP Headers

GET /assets/styles/alpha.slider-captcha.css?ver=2022051200 HTTP/1.1
Host: www.fika88.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fika88.com/
Cookie: ASP.NET_SessionId=0za2bhp4fesif2xsjgkaipma; __utms=FD57DE73776AD8339A7DE727590C8D; __RequestVerificationToken=fQjkD_dzw_-vtisRPlDPPcHmvGhGJoXAeu0NAgXzcCwhve8KiciUBfwKaADOz4kUT83b1qO9jtkM352uIvcepH-irWA1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 22 Oct 2022 05:53:30 GMT
content-type: text/css
content-length: 802
cache-control: max-age=2592000
content-encoding: gzip
last-modified: Fri, 19 Aug 2022 01:57:50 GMT
etag: "023b166fb3d81:0"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src *; img-src 'self' data:              https://sc.detecas.com/di/ec.ashx              https://sc.saceted.com/di/ec.ashx              https://sc.casemed.net/di/ec.ashx              https://sc.detecas.com/di/activator.ashx              https://sc.saceted.com/di/activator.ashx              https://sc.casemed.net/di/activator.ashx              https://sc.detecas.com/di/hc.html              https://sc.saceted.com/di/hc.html              https://sc.casemed.net/di/hc.html              https://sc.detecas.com/di/activator.ashx              https://sc.detecas.com/di2/activator.ashx              https://ws.detecas.com              https://sc.starixsoft.com/di2/activator.ashx              https://fps.starixsoft.com/ws              https://fps.starixsoft.com/di/activator.ashx              https://sc.detecas.com/di/ec.ashx              https://sc.detecas.com/di/dd.ashx              https://pw.detecas.com              https://www.google-analytics.com              https://www.google.com              https://www.gstatic.com              https://sentry.starixplay.com;              style-src 'self' 'unsafe-inline';              script-src 'self' 'unsafe-eval' 'unsafe-inline'              https://sc.detecas.com/di/ec.ashx              https://sc.saceted.com/di/ec.ashx              https://sc.casemed.net/di/ec.ashx              https://sc.detecas.com/di/activator.ashx              https://sc.saceted.com/di/activator.ashx              https://sc.casemed.net/di/activator.ashx              https://sc.detecas.com/di/hc.html              https://sc.saceted.com/di/hc.html              https://sc.casemed.net/di/hc.html              https://www.gstatic.com              https://www.google.com              https://sc.detecas.com/di/activator.ashx              https://sc.detecas.com/di2/activator.ashx              https://ws.detecas.com              https://sc.starixsoft.com/di2/activator.ashx              https://fps.starixsoft.com/ws              https://fps.starixsoft.com/di/activator.ashx              https://sc.detecas.com/di/ec.ashx              https://sc.detecas.com/di/dd.ashx              https://www.google-analytics.com              https://sentry.starixplay.com;
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 75dff91309ba0b49-OSL
X-Firefox-Spdy: h2

www.fika88.com/assets/scripts/login/fps.js?ver=2022051200

104.18.15.215

200 OK

883 B

URL HTTP/2
www.fika88.com/assets/scripts/login/fps.js?ver=2022051200
IP
104.18.15.215:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
883 B (883 bytes)
Hash
4ae5ab5700b89ca88a04ebb31fa1f16b
accc43312fe1628c149d114563aba6261404924f
32fd9a3cd639bee61ae108fe7f2e2b709281b2e13da038bb80c9bdc4cd5faf58

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /assets/scripts/login/fps.js?ver=2022051200 HTTP/1.1
Host: www.fika88.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fika88.com/
Cookie: ASP.NET_SessionId=0za2bhp4fesif2xsjgkaipma; __utms=FD57DE73776AD8339A7DE727590C8D; __RequestVerificationToken=fQjkD_dzw_-vtisRPlDPPcHmvGhGJoXAeu0NAgXzcCwhve8KiciUBfwKaADOz4kUT83b1qO9jtkM352uIvcepH-irWA1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 22 Oct 2022 05:53:30 GMT
content-type: text/javascript
content-length: 883
cache-control: max-age=2592000
content-encoding: gzip
last-modified: Tue, 16 Aug 2022 06:02:13 GMT
etag: "8020a2ba35b1d81:0"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src *; img-src 'self' data:              https://sc.detecas.com/di/ec.ashx              https://sc.saceted.com/di/ec.ashx              https://sc.casemed.net/di/ec.ashx              https://sc.detecas.com/di/activator.ashx              https://sc.saceted.com/di/activator.ashx              https://sc.casemed.net/di/activator.ashx              https://sc.detecas.com/di/hc.html              https://sc.saceted.com/di/hc.html              https://sc.casemed.net/di/hc.html              https://sc.detecas.com/di/activator.ashx              https://sc.detecas.com/di2/activator.ashx              https://ws.detecas.com              https://sc.starixsoft.com/di2/activator.ashx              https://fps.starixsoft.com/ws              https://fps.starixsoft.com/di/activator.ashx              https://sc.detecas.com/di/ec.ashx              https://sc.detecas.com/di/dd.ashx              https://pw.detecas.com              https://www.google-analytics.com              https://www.google.com              https://www.gstatic.com              https://sentry.starixplay.com;              style-src 'self' 'unsafe-inline';              script-src 'self' 'unsafe-eval' 'unsafe-inline'              https://sc.detecas.com/di/ec.ashx              https://sc.saceted.com/di/ec.ashx              https://sc.casemed.net/di/ec.ashx              https://sc.detecas.com/di/activator.ashx              https://sc.saceted.com/di/activator.ashx              https://sc.casemed.net/di/activator.ashx              https://sc.detecas.com/di/hc.html              https://sc.saceted.com/di/hc.html              https://sc.casemed.net/di/hc.html              https://www.gstatic.com              https://www.google.com              https://sc.detecas.com/di/activator.ashx              https://sc.detecas.com/di2/activator.ashx              https://ws.detecas.com              https://sc.starixsoft.com/di2/activator.ashx              https://fps.starixsoft.com/ws              https://fps.starixsoft.com/di/activator.ashx              https://sc.detecas.com/di/ec.ashx              https://sc.detecas.com/di/dd.ashx              https://www.google-analytics.com              https://sentry.starixplay.com;
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 75dff91309bd0b49-OSL
X-Firefox-Spdy: h2

www.fika88.com/assets/styles/vendors-extensions/login/bootstrap-ex.min.css?ver=2022051200

104.18.15.215

200 OK

5.0 kB

URL HTTP/2
www.fika88.com/assets/styles/vendors-extensions/login/bootstrap-ex.min.css?ver=2022051200
IP
104.18.15.215:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (22897), with CRLF line terminators
Size
5.0 kB (5027 bytes)
Hash
ae4136b70d13d24976618f22fd34b810
61659ab2140478fa4137e2a61a8b7b489888b193
26024cc7fbc57f955d1ef01272a01200059c5a761f6581b6fcf5992c35f054af

HTTP Headers

GET /assets/styles/vendors-extensions/login/bootstrap-ex.min.css?ver=2022051200 HTTP/1.1
Host: www.fika88.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fika88.com/
Cookie: ASP.NET_SessionId=0za2bhp4fesif2xsjgkaipma; __utms=FD57DE73776AD8339A7DE727590C8D; __RequestVerificationToken=fQjkD_dzw_-vtisRPlDPPcHmvGhGJoXAeu0NAgXzcCwhve8KiciUBfwKaADOz4kUT83b1qO9jtkM352uIvcepH-irWA1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 22 Oct 2022 05:53:30 GMT
content-type: text/css
content-length: 5027
cache-control: max-age=2592000
content-encoding: gzip
last-modified: Tue, 16 Aug 2022 04:48:12 GMT
etag: "04e97632bb1d81:0"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src *; img-src 'self' data:              https://sc.detecas.com/di/ec.ashx              https://sc.saceted.com/di/ec.ashx              https://sc.casemed.net/di/ec.ashx              https://sc.detecas.com/di/activator.ashx              https://sc.saceted.com/di/activator.ashx              https://sc.casemed.net/di/activator.ashx              https://sc.detecas.com/di/hc.html              https://sc.saceted.com/di/hc.html              https://sc.casemed.net/di/hc.html              https://sc.detecas.com/di/activator.ashx              https://sc.detecas.com/di2/activator.ashx              https://ws.detecas.com              https://sc.starixsoft.com/di2/activator.ashx              https://fps.starixsoft.com/ws              https://fps.starixsoft.com/di/activator.ashx              https://sc.detecas.com/di/ec.ashx              https://sc.detecas.com/di/dd.ashx              https://pw.detecas.com              https://www.google-analytics.com              https://www.google.com              https://www.gstatic.com              https://sentry.starixplay.com;              style-src 'self' 'unsafe-inline';              script-src 'self' 'unsafe-eval' 'unsafe-inline'              https://sc.detecas.com/di/ec.ashx              https://sc.saceted.com/di/ec.ashx              https://sc.casemed.net/di/ec.ashx              https://sc.detecas.com/di/activator.ashx              https://sc.saceted.com/di/activator.ashx              https://sc.casemed.net/di/activator.ashx              https://sc.detecas.com/di/hc.html              https://sc.saceted.com/di/hc.html              https://sc.casemed.net/di/hc.html              https://www.gstatic.com              https://www.google.com              https://sc.detecas.com/di/activator.ashx              https://sc.detecas.com/di2/activator.ashx              https://ws.detecas.com              https://sc.starixsoft.com/di2/activator.ashx              https://fps.starixsoft.com/ws              https://fps.starixsoft.com/di/activator.ashx              https://sc.detecas.com/di/ec.ashx              https://sc.detecas.com/di/dd.ashx              https://www.google-analytics.com              https://sentry.starixplay.com;
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 75dff912f9b80b49-OSL
X-Firefox-Spdy: h2

www.fika88.com/assets/styles/images/sprites2.png

104.18.15.215

200 OK

6.0 kB

URL HTTP/2
www.fika88.com/assets/styles/images/sprites2.png
IP
104.18.15.215:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 115 x 116, 8-bit/color RGBA, non-interlaced\012- data
Size
6.0 kB (5981 bytes)
Hash
086f86511b0813d1d729762d4abd4240
d5dc9fccead81ab85acd0d770bf39bd8b2c7f0a0
c79966b969c421b3c2ce86193262adaddf406717f7899a071204bc62975b2a57

HTTP Headers

GET /assets/styles/images/sprites2.png HTTP/1.1
Host: www.fika88.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fika88.com/assets/bundles/themes/default.min.css?ver=2022051200
Cookie: ASP.NET_SessionId=0za2bhp4fesif2xsjgkaipma; __utms=FD57DE73776AD8339A7DE727590C8D; __RequestVerificationToken=fQjkD_dzw_-vtisRPlDPPcHmvGhGJoXAeu0NAgXzcCwhve8KiciUBfwKaADOz4kUT83b1qO9jtkM352uIvcepH-irWA1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 22 Oct 2022 05:53:31 GMT
content-type: image/png
content-length: 5981
cache-control: max-age=2592000
last-modified: Fri, 19 Aug 2022 01:57:50 GMT
etag: "023b166fb3d81:0"
strict-transport-security: max-age=15768000
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src *; img-src 'self' data:              https://sc.detecas.com/di/ec.ashx              https://sc.saceted.com/di/ec.ashx              https://sc.casemed.net/di/ec.ashx              https://sc.detecas.com/di/activator.ashx              https://sc.saceted.com/di/activator.ashx              https://sc.casemed.net/di/activator.ashx              https://sc.detecas.com/di/hc.html              https://sc.saceted.com/di/hc.html              https://sc.casemed.net/di/hc.html              https://sc.detecas.com/di/activator.ashx              https://sc.detecas.com/di2/activator.ashx              https://ws.detecas.com              https://sc.starixsoft.com/di2/activator.ashx              https://fps.starixsoft.com/ws              https://fps.starixsoft.com/di/activator.ashx              https://sc.detecas.com/di/ec.ashx              https://sc.detecas.com/di/dd.ashx              https://pw.detecas.com              https://www.google-analytics.com              https://www.google.com              https://www.gstatic.com              https://sentry.starixplay.com;              style-src 'self' 'unsafe-inline';              script-src 'self' 'unsafe-eval' 'unsafe-inline'              https://sc.detecas.com/di/ec.ashx              https://sc.saceted.com/di/ec.ashx              https://sc.casemed.net/di/ec.ashx              https://sc.detecas.com/di/activator.ashx              https://sc.saceted.com/di/activator.ashx              https://sc.casemed.net/di/activator.ashx              https://sc.detecas.com/di/hc.html              https://sc.saceted.com/di/hc.html              https://sc.casemed.net/di/hc.html              https://www.gstatic.com              https://www.google.com              https://sc.detecas.com/di/activator.ashx              https://sc.detecas.com/di2/activator.ashx              https://ws.detecas.com              https://sc.starixsoft.com/di2/activator.ashx              https://fps.starixsoft.com/ws              https://fps.starixsoft.com/di/activator.ashx              https://sc.detecas.com/di/ec.ashx              https://sc.detecas.com/di/dd.ashx              https://www.google-analytics.com              https://sentry.starixplay.com;
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 75dff9183c870b49-OSL
X-Firefox-Spdy: h2

www.fika88.com/assets/bundles/login.min.js?ver=2022051200

104.18.15.215

200 OK

63 kB

URL HTTP/2
www.fika88.com/assets/bundles/login.min.js?ver=2022051200
IP
104.18.15.215:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65240), with CRLF line terminators
Size
63 kB (62937 bytes)
Hash
cb580936846381e044fffbe8548b6f9e
e130ed8a53056349b6039217885ebf2e795879d6
b7d22b39260277df0ff6d03193a02e4f1b153a1611e585d3689afd9737d1235e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /assets/bundles/login.min.js?ver=2022051200 HTTP/1.1
Host: www.fika88.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fika88.com/
Cookie: ASP.NET_SessionId=0za2bhp4fesif2xsjgkaipma; __utms=FD57DE73776AD8339A7DE727590C8D; __RequestVerificationToken=fQjkD_dzw_-vtisRPlDPPcHmvGhGJoXAeu0NAgXzcCwhve8KiciUBfwKaADOz4kUT83b1qO9jtkM352uIvcepH-irWA1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 22 Oct 2022 05:53:31 GMT
content-type: text/javascript
content-length: 62937
cache-control: max-age=2592000
content-encoding: gzip
last-modified: Tue, 16 Aug 2022 04:48:12 GMT
etag: "04e97632bb1d81:0"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src *; img-src 'self' data:              https://sc.detecas.com/di/ec.ashx              https://sc.saceted.com/di/ec.ashx              https://sc.casemed.net/di/ec.ashx              https://sc.detecas.com/di/activator.ashx              https://sc.saceted.com/di/activator.ashx              https://sc.casemed.net/di/activator.ashx              https://sc.detecas.com/di/hc.html              https://sc.saceted.com/di/hc.html              https://sc.casemed.net/di/hc.html              https://sc.detecas.com/di/activator.ashx              https://sc.detecas.com/di2/activator.ashx              https://ws.detecas.com              https://sc.starixsoft.com/di2/activator.ashx              https://fps.starixsoft.com/ws              https://fps.starixsoft.com/di/activator.ashx              https://sc.detecas.com/di/ec.ashx              https://sc.detecas.com/di/dd.ashx              https://pw.detecas.com              https://www.google-analytics.com              https://www.google.com              https://www.gstatic.com              https://sentry.starixplay.com;              style-src 'self' 'unsafe-inline';              script-src 'self' 'unsafe-eval' 'unsafe-inline'              https://sc.detecas.com/di/ec.ashx              https://sc.saceted.com/di/ec.ashx              https://sc.casemed.net/di/ec.ashx              https://sc.detecas.com/di/activator.ashx              https://sc.saceted.com/di/activator.ashx              https://sc.casemed.net/di/activator.ashx              https://sc.detecas.com/di/hc.html              https://sc.saceted.com/di/hc.html              https://sc.casemed.net/di/hc.html              https://www.gstatic.com              https://www.google.com              https://sc.detecas.com/di/activator.ashx              https://sc.detecas.com/di2/activator.ashx              https://ws.detecas.com              https://sc.starixsoft.com/di2/activator.ashx              https://fps.starixsoft.com/ws              https://fps.starixsoft.com/di/activator.ashx              https://sc.detecas.com/di/ec.ashx              https://sc.detecas.com/di/dd.ashx              https://www.google-analytics.com              https://sentry.starixplay.com;
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 75dff91309bb0b49-OSL
X-Firefox-Spdy: h2

www.fika88.com/assets/styles/images/crossword.png

104.18.15.215

200 OK

44 kB

URL HTTP/2
www.fika88.com/assets/styles/images/crossword.png
IP
104.18.15.215:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 400 x 400, 4-bit colormap, non-interlaced\012- data
Size
44 kB (43694 bytes)
Hash
b5c5ab66d8331513696fe3ec992187a0
84bc265bc6c53141f9656878b371ca93543090c0
2f23f323330dd47e39b3af4892097e56ef0cabf5980e4c2ed794f58d4f629437

HTTP Headers

GET /assets/styles/images/crossword.png HTTP/1.1
Host: www.fika88.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fika88.com/assets/bundles/themes/default.min.css?ver=2022051200
Cookie: ASP.NET_SessionId=0za2bhp4fesif2xsjgkaipma; __utms=FD57DE73776AD8339A7DE727590C8D; __RequestVerificationToken=fQjkD_dzw_-vtisRPlDPPcHmvGhGJoXAeu0NAgXzcCwhve8KiciUBfwKaADOz4kUT83b1qO9jtkM352uIvcepH-irWA1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 22 Oct 2022 05:53:31 GMT
content-type: image/png
content-length: 43694
cache-control: max-age=2592000
last-modified: Fri, 19 Aug 2022 01:57:50 GMT
etag: "023b166fb3d81:0"
strict-transport-security: max-age=15768000
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src *; img-src 'self' data:              https://sc.detecas.com/di/ec.ashx              https://sc.saceted.com/di/ec.ashx              https://sc.casemed.net/di/ec.ashx              https://sc.detecas.com/di/activator.ashx              https://sc.saceted.com/di/activator.ashx              https://sc.casemed.net/di/activator.ashx              https://sc.detecas.com/di/hc.html              https://sc.saceted.com/di/hc.html              https://sc.casemed.net/di/hc.html              https://sc.detecas.com/di/activator.ashx              https://sc.detecas.com/di2/activator.ashx              https://ws.detecas.com              https://sc.starixsoft.com/di2/activator.ashx              https://fps.starixsoft.com/ws              https://fps.starixsoft.com/di/activator.ashx              https://sc.detecas.com/di/ec.ashx              https://sc.detecas.com/di/dd.ashx              https://pw.detecas.com              https://www.google-analytics.com              https://www.google.com              https://www.gstatic.com              https://sentry.starixplay.com;              style-src 'self' 'unsafe-inline';              script-src 'self' 'unsafe-eval' 'unsafe-inline'              https://sc.detecas.com/di/ec.ashx              https://sc.saceted.com/di/ec.ashx              https://sc.casemed.net/di/ec.ashx              https://sc.detecas.com/di/activator.ashx              https://sc.saceted.com/di/activator.ashx              https://sc.casemed.net/di/activator.ashx              https://sc.detecas.com/di/hc.html              https://sc.saceted.com/di/hc.html              https://sc.casemed.net/di/hc.html              https://www.gstatic.com              https://www.google.com              https://sc.detecas.com/di/activator.ashx              https://sc.detecas.com/di2/activator.ashx              https://ws.detecas.com              https://sc.starixsoft.com/di2/activator.ashx              https://fps.starixsoft.com/ws              https://fps.starixsoft.com/di/activator.ashx              https://sc.detecas.com/di/ec.ashx              https://sc.detecas.com/di/dd.ashx              https://www.google-analytics.com              https://sentry.starixplay.com;
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 75dff9183c830b49-OSL
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
a99f6a1740204aa4d30120bb58d1bffe
1fd7c7075886d001c2c328b02f5489b4d22afede
8785f89e8d163870cf2f0eb1a6f3f065c04012410bb176acbbd638c3d5f42256

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=127496
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 05:53:31 GMT
Etag: "6352d463-117"
Expires: Sun, 23 Oct 2022 17:18:27 GMT
Last-Modified: Fri, 21 Oct 2022 17:18:27 GMT
Server: nginx
Content-Length: 279

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c858a12e44e69c88415df865633d69e5
6439bc517be8dc055587f3eee75056af0079a41f
aba0dcd4155600a9827dc9414f4b3f5cbfa0046a326abe16183c670942db1547

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ABA0DCD4155600A9827DC9414F4B3F5CBFA0046A326ABE16183C670942DB1547"
Last-Modified: Wed, 19 Oct 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17215
Expires: Sat, 22 Oct 2022 10:40:26 GMT
Date: Sat, 22 Oct 2022 05:53:31 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5c55878e5497c4b44344514c0c9ec138
5d3ac89fdc7e29b6bb7b1eb45b953c0db98dd5fd
1c055466a0bcd6ba1302eac8270ca75cbb538283367008fe28e6f4fbb11ffe42

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1C055466A0BCD6BA1302EAC8270CA75CBB538283367008FE28E6F4FBB11FFE42"
Last-Modified: Fri, 21 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sat, 22 Oct 2022 11:53:31 GMT
Date: Sat, 22 Oct 2022 05:53:31 GMT
Connection: keep-alive

www.fika88.com/assets/styles/fonts/opensans/OpenSans-Regular.ttf

104.18.15.215

200 OK

217 kB

URL HTTP/2
www.fika88.com/assets/styles/fonts/opensans/OpenSans-Regular.ttf
IP
104.18.15.215:0
ASN
#13335 CLOUDFLARENET

File type
TrueType Font data, digitally signed, 19 tables, 1st "DSIG", 26 names, Macintosh, Digitized data copyright \251 2010-2011, Google Corporation.Open SansRegularAscender - Open Sans\012- data
Size
217 kB (217360 bytes)
Hash
629a55a7e793da068dc580d184cc0e31
3564ed0b5363df5cf277c16e0c6bedc5a682217f
e64e508b2aa2880f907e470c4550980ec4c0694d103a43f36150ac3f93189bee

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /assets/styles/fonts/opensans/OpenSans-Regular.ttf HTTP/1.1
Host: www.fika88.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fika88.com/assets/bundles/themes/default.min.css?ver=2022051200
Cookie: ASP.NET_SessionId=0za2bhp4fesif2xsjgkaipma; __utms=FD57DE73776AD8339A7DE727590C8D; __RequestVerificationToken=fQjkD_dzw_-vtisRPlDPPcHmvGhGJoXAeu0NAgXzcCwhve8KiciUBfwKaADOz4kUT83b1qO9jtkM352uIvcepH-irWA1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 22 Oct 2022 05:53:31 GMT
content-type: application/x-font-ttf
content-length: 217360
cache-control: max-age=2592000
last-modified: Fri, 19 Aug 2022 01:57:50 GMT
etag: "023b166fb3d81:0"
strict-transport-security: max-age=15768000
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src *; img-src 'self' data:              https://sc.detecas.com/di/ec.ashx              https://sc.saceted.com/di/ec.ashx              https://sc.casemed.net/di/ec.ashx              https://sc.detecas.com/di/activator.ashx              https://sc.saceted.com/di/activator.ashx              https://sc.casemed.net/di/activator.ashx              https://sc.detecas.com/di/hc.html              https://sc.saceted.com/di/hc.html              https://sc.casemed.net/di/hc.html              https://sc.detecas.com/di/activator.ashx              https://sc.detecas.com/di2/activator.ashx              https://ws.detecas.com              https://sc.starixsoft.com/di2/activator.ashx              https://fps.starixsoft.com/ws              https://fps.starixsoft.com/di/activator.ashx              https://sc.detecas.com/di/ec.ashx              https://sc.detecas.com/di/dd.ashx              https://pw.detecas.com              https://www.google-analytics.com              https://www.google.com              https://www.gstatic.com              https://sentry.starixplay.com;              style-src 'self' 'unsafe-inline';              script-src 'self' 'unsafe-eval' 'unsafe-inline'              https://sc.detecas.com/di/ec.ashx              https://sc.saceted.com/di/ec.ashx              https://sc.casemed.net/di/ec.ashx              https://sc.detecas.com/di/activator.ashx              https://sc.saceted.com/di/activator.ashx              https://sc.casemed.net/di/activator.ashx              https://sc.detecas.com/di/hc.html              https://sc.saceted.com/di/hc.html              https://sc.casemed.net/di/hc.html              https://www.gstatic.com              https://www.google.com              https://sc.detecas.com/di/activator.ashx              https://sc.detecas.com/di2/activator.ashx              https://ws.detecas.com              https://sc.starixsoft.com/di2/activator.ashx              https://fps.starixsoft.com/ws              https://fps.starixsoft.com/di/activator.ashx              https://sc.detecas.com/di/ec.ashx              https://sc.detecas.com/di/dd.ashx              https://www.google-analytics.com              https://sentry.starixplay.com;
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 75dff9184c8d0b49-OSL
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a3fdd9e071acb27004fdb544a8af90e6
54fedee008a20debeee1ddece03ef531e60218b8
add31be50928031cb35e7384da7a29259ad9c421646af70d234fbac8cc1749fb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ADD31BE50928031CB35E7384DA7A29259AD9C421646AF70D234FBAC8CC1749FB"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sat, 22 Oct 2022 11:53:31 GMT
Date: Sat, 22 Oct 2022 05:53:31 GMT
Connection: keep-alive

sc.casemed.net/di/hc.html

54.230.111.12

200 OK

205 B

URL HTTP/2
sc.casemed.net/di/hc.html
IP
54.230.111.12:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
205 B (205 bytes)
Hash
77c054f8b81343374662df079138ecdf
5074c0e0d8ea926d5b3afeae9f11b2d4d1eaae62
0d32ba2390235ab29d5086712e791b9cb8605ba53ccb58314c1bf62100cb9599

HTTP Headers

GET /di/hc.html HTTP/1.1
Host: sc.casemed.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.fika88.com/
Origin: https://www.fika88.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html
content-length: 205
server: nginx
date: Sat, 22 Oct 2022 05:53:32 GMT
content-encoding: gzip
last-modified: Wed, 18 Aug 2021 03:07:28 GMT
accept-ranges: bytes
etag: "dca74e2dde93d71:0"
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS
access-control-allow-credentials: true
via: mly, 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-mly-id: f47c1f4c9df95e4b840f97679218ad5a
timing-allow-origin: *
x-cache: Miss from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ZGbrxkl866FtaFUlP75qsYVGpmQmsUvze3ScxkY7SDE_IEcF9aXFSg==
X-Firefox-Spdy: h2

sc.saceted.com/di/hc.html

54.230.111.8

200 OK

205 B

URL HTTP/2
sc.saceted.com/di/hc.html
IP
54.230.111.8:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
205 B (205 bytes)
Hash
77c054f8b81343374662df079138ecdf
5074c0e0d8ea926d5b3afeae9f11b2d4d1eaae62
0d32ba2390235ab29d5086712e791b9cb8605ba53ccb58314c1bf62100cb9599

HTTP Headers

GET /di/hc.html HTTP/1.1
Host: sc.saceted.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.fika88.com/
Origin: https://www.fika88.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html
content-length: 205
server: nginx
date: Sat, 22 Oct 2022 05:53:32 GMT
content-encoding: gzip
last-modified: Wed, 18 Aug 2021 03:07:28 GMT
accept-ranges: bytes
etag: "dca74e2dde93d71:0"
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS
access-control-allow-credentials: true
via: mly, 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-mly-id: ec1608e26da49e2ed0bceb8c98074eb2
timing-allow-origin: *
x-cache: Miss from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: xlV_yrLqCW2PU8vKPTwQpK_PUf1byL3ZnS5QoiFtEjO8UJdK4PhsJA==
X-Firefox-Spdy: h2

www.fika88.com/assets/styles/images/mode/y9.svg

104.18.15.215

200 OK

616 B

URL HTTP/2
www.fika88.com/assets/styles/images/mode/y9.svg
IP
104.18.15.215:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (541), with CRLF line terminators
Size
616 B (616 bytes)
Hash
933b0a4ec3467abea13413bb4862d813
302d6d608d8620d4ef4f9666f1d57d17ce74fbe0
7a88461fca19366046c2c759ba75b72041c6fae36b6858fe40173730a0805590

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /assets/styles/images/mode/y9.svg HTTP/1.1
Host: www.fika88.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fika88.com/assets/bundles/themes/default.min.css?ver=2022051200
Cookie: ASP.NET_SessionId=0za2bhp4fesif2xsjgkaipma; __utms=FD57DE73776AD8339A7DE727590C8D; __RequestVerificationToken=fQjkD_dzw_-vtisRPlDPPcHmvGhGJoXAeu0NAgXzcCwhve8KiciUBfwKaADOz4kUT83b1qO9jtkM352uIvcepH-irWA1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 22 Oct 2022 05:53:31 GMT
content-type: image/svg+xml
cache-control: max-age=2592000
last-modified: Fri, 19 Aug 2022 01:57:50 GMT
etag: W/"023b166fb3d81:0"
strict-transport-security: max-age=15768000
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src *; img-src 'self' data:              https://sc.detecas.com/di/ec.ashx              https://sc.saceted.com/di/ec.ashx              https://sc.casemed.net/di/ec.ashx              https://sc.detecas.com/di/activator.ashx              https://sc.saceted.com/di/activator.ashx              https://sc.casemed.net/di/activator.ashx              https://sc.detecas.com/di/hc.html              https://sc.saceted.com/di/hc.html              https://sc.casemed.net/di/hc.html              https://sc.detecas.com/di/activator.ashx              https://sc.detecas.com/di2/activator.ashx              https://ws.detecas.com              https://sc.starixsoft.com/di2/activator.ashx              https://fps.starixsoft.com/ws              https://fps.starixsoft.com/di/activator.ashx              https://sc.detecas.com/di/ec.ashx              https://sc.detecas.com/di/dd.ashx              https://pw.detecas.com              https://www.google-analytics.com              https://www.google.com              https://www.gstatic.com              https://sentry.starixplay.com;              style-src 'self' 'unsafe-inline';              script-src 'self' 'unsafe-eval' 'unsafe-inline'              https://sc.detecas.com/di/ec.ashx              https://sc.saceted.com/di/ec.ashx              https://sc.casemed.net/di/ec.ashx              https://sc.detecas.com/di/activator.ashx              https://sc.saceted.com/di/activator.ashx              https://sc.casemed.net/di/activator.ashx              https://sc.detecas.com/di/hc.html              https://sc.saceted.com/di/hc.html              https://sc.casemed.net/di/hc.html              https://www.gstatic.com              https://www.google.com              https://sc.detecas.com/di/activator.ashx              https://sc.detecas.com/di2/activator.ashx              https://ws.detecas.com              https://sc.starixsoft.com/di2/activator.ashx              https://fps.starixsoft.com/ws              https://fps.starixsoft.com/di/activator.ashx              https://sc.detecas.com/di/ec.ashx              https://sc.detecas.com/di/dd.ashx              https://www.google-analytics.com              https://sentry.starixplay.com;
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 75dff9183c860b49-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

www.fika88.com/

104.18.15.215

200 OK

0 B

URL HTTP/2
www.fika88.com/
IP
104.18.15.215:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: www.fika88.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Sat, 22 Oct 2022 05:53:29 GMT
content-type: text/html; charset=utf-8
cache-control: private
vary: Accept-Encoding
set-cookie: ASP.NET_SessionId=0za2bhp4fesif2xsjgkaipma; path=/; HttpOnly; SameSite=Lax
ASP.NET_SessionId=0za2bhp4fesif2xsjgkaipma; path=/; HttpOnly; SameSite=Lax
__utms=FD57DE73776AD8339A7DE727590C8D; domain=www.fika88.com; expires=Sun, 23-Oct-2022 05:53:29 GMT; path=/; HttpOnly
__RequestVerificationToken=fQjkD_dzw_-vtisRPlDPPcHmvGhGJoXAeu0NAgXzcCwhve8KiciUBfwKaADOz4kUT83b1qO9jtkM352uIvcepH-irWA1; path=/; HttpOnly
x-frame-options: SAMEORIGIN, SAMEORIGIN
strict-transport-security: max-age=15768000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src *; img-src 'self' data:              https://sc.detecas.com/di/ec.ashx              https://sc.saceted.com/di/ec.ashx              https://sc.casemed.net/di/ec.ashx              https://sc.detecas.com/di/activator.ashx              https://sc.saceted.com/di/activator.ashx              https://sc.casemed.net/di/activator.ashx              https://sc.detecas.com/di/hc.html              https://sc.saceted.com/di/hc.html              https://sc.casemed.net/di/hc.html              https://sc.detecas.com/di/activator.ashx              https://sc.detecas.com/di2/activator.ashx              https://ws.detecas.com              https://sc.starixsoft.com/di2/activator.ashx              https://fps.starixsoft.com/ws              https://fps.starixsoft.com/di/activator.ashx              https://sc.detecas.com/di/ec.ashx              https://sc.detecas.com/di/dd.ashx              https://pw.detecas.com              https://www.google-analytics.com              https://www.google.com              https://www.gstatic.com              https://sentry.starixplay.com;              style-src 'self' 'unsafe-inline';              script-src 'self' 'unsafe-eval' 'unsafe-inline'              https://sc.detecas.com/di/ec.ashx              https://sc.saceted.com/di/ec.ashx              https://sc.casemed.net/di/ec.ashx              https://sc.detecas.com/di/activator.ashx              https://sc.saceted.com/di/activator.ashx              https://sc.casemed.net/di/activator.ashx              https://sc.detecas.com/di/hc.html              https://sc.saceted.com/di/hc.html              https://sc.casemed.net/di/hc.html              https://www.gstatic.com              https://www.google.com              https://sc.detecas.com/di/activator.ashx              https://sc.detecas.com/di2/activator.ashx              https://ws.detecas.com              https://sc.starixsoft.com/di2/activator.ashx              https://fps.starixsoft.com/ws              https://fps.starixsoft.com/di/activator.ashx              https://sc.detecas.com/di/ec.ashx              https://sc.detecas.com/di/dd.ashx              https://www.google-analytics.com              https://sentry.starixplay.com;
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 75dff90bce4a0b49-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

stcdn.agbong88.com/bundles/common/hc.css?v=1666418025209

104.18.14.215

200 OK

0 B

URL HTTP/2
stcdn.agbong88.com/bundles/common/hc.css?v=1666418025209
IP
104.18.14.215:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /bundles/common/hc.css?v=1666418025209 HTTP/1.1
Host: stcdn.agbong88.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.fika88.com
Connection: keep-alive
Referer: https://www.fika88.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 22 Oct 2022 05:53:33 GMT
content-type: text/css
last-modified: Tue, 18 Oct 2022 02:36:10 GMT
etag: W/"634e111a-6"
access-control-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: MISS
server: cloudflare
cf-ray: 75dff91d1c4fb4ff-OSL
X-Firefox-Spdy: h2

stcdn.b8ag.com/bundles/common/hc.css?v=1666418025208

104.18.14.215

200 OK

0 B

URL HTTP/2
stcdn.b8ag.com/bundles/common/hc.css?v=1666418025208
IP
104.18.14.215:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /bundles/common/hc.css?v=1666418025208 HTTP/1.1
Host: stcdn.b8ag.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.fika88.com
Connection: keep-alive
Referer: https://www.fika88.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 22 Oct 2022 05:53:31 GMT
content-type: text/css
last-modified: Tue, 18 Oct 2022 02:36:10 GMT
etag: W/"634e111a-6"
access-control-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: MISS
server: cloudflare
cf-ray: 75dff91b5b75fac8-OSL
X-Firefox-Spdy: h2

www.fika88.com/favicon.ico

104.18.15.215

200 OK

0 B

URL HTTP/2
www.fika88.com/favicon.ico
IP
104.18.15.215:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.fika88.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fika88.com/
Cookie: ASP.NET_SessionId=0za2bhp4fesif2xsjgkaipma; __utms=FD57DE73776AD8339A7DE727590C8D; __RequestVerificationToken=fQjkD_dzw_-vtisRPlDPPcHmvGhGJoXAeu0NAgXzcCwhve8KiciUBfwKaADOz4kUT83b1qO9jtkM352uIvcepH-irWA1; hidLanguage=en-US
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 22 Oct 2022 05:53:32 GMT
content-type: image/x-icon
cache-control: max-age=2592000
last-modified: Tue, 09 Aug 2022 07:09:43 GMT
etag: W/"80d5baffbeabd81:0"
strict-transport-security: max-age=15768000
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src *; img-src 'self' data:              https://sc.detecas.com/di/ec.ashx              https://sc.saceted.com/di/ec.ashx              https://sc.casemed.net/di/ec.ashx              https://sc.detecas.com/di/activator.ashx              https://sc.saceted.com/di/activator.ashx              https://sc.casemed.net/di/activator.ashx              https://sc.detecas.com/di/hc.html              https://sc.saceted.com/di/hc.html              https://sc.casemed.net/di/hc.html              https://sc.detecas.com/di/activator.ashx              https://sc.detecas.com/di2/activator.ashx              https://ws.detecas.com              https://sc.starixsoft.com/di2/activator.ashx              https://fps.starixsoft.com/ws              https://fps.starixsoft.com/di/activator.ashx              https://sc.detecas.com/di/ec.ashx              https://sc.detecas.com/di/dd.ashx              https://pw.detecas.com              https://www.google-analytics.com              https://www.google.com              https://www.gstatic.com              https://sentry.starixplay.com;              style-src 'self' 'unsafe-inline';              script-src 'self' 'unsafe-eval' 'unsafe-inline'              https://sc.detecas.com/di/ec.ashx              https://sc.saceted.com/di/ec.ashx              https://sc.casemed.net/di/ec.ashx              https://sc.detecas.com/di/activator.ashx              https://sc.saceted.com/di/activator.ashx              https://sc.casemed.net/di/activator.ashx              https://sc.detecas.com/di/hc.html              https://sc.saceted.com/di/hc.html              https://sc.casemed.net/di/hc.html              https://www.gstatic.com              https://www.google.com              https://sc.detecas.com/di/activator.ashx              https://sc.detecas.com/di2/activator.ashx              https://ws.detecas.com              https://sc.starixsoft.com/di2/activator.ashx              https://fps.starixsoft.com/ws              https://fps.starixsoft.com/di/activator.ashx              https://sc.detecas.com/di/ec.ashx              https://sc.detecas.com/di/dd.ashx              https://www.google-analytics.com              https://sentry.starixplay.com;
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 75dff92108970b49-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

sc.casemed.net/di/activator.ashx

54.230.111.12

200 OK

0 B

URL HTTP/2
sc.casemed.net/di/activator.ashx
IP
54.230.111.12:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /di/activator.ashx HTTP/1.1
Host: sc.casemed.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.fika88.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
server: nginx
date: Sat, 22 Oct 2022 05:53:33 GMT
cache-control: private, max-age=600
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS
access-control-allow-credentials: true
via: mly, 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-mly-id: 5f310edcda084b39fbd8cb9ae1dde0a6
timing-allow-origin: *
content-encoding: gzip
x-cache: Miss from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: UCWUfpMdeqesdFBe3budeeQeeH_-P6uCCBHR5fNom6S3_r-KiSoeaA==
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (42)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers