Overview

URL spotify-nz.com/payment/info.php?ip=172.71.98.26
IP104.21.40.125
ASNCLOUDFLARENET
Location
Report completed2022-09-25 10:12:00 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-09-24 2 spotify-nz.com/ Spotify
2022-09-24 2 spotify-nz.com/ Spotify
2022-09-24 2 spotify-nz.com/ Spotify
2022-09-24 2 spotify-nz.com/ Spotify
2022-09-24 2 spotify-nz.com/ Spotify
2022-09-24 2 spotify-nz.com/ Spotify
2022-09-24 2 spotify-nz.com/ Spotify
2022-09-24 2 spotify-nz.com/ Spotify
2022-09-24 2 spotify-nz.com/ Spotify
2022-09-24 2 spotify-nz.com/payment/info.php?ip=172.71.98.26 Spotify
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-25 2 spotify-nz.com/payment/css/adsct(1) Phishing
2022-09-25 2 spotify-nz.com/payment/css/adsct Phishing
2022-09-25 2 spotify-nz.com/payment/css/adsct(2) Phishing
2022-09-25 2 spotify-nz.com/payment/css/activityi.html Phishing
2022-09-25 2 spotify-nz.com/payment/info.php?ip=172.71.98.26 Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (10)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-25 05:42:52 UTC 143.204.55.110
mnemonic passive DNS ocsp.pki.goog (2) 175 2017-06-14 07:23:31 UTC 2022-09-25 04:54:16 UTC 142.250.74.3
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-25 04:51:16 UTC 34.117.237.239
mnemonic passive DNS www.scdn.co (3) 37159 2017-06-28 16:47:14 UTC 2022-09-25 03:35:43 UTC 151.101.86.248
mnemonic passive DNS spotify-nz.com (10) 0 2022-09-24 01:50:38 UTC 2022-09-25 03:43:21 UTC 104.21.40.125 Unknown ranking
mnemonic passive DNS sp-bootstrap.global.ssl.fastly.net (6) 319464 2015-03-02 13:51:10 UTC 2022-09-25 03:35:54 UTC 151.101.85.194
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-25 04:17:50 UTC 93.184.220.29
mnemonic passive DNS firefox.settings.services.mozilla.com (1) 867 2020-06-04 20:08:41 UTC 2022-09-25 05:48:33 UTC 143.204.55.115
mnemonic passive DNS r3.o.lencr.org (6) 344 2020-12-02 08:52:13 UTC 2022-09-25 05:02:41 UTC 23.36.77.32
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-24 04:22:29 UTC 34.120.237.76


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 104.21.40.125

Date UQ / IDS / BL URL IP
2022-09-25 10:44:58 +0000
0 - 0 - 4 spotify-nz.com/payment/ 104.21.40.125
2022-09-25 10:12:20 +0000
0 - 0 - 4 spotify-nz.com/ 104.21.40.125
2022-09-25 10:12:00 +0000
0 - 0 - 15 spotify-nz.com/payment/info.php?ip=172.71.98.26 104.21.40.125
2022-09-25 03:36:09 +0000
0 - 0 - 10 spotify-nz.com/payment/billing.php?ip=172.71. (...) 104.21.40.125
2022-09-25 00:37:51 +0000
0 - 0 - 4 spotify-nz.com/payment/billing.php?ip=172.71. (...) 104.21.40.125

Last 5 reports on ASN: CLOUDFLARENET

Date UQ / IDS / BL URL IP
2022-12-06 17:49:14 +0000
0 - 0 - 0 mobilidade.cloud.caixa.gov.br 162.159.130.62
2022-12-06 17:39:20 +0000
0 - 0 - 1 multiup.org/download/c018236c3aa24f8d89cb20ae (...) 104.21.235.14
2022-12-06 17:33:21 +0000
0 - 0 - 4 canadalabourpoolinginc.ca/pm/index.php?QBOT.zip 188.114.96.1
2022-12-06 17:12:12 +0000
0 - 0 - 1 cdn.discordapp.com/attachments/10424774176688 (...) 162.159.129.233
2022-12-06 17:07:37 +0000
0 - 0 - 0 www.achrsarware.com/entangle-concentrations/6 (...) 188.114.97.1

Last 5 reports on domain: spotify-nz.com

Date UQ / IDS / BL URL IP
2022-09-25 10:45:17 +0000
0 - 0 - 2 spotify-nz.com/payment/billing.php?ip=172.71. (...) 172.67.151.167
2022-09-25 10:44:58 +0000
0 - 0 - 4 spotify-nz.com/payment/ 104.21.40.125
2022-09-25 10:12:44 +0000
0 - 0 - 2 spotify-nz.com/payment/billing.php?ip=172.71. (...) 172.67.151.167
2022-09-25 10:12:20 +0000
0 - 0 - 4 spotify-nz.com/ 104.21.40.125
2022-09-25 10:12:00 +0000
0 - 0 - 15 spotify-nz.com/payment/info.php?ip=172.71.98.26 104.21.40.125

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-09-29 01:50:58 +0000
0 - 0 - 6 mobile-spotify.com/payment/billing.php 104.21.76.81
2022-09-28 23:41:40 +0000
0 - 0 - 4 mobile-spotify.com/payment/billing.php?ip=172 (...) 104.21.76.81
2022-09-28 20:14:58 +0000
0 - 0 - 3 mobile-spotify.com/payment/billing.php?ip=172 (...) 104.21.76.81
2022-09-28 15:36:07 +0000
0 - 0 - 4 mobile-spotify.com/payment/billing.php?ip=172 (...) 104.21.76.81
2022-09-28 13:25:36 +0000
0 - 0 - 2 mobile-spotify.com/payment/billing.php?ip=172 (...) 104.21.76.81


JavaScript

Executed Scripts (1)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (37)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.115
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 25 Sep 2022 09:14:55 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: o3k9f9W_3TvTzD7ZlSRVUcnBa1yPx2Di0NnxckrMdEv5E7Au5OWFrw==
Age: 3415


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5650
Expires: Sun, 25 Sep 2022 11:46:00 GMT
Date: Sun, 25 Sep 2022 10:11:50 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.110
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 25 Sep 2022 04:35:15 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: KZ8RXLMfhA3OKjNDIkTMuddU6TH-Tglj7TtX9KXUDTmIA43-vUq2Ew==
age: 20196
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            POST /s/gts1p5/YlbI6fLX5cE HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 25 Sep 2022 10:11:50 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sun, 25 Sep 2022 10:11:50 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST /s/gts1p5/YlbI6fLX5cE HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 25 Sep 2022 10:11:50 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /build/js/jquery-2-0680c441b5.1.3.min.js HTTP/1.1 
Host: www.scdn.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spotify-nz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.86.248
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Connection: keep-alive
Content-Length: 32243
Last-Modified: Thu, 09 Aug 2018 08:55:55 GMT
ETag: "5b317416adba1f91c7ff4d51862563e8"
x-goog-generation: 1533804955260510
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 91316
x-amz-meta-goog-reserved-file-mtime: 1533804724
Content-Encoding: gzip
Accept-Ranges: bytes
Date: Sun, 25 Sep 2022 10:11:50 GMT
Age: 2868690
Timing-Allow-Origin: *
X-Served-By: cache-chi-klot8100044-CHI, cache-bma1634-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 1
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000


--- Additional Info ---
Magic:  ASCII text, with very long lines (32051)
Size:   32243
Md5:    2ef610c6e075236784ad09589945f8f3
Sha1:   336836889abe22b14517ab98c02f77c068eb3d2e
Sha256: 76e0da6f5254679e7256e99999c9324ea94a6a95de82be99bd6b271d7c3d6b04
                                        
                                            GET /payment/css/adsct(1) HTTP/1.1 
Host: spotify-nz.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spotify-nz.com/payment/info.php?ip=172.71.98.26
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.21.40.125
HTTP/2 404 Not Found
content-type: text/html; charset=iso-8859-1
                                        
date: Sun, 25 Sep 2022 10:11:50 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qCy8lgH5wbq0X8dnHpCPZeBrfLuqGoKu5NOATWiix4W4O18WnsVnrG5eLjiOhJqbqyNudNBV9nHoyhwniWeo5rfT5W%2FyFBhBote7DlzUe0kZKeqS8y9YRvDm6%2But5UvQxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7502fa6079dcb50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   545
Md5:    c6a3ffb45c36caf7a381c8d060276a1f
Sha1:   9c9d5b974df4abd3e1c94871297b93602c9db3dc
Sha256: fdd1a8f56d71caa7582a4653509371c2e081c8cc005bdcc7e5433ecfdf7add20

Alerts:
  Blocklists:
    - openphish: Spotify
    - fortinet: Phishing
                                        
                                            GET /8.2.4/images/flags/au.svg HTTP/1.1 
Host: sp-bootstrap.global.ssl.fastly.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spotify-nz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.85.194
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Connection: keep-alive
Content-Length: 604
Last-Modified: Mon, 21 Mar 2022 12:56:16 GMT
ETag: "1728a584f7ed545ada060514a796d33d"
x-goog-generation: 1647867376637095
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1410
x-amz-meta-goog-reserved-file-mtime: 1522869714
Content-Encoding: gzip
Accept-Ranges: bytes
Date: Sun, 25 Sep 2022 10:11:50 GMT
Age: 2853489
X-Served-By: cache-chi-kigq8000042-CHI, cache-bma1663-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 1
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1410), with no line terminators
Size:   604
Md5:    e3b54f4316b6c53ecd654252399edd64
Sha1:   5c75985c16e885bd881f6f2f630c249b4e45399e
Sha256: 3a8f0027ad5c3582a2a741110df5d8d88f64063a9fde98411d93e09f7f3f105d
                                        
                                            GET /8.2.4/fonts/circular-medium.woff2 HTTP/1.1 
Host: sp-bootstrap.global.ssl.fastly.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://spotify-nz.com
Connection: keep-alive
Referer: https://spotify-nz.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.85.194
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Connection: keep-alive
Content-Length: 72728
Last-Modified: Mon, 21 Mar 2022 12:56:16 GMT
ETag: "4db9b802e95d1a64dff2da8c87c7752f"
x-goog-generation: 1647867376753061
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 72728
x-amz-meta-goog-reserved-file-mtime: 1522869715
Accept-Ranges: bytes
Date: Sun, 25 Sep 2022 10:11:50 GMT
Age: 3298224
X-Served-By: cache-chi-klot8100075-CHI, cache-bma1678-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 1
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 72728, version 1.66\012- data
Size:   72728
Md5:    4db9b802e95d1a64dff2da8c87c7752f
Sha1:   7f479389444759bc71899a968c8df7bf48d3eb8d
Sha256: 65758184189f968542df7fd9e0adcdbbc17975ff319af6fcca776a6e0c4872a3
                                        
                                            GET /8.2.4/fonts/circular-bold.woff2 HTTP/1.1 
Host: sp-bootstrap.global.ssl.fastly.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://spotify-nz.com
Connection: keep-alive
Referer: https://spotify-nz.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.85.194
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Connection: keep-alive
Content-Length: 75488
Last-Modified: Mon, 21 Mar 2022 12:56:16 GMT
ETag: "c094813cfe6be5d188f4e506b6ffca1b"
x-goog-generation: 1647867376652950
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 75488
x-amz-meta-goog-reserved-file-mtime: 1522869715
Accept-Ranges: bytes
Date: Sun, 25 Sep 2022 10:11:50 GMT
Age: 2144689
X-Served-By: cache-chi-klot8100050-CHI, cache-bma1629-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 1
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 75488, version 1.66\012- data
Size:   75488
Md5:    c094813cfe6be5d188f4e506b6ffca1b
Sha1:   2b041388298e3ac01e4b3ecbdf09214cabe0eefe
Sha256: fdf0e3938479eb6e108e7869436051b7072b9a18ecb98b3c6b49d1b29d8bc758
                                        
                                            GET /8.2.4/fonts/circular-light.woff2 HTTP/1.1 
Host: sp-bootstrap.global.ssl.fastly.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://spotify-nz.com
Connection: keep-alive
Referer: https://spotify-nz.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.85.194
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Connection: keep-alive
Content-Length: 74084
Last-Modified: Mon, 21 Mar 2022 12:56:16 GMT
ETag: "b131452a767f628b96b17d52990cb63e"
x-goog-generation: 1647867376669177
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 74084
x-amz-meta-goog-reserved-file-mtime: 1522869715
Accept-Ranges: bytes
Date: Sun, 25 Sep 2022 10:11:50 GMT
Age: 2766043
X-Served-By: cache-chi-kigq8000130-CHI, cache-bma1631-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 1
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 74084, version 1.66\012- data
Size:   74084
Md5:    b131452a767f628b96b17d52990cb63e
Sha1:   402da43af5d64366e611b4d669dde2bb4d55e47d
Sha256: 018ceaee45baf6e94c84eebc1d5687d7c69c4a9e3bfa562684585583974a18ef
                                        
                                            GET /8.2.4/fonts/circular-book.woff2 HTTP/1.1 
Host: sp-bootstrap.global.ssl.fastly.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://spotify-nz.com
Connection: keep-alive
Referer: https://spotify-nz.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.85.194
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Connection: keep-alive
Content-Length: 70092
Last-Modified: Mon, 21 Mar 2022 12:56:16 GMT
ETag: "c4f753e765823b94234e7f5ccd733f44"
x-goog-generation: 1647867376643834
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 70092
x-amz-meta-goog-reserved-file-mtime: 1522869715
Accept-Ranges: bytes
Date: Sun, 25 Sep 2022 10:11:50 GMT
Age: 5010660
X-Served-By: cache-chi-kigq8000047-CHI, cache-bma1670-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 1
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 70092, version 1.66\012- data
Size:   70092
Md5:    c4f753e765823b94234e7f5ccd733f44
Sha1:   a72936a414a65b114d4901b8cacd9e86ca22e0f6
Sha256: 6384070e855e2ec15caefb6334ab2c4b1b9e798ce2e369cc00f0d47a41138e0d
                                        
                                            GET /8.2.4/fonts/circular-black.woff2 HTTP/1.1 
Host: sp-bootstrap.global.ssl.fastly.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://spotify-nz.com
Connection: keep-alive
Referer: https://spotify-nz.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.85.194
HTTP/1.1 200 OK
Content-Type: font/woff2
                                        
Connection: keep-alive
Content-Length: 73892
Last-Modified: Mon, 21 Mar 2022 12:56:16 GMT
ETag: "56b510f616f840ffde8f3955349a6c5a"
x-goog-generation: 1647867376605301
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 73892
x-amz-meta-goog-reserved-file-mtime: 1522869715
Accept-Ranges: bytes
Date: Sun, 25 Sep 2022 10:11:50 GMT
Age: 1638842
X-Served-By: cache-chi-kigq8000053-CHI, cache-bma1672-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 1
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 73892, version 1.66\012- data
Size:   73892
Md5:    56b510f616f840ffde8f3955349a6c5a
Sha1:   ae28fec7deef4a59127d910daca6020d5f465c54
Sha256: d77456e48416e475066a580b2050cee4f86a3819556d0ddf90d81250f3af9de2
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3686
Cache-Control: 'max-age=158059'
Date: Sun, 25 Sep 2022 10:11:50 GMT
Last-Modified: Sun, 25 Sep 2022 09:10:24 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /i/_global/touch-icon-144.png HTTP/1.1 
Host: www.scdn.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spotify-nz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.86.248
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Connection: keep-alive
Content-Length: 4776
Last-Modified: Thu, 26 May 2022 14:01:37 GMT
ETag: "ff2831d235fec7c02db449621525990e"
x-amz-meta-goog-reserved-file-mtime: 1653572656
Accept-Ranges: bytes
Date: Sun, 25 Sep 2022 10:11:50 GMT
Age: 10272444
Timing-Allow-Origin: *
X-Served-By: cache-ord1740-ORD, cache-bma1634-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 2, 7338
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000


--- Additional Info ---
Magic:  PNG image data, 144 x 144, 8-bit/color RGB, non-interlaced\012- data
Size:   4776
Md5:    ff2831d235fec7c02db449621525990e
Sha1:   ac0c4c81a0267d8d841ae9525ea230c51a891baa
Sha256: 0d25218c1914875469ecbd168fdddbba2feb01bf5dead8c5836b6c375ea85d45
                                        
                                            GET /i/_global/favicon.png HTTP/1.1 
Host: www.scdn.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spotify-nz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.86.248
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Connection: keep-alive
Content-Length: 3646
Last-Modified: Mon, 28 Mar 2022 08:25:15 GMT
ETag: "326dfa6c84225dfca443693e985fdaab"
x-amz-meta-goog-reserved-file-mtime: 1648454871
Accept-Ranges: bytes
Date: Sun, 25 Sep 2022 10:11:50 GMT
Age: 15269948
Timing-Allow-Origin: *
X-Served-By: cache-ord1735-ORD, cache-bma1634-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 19101
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000


--- Additional Info ---
Magic:  PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Size:   3646
Md5:    326dfa6c84225dfca443693e985fdaab
Sha1:   5a8971cb61bcdae6431abbba6d5a79cefc7d2d45
Sha256: 0c7ee91862c795f69147f2174a919b1303dd28ce8ceccabe3f50ae219bfb01b7
                                        
                                            GET /payment/css/adsct HTTP/1.1 
Host: spotify-nz.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spotify-nz.com/payment/info.php?ip=172.71.98.26
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.21.40.125
HTTP/2 404 Not Found
content-type: text/html; charset=iso-8859-1
                                        
date: Sun, 25 Sep 2022 10:11:50 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b0gYmKwrMPY5NLVK1SkAuym0H%2Fm1T%2BAKFcSTu%2BQ%2FJUYEAAJqbQRRNqG7UIWuHoQBG%2FueGzz%2B103gtmpLBZ240%2F7i5HnutgL4Bd%2B9eIg4sAPHyXl5XMTTagpngxdepeMUkw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7502fa6079d9b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   216
Md5:    6a59c869bc36cd9b68debb501a9f7b59
Sha1:   ce5d471c50ae2dee76b29ba7ec8b37e24ade2960
Sha256: 6ce5491084b745707edef605ea2ee9e0fdff1b22fc6cf4111fbbead6499e0975

Alerts:
  Blocklists:
    - openphish: Spotify
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3578
Expires: Sun, 25 Sep 2022 11:11:30 GMT
Date: Sun, 25 Sep 2022 10:11:52 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3578
Expires: Sun, 25 Sep 2022 11:11:30 GMT
Date: Sun, 25 Sep 2022 10:11:52 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3578
Expires: Sun, 25 Sep 2022 11:11:30 GMT
Date: Sun, 25 Sep 2022 10:11:52 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3578
Expires: Sun, 25 Sep 2022 11:11:30 GMT
Date: Sun, 25 Sep 2022 10:11:52 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3578
Expires: Sun, 25 Sep 2022 11:11:30 GMT
Date: Sun, 25 Sep 2022 10:11:52 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c48523c-250d-4030-8145-14c8967dc600.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8914
x-amzn-requestid: 8cfdc32e-f04a-4fd6-a1f1-632934a682fd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y-_EUHqJoAMF7MQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7881-14a6d8ef126409964607e0aa;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:37:05 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: kdF6En2vbJhRH1bkYMOuNm5XOIsT1qs3FE281N1SKn1FbyW-oNZsEw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:37:06 GMT
etag: "2b6e37596e88b62f288dc8e8c937fd904fae28d5"
age: 45286
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8914
Md5:    dfdacc8edea3c24dad020d7e9c11b3f4
Sha1:   2b6e37596e88b62f288dc8e8c937fd904fae28d5
Sha256: 338a44f3bcc01bdd197f037dd8f8bf58a18dea00127465488efe76fb72a6fdff
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda26d83a-84d6-497f-974b-e97994a82e1c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7855
x-amzn-requestid: adb39e96-18cc-4573-8fcd-45c5749559e1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4WRIHwNoAMFpXg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd0d3-42bce8313e08ea177f81b74d;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:17:07 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wUehpX1VVM08d9OLxW_-Q6ZGfVFs0ZsN9zoK-2w7VWahCUYhUyeBXA==
via: 1.1 f62c9ca47e35df5c65764381977823a6.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 03:11:47 GMT
age: 25205
etag: "47585668611fadb8bd8fa65e5e330bd3ed2f60b6"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7855
Md5:    12b4e62eeac0a002ce34d748230878ca
Sha1:   47585668611fadb8bd8fa65e5e330bd3ed2f60b6
Sha256: e871981eec0c113d0ccda82fabdc84d1881828f7cba1d76c50063c22d528a85e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F254286e1-1c63-4609-9dfb-0eb4b9096238.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6199
x-amzn-requestid: d26f22d9-4e9b-4764-8c96-2e1c7ce36340
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y--OKHowoAMFbQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7727-7adb7c4925e6e50e13889544;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:31:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: LryqVGSkKbiNOwcqXMULY9FXbOuZBBenjgGPDME3NZLZOdp5divXmw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 22:02:29 GMT
age: 43763
etag: "358e74de395352a9529ff1c17856daf8900888c5"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6199
Md5:    714af732a9aa1db2b13ffb62810fd532
Sha1:   358e74de395352a9529ff1c17856daf8900888c5
Sha256: 1d2035cfcd283560ebe8494f9438e52f8d96cd092dd41cb0eb899a3f905c1e05
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78aaf154-de5d-4fec-94c5-4e185b4c0cc1.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4320
x-amzn-requestid: 72d102a6-8552-473f-b3f8-99450722017d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y--PmHEgIAMFXvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7730-7e4789b1723913e2500ea5f2;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:31:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 4XK0s7000jxVbsu88-3ze_Mg_SqTKMDgAWKiLkc3ZCiiqGhS02Cn5w==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 22:12:06 GMT
age: 43186
etag: "1ec47b0f11a2b1173a1dcd32d541e5680b0088b1"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4320
Md5:    7eba9d4ed7413abb8e8824cc86071b50
Sha1:   1ec47b0f11a2b1173a1dcd32d541e5680b0088b1
Sha256: 399622d6099137974fa30a332c145b45182a7be272523a325418c63bfe70e5a1
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12826
x-amzn-requestid: f075cf62-acfc-4bc1-be14-7c3dafb7aaed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YfVRNFP-oAMFgrA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322cf3a-184b678042d64ac9266b1128;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 07:07:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: rN_8rm10Pxb0AUKW6ECfNulcYxBaS7FgGD15gT14dX-FlsGJfqahxA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:37:19 GMT
age: 45273
etag: "b6d56333d7f1ea7ddc8838d84de498ff913c5464"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 3-257, spot sensor temperature 0.000000, unit celsius, color scheme 0, show scale bar, calibration: offset 0.000000, slope 241253891388563521536.000000\012- data
Size:   12826
Md5:    b3a72e81317074689a71dac7059e4b6a
Sha1:   b6d56333d7f1ea7ddc8838d84de498ff913c5464
Sha256: e665a8821b5e7b2e78787647a08d629bf70cbf4cbfee2057c8601cf0565154a1
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9c4875ff-4140-470a-943a-bc27f68957a5.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7642
x-amzn-requestid: b0fc9bea-7735-43c0-a176-eae4d5000a6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y2ZPtHajIAMF8zQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632c08ca-391092bd30ae5bf9692e93ba;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 07:03:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: gc7lA-XfgIAhotpUdrOaihuA2nbdMY2zNiJSHZpSN3yKPaT-k93auQ==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Sun, 25 Sep 2022 06:00:25 GMT
age: 15087
etag: "1534aa8a5158dfa9592d65e6fb761b41c0852c58"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7642
Md5:    00c09f267aacde9465a329542463b9e5
Sha1:   1534aa8a5158dfa9592d65e6fb761b41c0852c58
Sha256: 276ff24598159f62fd7333992575834f901eea7c75a228b9c12d1c049f1df558
                                        
                                            GET /payment/css/adsct(2) HTTP/1.1 
Host: spotify-nz.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spotify-nz.com/payment/info.php?ip=172.71.98.26
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.21.40.125
HTTP/2 404 Not Found
content-type: text/html; charset=iso-8859-1
                                        
date: Sun, 25 Sep 2022 10:11:50 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fmnkvfR%2FXm8PxX7LjTC42%2FU8N3NKT%2FdWz6dhj8YBbd%2FZc%2F1d2%2BOeIOsjtqMDyKbEvibcvm7cu9O123W9SORa09k81S2Q3VQteDUGPxEC%2BFYq4oxjQIFRKyTVoCiHRYYQ%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7502fa6079e0b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - openphish: Spotify
    - fortinet: Phishing
                                        
                                            GET /payment/spotify-a434817e7e.css HTTP/1.1 
Host: spotify-nz.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spotify-nz.com/payment/info.php?ip=172.71.98.26
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.21.40.125
HTTP/2 404 Not Found
content-type: text/html; charset=iso-8859-1
                                        
date: Sun, 25 Sep 2022 10:11:50 GMT
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fP7SQftY2C50zrY1%2BODRxImesMeXpj7Jpj777PLAYFBRjhAw3klIwHriATp3JcnIG3gsj20Nit28jjoRjwU6T9Z%2FOoDYJRm7WROF7olu1U5ks7mC%2BYqjkv1kTXccxfXJVA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7502fa6069d0b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - openphish: Spotify
                                        
                                            GET /payment/embedded-checkout-15b1b0a453.css HTTP/1.1 
Host: spotify-nz.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spotify-nz.com/payment/info.php?ip=172.71.98.26
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.21.40.125
HTTP/2 404 Not Found
content-type: text/html; charset=iso-8859-1
                                        
date: Sun, 25 Sep 2022 10:11:50 GMT
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uzf5BlqXnxv5MyLS4MeJDpmP%2BAV7BHv8L8pYQEm8IgRKwklvxxFLIGBIFda5jjxJ0X4Czy5mJSTTME3H%2Fgfi3e6e0fPcoc4MT2tZimk0Wx2stKW8W0cMTAUBcB35mg4hkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7502fa6069d5b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - openphish: Spotify
                                        
                                            GET /payment/css/activityi.html HTTP/1.1 
Host: spotify-nz.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spotify-nz.com/payment/info.php?ip=172.71.98.26
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.21.40.125
HTTP/2 404 Not Found
content-type: text/html; charset=iso-8859-1
                                        
date: Sun, 25 Sep 2022 10:11:50 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nDtFoO5HOvbNilW5Qg%2BNXXMYzugbbigCnuiM8J0x%2B2IRu1FUbZz5NW7HStma%2BPM5HQpnA0zJfJDo5%2FTHQc8V%2FDYmi1waC%2FqtyWmsWSebO%2B1RA31aFwuadrYvfdoE53H7QQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7502fa6059b5b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - openphish: Spotify
    - fortinet: Phishing
                                        
                                            GET /payment/account-68da47d642.css HTTP/1.1 
Host: spotify-nz.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spotify-nz.com/payment/info.php?ip=172.71.98.26
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.21.40.125
HTTP/2 404 Not Found
content-type: text/html; charset=iso-8859-1
                                        
date: Sun, 25 Sep 2022 10:11:50 GMT
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bdTV%2BjiTPpgOecH%2FyOdD767%2FZuWkL2Tbyk6sSt%2FFqDGhsyLCQLLWJxggYGKz0Ss6ryvkeTZdbfXkFe8qBGOEZfdSQ204Ne4PKStb%2B58RZ7CeHP9faKWpGkD5lWBYiZJaQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7502fa6069d1b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - openphish: Spotify
                                        
                                            GET /payment/css/account-68da47d642.css HTTP/1.1 
Host: spotify-nz.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spotify-nz.com/payment/info.php?ip=172.71.98.26
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.21.40.125
HTTP/2 200 OK
content-type: text/css
                                        
date: Sun, 25 Sep 2022 10:11:50 GMT
last-modified: Mon, 19 Sep 2022 10:46:14 GMT
etag: W/"27518-5e9056baa8980-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ef9x2XEdNEfov2ez7%2F%2Bw1tmJgNFxJhBN82VJ8DpzUYFglxR9jaHeMw54QaopoOOOrO%2BRfDoFkrzVzoBdMuplTklCG72IL5kJeh8ssw8fvhi8ZtS6fyXF5lry%2BL56PL2m0g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7502fa6069c6b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - openphish: Spotify
                                        
                                            GET /payment/css/spotify-a434817e7e.css HTTP/1.1 
Host: spotify-nz.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://spotify-nz.com/payment/info.php?ip=172.71.98.26
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.21.40.125
HTTP/2 200 OK
content-type: text/css
                                        
date: Sun, 25 Sep 2022 10:11:50 GMT
last-modified: Mon, 19 Sep 2022 10:46:14 GMT
etag: W/"50f42-5e9056baa8980-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JCPGQkV3HMnG1B9pDzKDYegDkKw0GWidwlPBpMJh9ym0NcjzRKUojCEMPhmOM9hCoDEcXBq6PzWQ7zdXPdn0dsXRNgkoFlcbqBg8Uz%2F50yHg06OiW9KfQfouBeXhFVeikQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7502fa6069c4b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - openphish: Spotify
                                        
                                            GET /payment/info.php?ip=172.71.98.26 HTTP/1.1 
Host: spotify-nz.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         104.21.40.125
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Sun, 25 Sep 2022 10:11:50 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bfx8vC%2B8q%2FLOmuzrXqKI55YHLWZ09tTDJITL5XtwNcy96x9YYcUZOc3Igwj2lyDpn%2F4a3mzUzMyJH%2BRjSjBMqG7FN4oToDUWLJMsUuhffvYJNC3nryNdLc6uiWoHoD4tSA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7502fa5f5899b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - openphish: Spotify
    - fortinet: Phishing