Report - seemyvideo.realgirl.click/

Report Overview

Submitted URL
seemyvideo.realgirl.click/
IP
66.29.132.67
ASN
#22612 NAMECHEAP-NET
Submitted
2022-12-24 13:27:34
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
22

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340 B	963 B	172.64.155.188
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.3 kB	93.184.220.29
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.89.217.163
bdabjdi.naughtymets.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	27 kB	1.1 MB	178.162.199.80
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	67 kB	34.120.237.76
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.0 kB	8.0 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.9 kB	34.160.144.191
seemyvideo.realgirl.click	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	812 B	1.4 kB	66.29.132.67
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
stackpath.bootstrapcdn.com	2467	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	459 B	26 kB	104.18.11.207

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-24	medium	seemyvideo.realgirl.click/	Phishing
2022-12-24	medium	seemyvideo.realgirl.click/	Phishing
2022-12-24	medium	bdabjdi.naughtymets.com/s/6211a7f91b00d	Phishing
2022-12-24	medium	bdabjdi.naughtymets.com/bundle/544/assets/js/functions.js	Phishing
2022-12-24	medium	bdabjdi.naughtymets.com/bundle/544/assets/js/jquery.min.js	Phishing
2022-12-24	medium	bdabjdi.naughtymets.com/bundle/544/assets/js/bootstrap.min.js	Phishing
2022-12-24	medium	bdabjdi.naughtymets.com/bundle/544/assets/images/23592236.webp	Phishing
2022-12-24	medium	bdabjdi.naughtymets.com/bundle/544/assets/images/23623572.webp	Phishing
2022-12-24	medium	bdabjdi.naughtymets.com/bundle/544/assets/images/23695857.webp	Phishing
2022-12-24	medium	bdabjdi.naughtymets.com/bundle/544/assets/images/22535598.webp	Phishing
2022-12-24	medium	bdabjdi.naughtymets.com/js/fp2.min.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (12)

	URL	Size	First Seen	Last Seen
	bdabjdi.naughtymets.com/js/click.js?8	5.3 kB	2023-03-08	2023-03-13
Pretty URL bdabjdi.naughtymets.com/js/click.js?8 IP 178.162.199.80 ASN #28753 Leaseweb Deutschland GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:59:12 Last Seen2023-03-13 16:40:29 Times Seen1 Hash 8207d083c909c6386927c5197eff584c a5f1148a0e9923191d3f8ed4c1750240374af2a9 f71ae9723255b00dcc8e3631fe419cbbb56a80b3034f184ca5292127d7b3eea9 Loading...

	bdabjdi.naughtymets.com/s/6211a7f91b00d	179 B	2023-03-07	2023-03-13
Pretty URL bdabjdi.naughtymets.com/s/6211a7f91b00d IP 178.162.199.80 ASN #28753 Leaseweb Deutschland GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:05:30 Last Seen2023-03-13 18:09:47 Times Seen1 Hash e03780add5302cc39f4d2d04e0105c35 9e55b6d643af2c6e12ccca759ec0d1f0c5c08e36 5d112d8cbde1a11fa2b067fd4c8f79adc231a8e179e2777cf1a74e5b9992efc8 Loading...

	bdabjdi.naughtymets.com/s/6211a7f91b00d	166 B	2023-03-07	2023-03-13
Pretty URL bdabjdi.naughtymets.com/s/6211a7f91b00d IP 178.162.199.80 ASN #28753 Leaseweb Deutschland GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:05:30 Last Seen2023-03-13 18:09:47 Times Seen1 Hash c1aa43e7008322b37d4dfff2c374ca68 dba818def7f67f610bfe00be495bf9f74aa3e382 8eaaa81c2cd6121244f1b56a2b952b364e1562a9c376f988ebd627ba6cb5af45 Loading...

	bdabjdi.naughtymets.com/bundle/544/assets/js/functions.js	731 B	2023-03-07	2023-03-13
Pretty URL bdabjdi.naughtymets.com/bundle/544/assets/js/functions.js IP 178.162.199.80 ASN #28753 Leaseweb Deutschland GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:05:30 Last Seen2023-03-13 18:09:47 Times Seen1 Hash 604d251f59390c2d2954a3e6b878cdf9 21c5dacc0df7b9024cdcd319f87fb999b4e3b696 787c04f40c52c71c63bffa8e8754f312ac366f51ee0a1a2266bd73678b0b39c4 Loading...

	bdabjdi.naughtymets.com/s/6211a7f91b00d	111 B	2023-03-12	2023-03-12
Pretty URL bdabjdi.naughtymets.com/s/6211a7f91b00d IP 178.162.199.80 ASN #28753 Leaseweb Deutschland GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 06:33:36 Last Seen2023-03-12 06:33:36 Times Seen1 Hash be31a99566336b55acd30bc8a631324f d40ae24084da7ab38ddb58f478be0f77649eed98 455f594efb76d735e162989a41432e06b87e73fc68e2cbe29fa80eb207b9112e Loading...

	bdabjdi.naughtymets.com/js/fp2.min.js	31 kB	2023-03-07	2024-04-21
Pretty URL bdabjdi.naughtymets.com/js/fp2.min.js IP 178.162.199.80 ASN #28753 Leaseweb Deutschland GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:35 Last Seen2024-04-21 17:10:04 Times Seen1338 Hash e7d6b85edb141824af8951e19333337c 76600b2cb1978ca24d9fe39b1412f052da855ddb 6e1bf43d1d49858aacd5de53b32b551732bca4b2a46b1f808eb6d6d0f2b70c0e Loading...

	seemyvideo.realgirl.click/	191 B	2023-03-12	2023-03-12
Pretty URL seemyvideo.realgirl.click/ IP 66.29.132.67 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 06:33:36 Last Seen2023-03-12 09:03:12 Times Seen1 Hash 23420261c9d5fe27bb578581068a59aa fe2176cdab559e1e988b40f28e9d6b0029edc98f fee42d3e8826923420ff16d7ef8c1d7c1d7f7d54dd043cdcbc5ccd0373b25208 Loading...

	bdabjdi.naughtymets.com/bundle/544/assets/js/jquery.min.js	87 kB	2023-03-07	2024-04-23
Pretty URL bdabjdi.naughtymets.com/bundle/544/assets/js/jquery.min.js IP 178.162.199.80 ASN #28753 Leaseweb Deutschland GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-23 23:33:01 Times Seen61682 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	bdabjdi.naughtymets.com/bundle/544/assets/js/bootstrap.min.js	58 kB	2023-03-07	2024-04-23
Pretty URL bdabjdi.naughtymets.com/bundle/544/assets/js/bootstrap.min.js IP 178.162.199.80 ASN #28753 Leaseweb Deutschland GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:33 Last Seen2024-04-23 20:42:24 Times Seen19567 Hash e1d98d47689e00f8ecbc5d9f61bdb42e 6778fed3cf095a318141a31f455c8f4663885bde 0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b Loading...

	bdabjdi.naughtymets.com/s/6211a7f91b00d	800 B	2023-03-07	2023-07-04
Pretty URL bdabjdi.naughtymets.com/s/6211a7f91b00d IP 178.162.199.80 ASN #28753 Leaseweb Deutschland GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:35 Last Seen2023-07-04 23:44:10 Times Seen218 Hash 95d0345d30a683b55552f88523905902 5c3b20ccc0817febdb27ee12d273c2021e4ba04c 06f49d481b230265f1c45b6e00bbe0a21181c79b2ceefee8b54202fa2ffc6055 Loading...

		Size	First Seen	Last Seen
	#1 Write - e165421110ba03099a1c0393373c5b43	3 B	2023-03-07	2024-04-15
Pretty Observations First Seen2023-03-07 01:30:44 Last Seen2024-04-15 05:38:30 Times Seen7 Hash e165421110ba03099a1c0393373c5b43 52fdb9f68c503e11d168fe52035901864c0a4861 c0509a487a18b003ba05e505419ebb63e57a29158073e381f57160b5c5b86426 Loading...

	#2 Write - 34173cb38f07f89ddbebc2ac9128303f	2 B	2023-03-07	2024-04-19
Pretty Observations First Seen2023-03-07 01:10:09 Last Seen2024-04-19 09:48:27 Times Seen375 Hash 34173cb38f07f89ddbebc2ac9128303f 22d200f8670dbdb3e253a90eee5098477c95c23d 624b60c58c9d8bfb6ff1886c2fd605d2adeb6ea4da576068201b6c6958ce93f4 Loading...

HTTP Transactions (40)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ad598540c6639aaaa344fb3ce4f3162f
b0b9f86d50de7dc23bdc7aee2f45d79a06165afc
4e9aaff330ce0c9c11f6bb8502fe21296b1845151bace75f73908a3194d5d0a1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4E9AAFF330CE0C9C11F6BB8502FE21296B1845151BACE75F73908A3194D5D0A1"
Last-Modified: Thu, 22 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6982
Expires: Sat, 24 Dec 2022 15:23:45 GMT
Date: Sat, 24 Dec 2022 13:27:23 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7e300ca7d2d586dd1ca0c185ef6b0da5
3914cfd3b7aa6e1d1117bf509319479e489ed2a4
91c8810ad137faf4393f7d15f9c619c06d124a7aaebfa21290dca614db2c7757

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91C8810AD137FAF4393F7D15F9C619C06D124A7AAEBFA21290DCA614DB2C7757"
Last-Modified: Thu, 22 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4635
Expires: Sat, 24 Dec 2022 14:44:38 GMT
Date: Sat, 24 Dec 2022 13:27:23 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Content-Length, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 24 Dec 2022 12:34:53 GMT
content-type: application/json
age: 3150
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f7f0ad5c2841a345f98197c2f1e86f4d
84cbfd91934a8715baba4a2da46451f35597c99c
be30540f2e06a3565c9b38bdbb9691f707d692b196bdcef5d671708aa9609795

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE30540F2E06A3565C9B38BDBB9691F707D692B196BDCEF5D671708AA9609795"
Last-Modified: Thu, 22 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13400
Expires: Sat, 24 Dec 2022 17:10:43 GMT
Date: Sat, 24 Dec 2022 13:27:23 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: t6svWQDHvw6tKdvQxU+M3ZBy/uywbJiBrw2Nl0RVQ+YlfcpxSyq39QRVUoKkpN0YD789276uhPe88WKZhTu7GA==
x-amz-request-id: DMNQYJXB9QSD7CDA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 24 Dec 2022 12:54:28 GMT
age: 1975
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

seemyvideo.realgirl.click/

66.29.132.67

301 Moved Permanently

707 B

URL HTTP/1.1
seemyvideo.realgirl.click/
IP
66.29.132.67:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: seemyvideo.realgirl.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sat, 24 Dec 2022 13:27:23 GMT
server: LiteSpeed
location: https://seemyvideo.realgirl.click/
x-turbo-charged-by: LiteSpeed

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 24 Dec 2022 13:27:23 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Last-Modified, Retry-After, Content-Type, Alert, Pragma, ETag, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 24 Dec 2022 13:08:04 GMT
age: 1159
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
851ee89e71fcfcad49155e16918f55f7
23b83fb183033ce93e572df368b7d0d0c88db564
ed56916a5252494d73e7c05e5978fc3d3a86ad428049513c2c610f6b46874bae

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 24 Dec 2022 13:27:23 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 23 Dec 2022 14:19:09 GMT
Expires: Fri, 30 Dec 2022 14:19:08 GMT
Etag: "23b83fb183033ce93e572df368b7d0d0c88db564"
Cache-Control: max-age=520904,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77e9ac948e08b4f1-OSL

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d7938ab2263405a708c44813f3e16cb8
3ba9f4363ecc2834ea1211f761ce2d04e0077ab3
8a8ef4218bcd8ecb1f12ecdb74f3f453a7093be8dd3c233615577dcc9b40fa92

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 851
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 13:27:23 GMT
Last-Modified: Sat, 24 Dec 2022 13:13:12 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471

seemyvideo.realgirl.click/

66.29.132.67

200 OK

231 B

URL HTTP/2
seemyvideo.realgirl.click/
IP
66.29.132.67:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document, ASCII text
Size
231 B (231 bytes)
Hash
5833f1b361fb4d6aead301775890e433
4e722a907c8891fe00c0ead63e3015e72e70534f
5738dfef861f1d23678788a09160641a7065f893fe95ad0f96a217b9211122d3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: seemyvideo.realgirl.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
content-type: text/html
last-modified: Thu, 22 Dec 2022 18:29:00 GMT
accept-ranges: bytes
content-length: 231
date: Sat, 24 Dec 2022 13:27:23 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

push.services.mozilla.com/

52.89.217.163

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.89.217.163:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: yXgTo9uRvRC32P+6QKuSZQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: kW/8qQgTFyyj5AFXGDTbAaJt/LI=

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8e864ba3c20fd92bd43e7d8a5f1a62a6
e2ad34673751bbdd93428184b48006ba88a18196
38bdef78935a7b3863b2d85acd18ae4743a1fdfd7b235b20189943ba881aea5f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "38BDEF78935A7B3863B2D85ACD18AE4743A1FDFD7B235B20189943BA881AEA5F"
Last-Modified: Fri, 23 Dec 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sat, 24 Dec 2022 19:27:24 GMT
Date: Sat, 24 Dec 2022 13:27:24 GMT
Connection: keep-alive

bdabjdi.naughtymets.com/s/6211a7f91b00d

178.162.199.80

200 OK

2.0 kB

URL HTTP/1.1
bdabjdi.naughtymets.com/s/6211a7f91b00d
IP
178.162.199.80:0
ASN
#28753 Leaseweb Deutschland GmbH

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
2.0 kB (2047 bytes)
Hash
7d772eb21b54fdfff439ebb3428382bb
ed4ed4ef8f459c0461a23889e45c4d51b43bda17
58d160a629d750bc23bbdfcdaaf0baed582a5a232e9d04f51f99bc42a07ce650

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /s/6211a7f91b00d HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://seemyvideo.realgirl.click/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Dec 2022 13:27:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: s=rxOKXBQNWzjWqdy1ia2afBnMuQ9HA2FNgdZQpKcyV6DkR5%2BD2kmF302q8GuFVX9HSPfOH4dFFsagMw9CWOINoSB%2BNvgXH%2BNb%2BRRUAgRfFMIBoDIhPisBpCXX2E1zyhQMXgvz8duoNzKIO5cUj65SDFzVjH8aCumWy6KDPY8N3GFQ19Oy09JwcXbnKcTcZbBzJ6qUpu%2FEUNsVS8fM2eTBt8z7jMbS1EFnP2O2DDOKTKONPR85bwi6pPkKQO5GsZ842sU0SwS9Dz5IXvhqSn4wgQQJ%2BCxtEoHpWJgekIl4gFM7eGUgzKDqrdP5bqodySKIdGBYHq3iAs5akxl1OB8Cfw%2BMPIgJclqTRmre1nVCgVmSr8a7bcOIp6zw3oOG3YOkKImECieCuKzdK7u1fgv1gx%2F1lURqDTlia4S5ifLV2Twm%2B2tQT1XAcH%2FKUOKotejK6ZY42E3W4zL1nvl%2FPBCSKliL9YK1eXJGjblOEQTxT7y4tsfQ7JEijMEenL69Nji1qGOT5GqmWIilH6rMyCnEPBxjIhVX5cVlHNA0QZ5n0TYiTQAxftSNo9woRXAmN%2F8mA%2FqcAJw5SD8ePLLuh1jZx%2BAdZLhju7bZlN2XnTlFfuNdSDaqZQLf00jvEqJiJLtJzUT%2BNU0OREsL0I5p37%2BNIWQAwWAxGRc9u0u7i694lkdr%2BtRr%2Fnm0HdoiDwROOjl4Y%2BFMxnh3X8xS26CeGe%2FPE4D8y00L%2FITQT6crV9z1jGDRR3bNFFtQoMkq2SXpa%2B9A9CtV%2FO%2BPIRIzzjeCeDYQZbadwBvFHDyF%2B0sIB7AuDs0h6BlDsQYKPzlzterVTU6%2Bj91SnLg8%2FmAIavljVWnIR8tkdbFFIuE7Am4zroKVoVz4J5HTh%2FBC4BaT%2B9BxbU%2B7g1jmLFOOLltSeJEfhAz3S2%2B6G5j3%2B9AIoGq6bePt5367kHOjcxafHgcQZmlvEEg39sxqzz06WioDtK1ut7dlUiMpZI1faU4JsrlU4lCBOuVTovqRGyakcNZmCtOVBouTKVSS0UusSmw3YTfT57jlBMdXGX0VpeESmy25RHk0gZbk1rqu5Qcj%2FDSPTTaCSKGO4ThSSnY6YFZCgwVwzk%2BsqqC5c6A6H9vfRLOTLExM%2B1wmVGn2oU9tehXx1yG8w1QvuVu027ry9G8B1HcXXb3qXkRkIbopvftLQDfln4%2BkkjgDp3%2F8Xw%2B5GySjdGc8I9GgPCnQ0dU7BL0tWjJuxb8Ob49KJl7OjqUw9he1oCBhtZUeK1XvwI%2F1xRALZJxdEMPd99%2FPvGE8CfL%2FZxPM7OMV9nh%2B%2FZSyzUHZ%2BPIEdFlN5R84V5hUdgVSBrVV0m4IKR5UIEeYeTGnpe48%2FlGKhSsx7b8dU%2BrqHIb4RcLxHopNFhz9jGk%2B0KcH8gLQ%2Fedi6RQiSUyxpRTcQKUpcJAuL7xWWNB4cB5HaLWGFCOigpxE%2Bsp3Ob%2BvN%2Bpm64HuTwgvChfgfdlyio51dQarOvu%2FfLirDVJj66QXHBk%2Bu9447V6tvUB%2F1AznA7%2FGA4my3anahUg%2BjM43Moc0kTUajrI4t%2FDs%2BPsQGHqc4E2HquVcgn%2BHp%2FL6gCwmQwpKR%2BWg%2BunY1fytfRQAqXfNZIvcgX9GoVEwp7E3xD25a%2BmuV74%3D; expires=Sun, 25-Dec-2022 13:27:24 GMT; Max-Age=86400; path=/; domain=naughtymets.com
SID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=naughtymets.com
ESID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=naughtymets.com
Content-Encoding: gzip

bdabjdi.naughtymets.com/bundle/544/assets/css/style.css

178.162.199.80

200 OK

8.8 kB

URL HTTP/1.1
bdabjdi.naughtymets.com/bundle/544/assets/css/style.css
IP
178.162.199.80:0
ASN
#28753 Leaseweb Deutschland GmbH

File type
ASCII text, with CRLF line terminators
Size
8.8 kB (8803 bytes)
Hash
77352f8f4e8467b5c0e6125f19e8768f
c629fc401f21d0ed0db3e62203fdf8fb73072c34
9fdc6a148b0f54172e66dd9ab55889edea7df4df44d8a403df4d14874e0d5e79

HTTP Headers

GET /bundle/544/assets/css/style.css HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/6211a7f91b00d
Cookie: s=rxOKXBQNWzjWqdy1ia2afBnMuQ9HA2FNgdZQpKcyV6DkR5%2BD2kmF302q8GuFVX9HSPfOH4dFFsagMw9CWOINoSB%2BNvgXH%2BNb%2BRRUAgRfFMIBoDIhPisBpCXX2E1zyhQMXgvz8duoNzKIO5cUj65SDFzVjH8aCumWy6KDPY8N3GFQ19Oy09JwcXbnKcTcZbBzJ6qUpu%2FEUNsVS8fM2eTBt8z7jMbS1EFnP2O2DDOKTKONPR85bwi6pPkKQO5GsZ842sU0SwS9Dz5IXvhqSn4wgQQJ%2BCxtEoHpWJgekIl4gFM7eGUgzKDqrdP5bqodySKIdGBYHq3iAs5akxl1OB8Cfw%2BMPIgJclqTRmre1nVCgVmSr8a7bcOIp6zw3oOG3YOkKImECieCuKzdK7u1fgv1gx%2F1lURqDTlia4S5ifLV2Twm%2B2tQT1XAcH%2FKUOKotejK6ZY42E3W4zL1nvl%2FPBCSKliL9YK1eXJGjblOEQTxT7y4tsfQ7JEijMEenL69Nji1qGOT5GqmWIilH6rMyCnEPBxjIhVX5cVlHNA0QZ5n0TYiTQAxftSNo9woRXAmN%2F8mA%2FqcAJw5SD8ePLLuh1jZx%2BAdZLhju7bZlN2XnTlFfuNdSDaqZQLf00jvEqJiJLtJzUT%2BNU0OREsL0I5p37%2BNIWQAwWAxGRc9u0u7i694lkdr%2BtRr%2Fnm0HdoiDwROOjl4Y%2BFMxnh3X8xS26CeGe%2FPE4D8y00L%2FITQT6crV9z1jGDRR3bNFFtQoMkq2SXpa%2B9A9CtV%2FO%2BPIRIzzjeCeDYQZbadwBvFHDyF%2B0sIB7AuDs0h6BlDsQYKPzlzterVTU6%2Bj91SnLg8%2FmAIavljVWnIR8tkdbFFIuE7Am4zroKVoVz4J5HTh%2FBC4BaT%2B9BxbU%2B7g1jmLFOOLltSeJEfhAz3S2%2B6G5j3%2B9AIoGq6bePt5367kHOjcxafHgcQZmlvEEg39sxqzz06WioDtK1ut7dlUiMpZI1faU4JsrlU4lCBOuVTovqRGyakcNZmCtOVBouTKVSS0UusSmw3YTfT57jlBMdXGX0VpeESmy25RHk0gZbk1rqu5Qcj%2FDSPTTaCSKGO4ThSSnY6YFZCgwVwzk%2BsqqC5c6A6H9vfRLOTLExM%2B1wmVGn2oU9tehXx1yG8w1QvuVu027ry9G8B1HcXXb3qXkRkIbopvftLQDfln4%2BkkjgDp3%2F8Xw%2B5GySjdGc8I9GgPCnQ0dU7BL0tWjJuxb8Ob49KJl7OjqUw9he1oCBhtZUeK1XvwI%2F1xRALZJxdEMPd99%2FPvGE8CfL%2FZxPM7OMV9nh%2B%2FZSyzUHZ%2BPIEdFlN5R84V5hUdgVSBrVV0m4IKR5UIEeYeTGnpe48%2FlGKhSsx7b8dU%2BrqHIb4RcLxHopNFhz9jGk%2B0KcH8gLQ%2Fedi6RQiSUyxpRTcQKUpcJAuL7xWWNB4cB5HaLWGFCOigpxE%2Bsp3Ob%2BvN%2Bpm64HuTwgvChfgfdlyio51dQarOvu%2FfLirDVJj66QXHBk%2Bu9447V6tvUB%2F1AznA7%2FGA4my3anahUg%2BjM43Moc0kTUajrI4t%2FDs%2BPsQGHqc4E2HquVcgn%2BHp%2FL6gCwmQwpKR%2BWg%2BunY1fytfRQAqXfNZIvcgX9GoVEwp7E3xD25a%2BmuV74%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Dec 2022 13:27:25 GMT
Content-Type: text/css
Content-Length: 8803
Connection: keep-alive
Last-Modified: Tue, 14 Dec 2021 15:58:23 GMT
Vary: Accept-Encoding
ETag: "61b8bf1f-2263"
Accept-Ranges: bytes

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
4d98b3a26195b76832941945722cf6be
4faf15fb121f1c6253d96e90af88c6868c70060f
1f2dda38b8dc1a778e963a011b70685ba1791f6fb490cd4418484294f7926a09

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6357
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 13:27:25 GMT
Last-Modified: Sat, 24 Dec 2022 11:41:28 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 278

bdabjdi.naughtymets.com/bundle/544/assets/js/functions.js

178.162.199.80

200 OK

731 B

URL HTTP/1.1
bdabjdi.naughtymets.com/bundle/544/assets/js/functions.js
IP
178.162.199.80:0
ASN
#28753 Leaseweb Deutschland GmbH

File type
ASCII text, with CRLF line terminators
Size
731 B (731 bytes)
Hash
604d251f59390c2d2954a3e6b878cdf9
21c5dacc0df7b9024cdcd319f87fb999b4e3b696
787c04f40c52c71c63bffa8e8754f312ac366f51ee0a1a2266bd73678b0b39c4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /bundle/544/assets/js/functions.js HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/6211a7f91b00d
Cookie: s=rxOKXBQNWzjWqdy1ia2afBnMuQ9HA2FNgdZQpKcyV6DkR5%2BD2kmF302q8GuFVX9HSPfOH4dFFsagMw9CWOINoSB%2BNvgXH%2BNb%2BRRUAgRfFMIBoDIhPisBpCXX2E1zyhQMXgvz8duoNzKIO5cUj65SDFzVjH8aCumWy6KDPY8N3GFQ19Oy09JwcXbnKcTcZbBzJ6qUpu%2FEUNsVS8fM2eTBt8z7jMbS1EFnP2O2DDOKTKONPR85bwi6pPkKQO5GsZ842sU0SwS9Dz5IXvhqSn4wgQQJ%2BCxtEoHpWJgekIl4gFM7eGUgzKDqrdP5bqodySKIdGBYHq3iAs5akxl1OB8Cfw%2BMPIgJclqTRmre1nVCgVmSr8a7bcOIp6zw3oOG3YOkKImECieCuKzdK7u1fgv1gx%2F1lURqDTlia4S5ifLV2Twm%2B2tQT1XAcH%2FKUOKotejK6ZY42E3W4zL1nvl%2FPBCSKliL9YK1eXJGjblOEQTxT7y4tsfQ7JEijMEenL69Nji1qGOT5GqmWIilH6rMyCnEPBxjIhVX5cVlHNA0QZ5n0TYiTQAxftSNo9woRXAmN%2F8mA%2FqcAJw5SD8ePLLuh1jZx%2BAdZLhju7bZlN2XnTlFfuNdSDaqZQLf00jvEqJiJLtJzUT%2BNU0OREsL0I5p37%2BNIWQAwWAxGRc9u0u7i694lkdr%2BtRr%2Fnm0HdoiDwROOjl4Y%2BFMxnh3X8xS26CeGe%2FPE4D8y00L%2FITQT6crV9z1jGDRR3bNFFtQoMkq2SXpa%2B9A9CtV%2FO%2BPIRIzzjeCeDYQZbadwBvFHDyF%2B0sIB7AuDs0h6BlDsQYKPzlzterVTU6%2Bj91SnLg8%2FmAIavljVWnIR8tkdbFFIuE7Am4zroKVoVz4J5HTh%2FBC4BaT%2B9BxbU%2B7g1jmLFOOLltSeJEfhAz3S2%2B6G5j3%2B9AIoGq6bePt5367kHOjcxafHgcQZmlvEEg39sxqzz06WioDtK1ut7dlUiMpZI1faU4JsrlU4lCBOuVTovqRGyakcNZmCtOVBouTKVSS0UusSmw3YTfT57jlBMdXGX0VpeESmy25RHk0gZbk1rqu5Qcj%2FDSPTTaCSKGO4ThSSnY6YFZCgwVwzk%2BsqqC5c6A6H9vfRLOTLExM%2B1wmVGn2oU9tehXx1yG8w1QvuVu027ry9G8B1HcXXb3qXkRkIbopvftLQDfln4%2BkkjgDp3%2F8Xw%2B5GySjdGc8I9GgPCnQ0dU7BL0tWjJuxb8Ob49KJl7OjqUw9he1oCBhtZUeK1XvwI%2F1xRALZJxdEMPd99%2FPvGE8CfL%2FZxPM7OMV9nh%2B%2FZSyzUHZ%2BPIEdFlN5R84V5hUdgVSBrVV0m4IKR5UIEeYeTGnpe48%2FlGKhSsx7b8dU%2BrqHIb4RcLxHopNFhz9jGk%2B0KcH8gLQ%2Fedi6RQiSUyxpRTcQKUpcJAuL7xWWNB4cB5HaLWGFCOigpxE%2Bsp3Ob%2BvN%2Bpm64HuTwgvChfgfdlyio51dQarOvu%2FfLirDVJj66QXHBk%2Bu9447V6tvUB%2F1AznA7%2FGA4my3anahUg%2BjM43Moc0kTUajrI4t%2FDs%2BPsQGHqc4E2HquVcgn%2BHp%2FL6gCwmQwpKR%2BWg%2BunY1fytfRQAqXfNZIvcgX9GoVEwp7E3xD25a%2BmuV74%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Dec 2022 13:27:25 GMT
Content-Type: application/javascript
Content-Length: 731
Connection: keep-alive
Last-Modified: Tue, 14 Dec 2021 15:58:24 GMT
Vary: Accept-Encoding
ETag: "61b8bf20-2db"
Accept-Ranges: bytes

bdabjdi.naughtymets.com/js/click.js?8

178.162.199.80

200 OK

5.3 kB

URL HTTP/1.1
bdabjdi.naughtymets.com/js/click.js?8
IP
178.162.199.80:0
ASN
#28753 Leaseweb Deutschland GmbH

File type
ASCII text
Size
5.3 kB (5260 bytes)
Hash
8207d083c909c6386927c5197eff584c
a5f1148a0e9923191d3f8ed4c1750240374af2a9
f71ae9723255b00dcc8e3631fe419cbbb56a80b3034f184ca5292127d7b3eea9

HTTP Headers

GET /js/click.js?8 HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/6211a7f91b00d
Cookie: s=rxOKXBQNWzjWqdy1ia2afBnMuQ9HA2FNgdZQpKcyV6DkR5%2BD2kmF302q8GuFVX9HSPfOH4dFFsagMw9CWOINoSB%2BNvgXH%2BNb%2BRRUAgRfFMIBoDIhPisBpCXX2E1zyhQMXgvz8duoNzKIO5cUj65SDFzVjH8aCumWy6KDPY8N3GFQ19Oy09JwcXbnKcTcZbBzJ6qUpu%2FEUNsVS8fM2eTBt8z7jMbS1EFnP2O2DDOKTKONPR85bwi6pPkKQO5GsZ842sU0SwS9Dz5IXvhqSn4wgQQJ%2BCxtEoHpWJgekIl4gFM7eGUgzKDqrdP5bqodySKIdGBYHq3iAs5akxl1OB8Cfw%2BMPIgJclqTRmre1nVCgVmSr8a7bcOIp6zw3oOG3YOkKImECieCuKzdK7u1fgv1gx%2F1lURqDTlia4S5ifLV2Twm%2B2tQT1XAcH%2FKUOKotejK6ZY42E3W4zL1nvl%2FPBCSKliL9YK1eXJGjblOEQTxT7y4tsfQ7JEijMEenL69Nji1qGOT5GqmWIilH6rMyCnEPBxjIhVX5cVlHNA0QZ5n0TYiTQAxftSNo9woRXAmN%2F8mA%2FqcAJw5SD8ePLLuh1jZx%2BAdZLhju7bZlN2XnTlFfuNdSDaqZQLf00jvEqJiJLtJzUT%2BNU0OREsL0I5p37%2BNIWQAwWAxGRc9u0u7i694lkdr%2BtRr%2Fnm0HdoiDwROOjl4Y%2BFMxnh3X8xS26CeGe%2FPE4D8y00L%2FITQT6crV9z1jGDRR3bNFFtQoMkq2SXpa%2B9A9CtV%2FO%2BPIRIzzjeCeDYQZbadwBvFHDyF%2B0sIB7AuDs0h6BlDsQYKPzlzterVTU6%2Bj91SnLg8%2FmAIavljVWnIR8tkdbFFIuE7Am4zroKVoVz4J5HTh%2FBC4BaT%2B9BxbU%2B7g1jmLFOOLltSeJEfhAz3S2%2B6G5j3%2B9AIoGq6bePt5367kHOjcxafHgcQZmlvEEg39sxqzz06WioDtK1ut7dlUiMpZI1faU4JsrlU4lCBOuVTovqRGyakcNZmCtOVBouTKVSS0UusSmw3YTfT57jlBMdXGX0VpeESmy25RHk0gZbk1rqu5Qcj%2FDSPTTaCSKGO4ThSSnY6YFZCgwVwzk%2BsqqC5c6A6H9vfRLOTLExM%2B1wmVGn2oU9tehXx1yG8w1QvuVu027ry9G8B1HcXXb3qXkRkIbopvftLQDfln4%2BkkjgDp3%2F8Xw%2B5GySjdGc8I9GgPCnQ0dU7BL0tWjJuxb8Ob49KJl7OjqUw9he1oCBhtZUeK1XvwI%2F1xRALZJxdEMPd99%2FPvGE8CfL%2FZxPM7OMV9nh%2B%2FZSyzUHZ%2BPIEdFlN5R84V5hUdgVSBrVV0m4IKR5UIEeYeTGnpe48%2FlGKhSsx7b8dU%2BrqHIb4RcLxHopNFhz9jGk%2B0KcH8gLQ%2Fedi6RQiSUyxpRTcQKUpcJAuL7xWWNB4cB5HaLWGFCOigpxE%2Bsp3Ob%2BvN%2Bpm64HuTwgvChfgfdlyio51dQarOvu%2FfLirDVJj66QXHBk%2Bu9447V6tvUB%2F1AznA7%2FGA4my3anahUg%2BjM43Moc0kTUajrI4t%2FDs%2BPsQGHqc4E2HquVcgn%2BHp%2FL6gCwmQwpKR%2BWg%2BunY1fytfRQAqXfNZIvcgX9GoVEwp7E3xD25a%2BmuV74%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Dec 2022 13:27:25 GMT
Content-Type: application/javascript
Content-Length: 5260
Connection: keep-alive
Last-Modified: Fri, 23 Dec 2022 12:52:41 GMT
Vary: Accept-Encoding
ETag: "63a5a499-148c"
Accept-Ranges: bytes

bdabjdi.naughtymets.com/bundle/544/assets/js/jquery.min.js

178.162.199.80

200 OK

87 kB

URL HTTP/1.1
bdabjdi.naughtymets.com/bundle/544/assets/js/jquery.min.js
IP
178.162.199.80:0
ASN
#28753 Leaseweb Deutschland GmbH

File type
ASCII text, with very long lines (32058)
Size
87 kB (86659 bytes)
Hash
c9f5aeeca3ad37bf2aa006139b935f0a
1055018c28ab41087ef9ccefe411606893dabea2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /bundle/544/assets/js/jquery.min.js HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/6211a7f91b00d
Cookie: s=rxOKXBQNWzjWqdy1ia2afBnMuQ9HA2FNgdZQpKcyV6DkR5%2BD2kmF302q8GuFVX9HSPfOH4dFFsagMw9CWOINoSB%2BNvgXH%2BNb%2BRRUAgRfFMIBoDIhPisBpCXX2E1zyhQMXgvz8duoNzKIO5cUj65SDFzVjH8aCumWy6KDPY8N3GFQ19Oy09JwcXbnKcTcZbBzJ6qUpu%2FEUNsVS8fM2eTBt8z7jMbS1EFnP2O2DDOKTKONPR85bwi6pPkKQO5GsZ842sU0SwS9Dz5IXvhqSn4wgQQJ%2BCxtEoHpWJgekIl4gFM7eGUgzKDqrdP5bqodySKIdGBYHq3iAs5akxl1OB8Cfw%2BMPIgJclqTRmre1nVCgVmSr8a7bcOIp6zw3oOG3YOkKImECieCuKzdK7u1fgv1gx%2F1lURqDTlia4S5ifLV2Twm%2B2tQT1XAcH%2FKUOKotejK6ZY42E3W4zL1nvl%2FPBCSKliL9YK1eXJGjblOEQTxT7y4tsfQ7JEijMEenL69Nji1qGOT5GqmWIilH6rMyCnEPBxjIhVX5cVlHNA0QZ5n0TYiTQAxftSNo9woRXAmN%2F8mA%2FqcAJw5SD8ePLLuh1jZx%2BAdZLhju7bZlN2XnTlFfuNdSDaqZQLf00jvEqJiJLtJzUT%2BNU0OREsL0I5p37%2BNIWQAwWAxGRc9u0u7i694lkdr%2BtRr%2Fnm0HdoiDwROOjl4Y%2BFMxnh3X8xS26CeGe%2FPE4D8y00L%2FITQT6crV9z1jGDRR3bNFFtQoMkq2SXpa%2B9A9CtV%2FO%2BPIRIzzjeCeDYQZbadwBvFHDyF%2B0sIB7AuDs0h6BlDsQYKPzlzterVTU6%2Bj91SnLg8%2FmAIavljVWnIR8tkdbFFIuE7Am4zroKVoVz4J5HTh%2FBC4BaT%2B9BxbU%2B7g1jmLFOOLltSeJEfhAz3S2%2B6G5j3%2B9AIoGq6bePt5367kHOjcxafHgcQZmlvEEg39sxqzz06WioDtK1ut7dlUiMpZI1faU4JsrlU4lCBOuVTovqRGyakcNZmCtOVBouTKVSS0UusSmw3YTfT57jlBMdXGX0VpeESmy25RHk0gZbk1rqu5Qcj%2FDSPTTaCSKGO4ThSSnY6YFZCgwVwzk%2BsqqC5c6A6H9vfRLOTLExM%2B1wmVGn2oU9tehXx1yG8w1QvuVu027ry9G8B1HcXXb3qXkRkIbopvftLQDfln4%2BkkjgDp3%2F8Xw%2B5GySjdGc8I9GgPCnQ0dU7BL0tWjJuxb8Ob49KJl7OjqUw9he1oCBhtZUeK1XvwI%2F1xRALZJxdEMPd99%2FPvGE8CfL%2FZxPM7OMV9nh%2B%2FZSyzUHZ%2BPIEdFlN5R84V5hUdgVSBrVV0m4IKR5UIEeYeTGnpe48%2FlGKhSsx7b8dU%2BrqHIb4RcLxHopNFhz9jGk%2B0KcH8gLQ%2Fedi6RQiSUyxpRTcQKUpcJAuL7xWWNB4cB5HaLWGFCOigpxE%2Bsp3Ob%2BvN%2Bpm64HuTwgvChfgfdlyio51dQarOvu%2FfLirDVJj66QXHBk%2Bu9447V6tvUB%2F1AznA7%2FGA4my3anahUg%2BjM43Moc0kTUajrI4t%2FDs%2BPsQGHqc4E2HquVcgn%2BHp%2FL6gCwmQwpKR%2BWg%2BunY1fytfRQAqXfNZIvcgX9GoVEwp7E3xD25a%2BmuV74%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Dec 2022 13:27:25 GMT
Content-Type: application/javascript
Content-Length: 86659
Connection: keep-alive
Last-Modified: Tue, 14 Dec 2021 15:58:25 GMT
Vary: Accept-Encoding
ETag: "61b8bf21-15283"
Accept-Ranges: bytes

stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css

104.18.11.207

200 OK

25 kB

URL HTTP/2
stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css
IP
104.18.11.207:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65324)
Size
25 kB (24701 bytes)
Hash
2efc50f9c8bb8bd7376169a7b4e4b8f7
eaa2ee2cb16530d631fd637a450d1ed0877dd221
9755f04f63c08d18b6aa68fa74ad2bf232335e3cb989d2b7575efe913257026c

HTTP Headers

GET /bootstrap/4.3.1/css/bootstrap.min.css HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bdabjdi.naughtymets.com
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 24 Dec 2022 13:27:25 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"a15c2ac3234aa8f6064ef9c1f7383c37"
last-modified: Mon, 25 Jan 2021 22:04:08 GMT
cdn-cachedat: 08/15/2022 13:52:49
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 752
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 14e04e76cdc966cceb98988d996f3cd1
cdn-cache: HIT
cf-cache-status: MISS
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 77e9ac9d8b99fabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

bdabjdi.naughtymets.com/bundle/544/assets/js/bootstrap.min.js

178.162.199.80

200 OK

58 kB

URL HTTP/1.1
bdabjdi.naughtymets.com/bundle/544/assets/js/bootstrap.min.js
IP
178.162.199.80:0
ASN
#28753 Leaseweb Deutschland GmbH

File type
ASCII text, with very long lines (57791)
Size
58 kB (58072 bytes)
Hash
e1d98d47689e00f8ecbc5d9f61bdb42e
6778fed3cf095a318141a31f455c8f4663885bde
0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /bundle/544/assets/js/bootstrap.min.js HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/6211a7f91b00d
Cookie: s=rxOKXBQNWzjWqdy1ia2afBnMuQ9HA2FNgdZQpKcyV6DkR5%2BD2kmF302q8GuFVX9HSPfOH4dFFsagMw9CWOINoSB%2BNvgXH%2BNb%2BRRUAgRfFMIBoDIhPisBpCXX2E1zyhQMXgvz8duoNzKIO5cUj65SDFzVjH8aCumWy6KDPY8N3GFQ19Oy09JwcXbnKcTcZbBzJ6qUpu%2FEUNsVS8fM2eTBt8z7jMbS1EFnP2O2DDOKTKONPR85bwi6pPkKQO5GsZ842sU0SwS9Dz5IXvhqSn4wgQQJ%2BCxtEoHpWJgekIl4gFM7eGUgzKDqrdP5bqodySKIdGBYHq3iAs5akxl1OB8Cfw%2BMPIgJclqTRmre1nVCgVmSr8a7bcOIp6zw3oOG3YOkKImECieCuKzdK7u1fgv1gx%2F1lURqDTlia4S5ifLV2Twm%2B2tQT1XAcH%2FKUOKotejK6ZY42E3W4zL1nvl%2FPBCSKliL9YK1eXJGjblOEQTxT7y4tsfQ7JEijMEenL69Nji1qGOT5GqmWIilH6rMyCnEPBxjIhVX5cVlHNA0QZ5n0TYiTQAxftSNo9woRXAmN%2F8mA%2FqcAJw5SD8ePLLuh1jZx%2BAdZLhju7bZlN2XnTlFfuNdSDaqZQLf00jvEqJiJLtJzUT%2BNU0OREsL0I5p37%2BNIWQAwWAxGRc9u0u7i694lkdr%2BtRr%2Fnm0HdoiDwROOjl4Y%2BFMxnh3X8xS26CeGe%2FPE4D8y00L%2FITQT6crV9z1jGDRR3bNFFtQoMkq2SXpa%2B9A9CtV%2FO%2BPIRIzzjeCeDYQZbadwBvFHDyF%2B0sIB7AuDs0h6BlDsQYKPzlzterVTU6%2Bj91SnLg8%2FmAIavljVWnIR8tkdbFFIuE7Am4zroKVoVz4J5HTh%2FBC4BaT%2B9BxbU%2B7g1jmLFOOLltSeJEfhAz3S2%2B6G5j3%2B9AIoGq6bePt5367kHOjcxafHgcQZmlvEEg39sxqzz06WioDtK1ut7dlUiMpZI1faU4JsrlU4lCBOuVTovqRGyakcNZmCtOVBouTKVSS0UusSmw3YTfT57jlBMdXGX0VpeESmy25RHk0gZbk1rqu5Qcj%2FDSPTTaCSKGO4ThSSnY6YFZCgwVwzk%2BsqqC5c6A6H9vfRLOTLExM%2B1wmVGn2oU9tehXx1yG8w1QvuVu027ry9G8B1HcXXb3qXkRkIbopvftLQDfln4%2BkkjgDp3%2F8Xw%2B5GySjdGc8I9GgPCnQ0dU7BL0tWjJuxb8Ob49KJl7OjqUw9he1oCBhtZUeK1XvwI%2F1xRALZJxdEMPd99%2FPvGE8CfL%2FZxPM7OMV9nh%2B%2FZSyzUHZ%2BPIEdFlN5R84V5hUdgVSBrVV0m4IKR5UIEeYeTGnpe48%2FlGKhSsx7b8dU%2BrqHIb4RcLxHopNFhz9jGk%2B0KcH8gLQ%2Fedi6RQiSUyxpRTcQKUpcJAuL7xWWNB4cB5HaLWGFCOigpxE%2Bsp3Ob%2BvN%2Bpm64HuTwgvChfgfdlyio51dQarOvu%2FfLirDVJj66QXHBk%2Bu9447V6tvUB%2F1AznA7%2FGA4my3anahUg%2BjM43Moc0kTUajrI4t%2FDs%2BPsQGHqc4E2HquVcgn%2BHp%2FL6gCwmQwpKR%2BWg%2BunY1fytfRQAqXfNZIvcgX9GoVEwp7E3xD25a%2BmuV74%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Dec 2022 13:27:25 GMT
Content-Type: application/javascript
Content-Length: 58072
Connection: keep-alive
Last-Modified: Tue, 14 Dec 2021 15:58:24 GMT
Vary: Accept-Encoding
ETag: "61b8bf20-e2d8"
Accept-Ranges: bytes

bdabjdi.naughtymets.com/bundle/544/assets/images/23592236.webp

178.162.199.80

200 OK

13 kB

URL HTTP/1.1
bdabjdi.naughtymets.com/bundle/544/assets/images/23592236.webp
IP
178.162.199.80:0
ASN
#28753 Leaseweb Deutschland GmbH

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 600x850, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
13 kB (13110 bytes)
Hash
e6d3810834ac9b1acdfa15d2221135af
03a49668e020ae0b2123c1da426f63b678c13ba3
a16cd9ba0e94d70cd56d6ed01a6c918ae90d47651b9ad11f16097a24410aef05

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /bundle/544/assets/images/23592236.webp HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/6211a7f91b00d
Cookie: s=rxOKXBQNWzjWqdy1ia2afBnMuQ9HA2FNgdZQpKcyV6DkR5%2BD2kmF302q8GuFVX9HSPfOH4dFFsagMw9CWOINoSB%2BNvgXH%2BNb%2BRRUAgRfFMIBoDIhPisBpCXX2E1zyhQMXgvz8duoNzKIO5cUj65SDFzVjH8aCumWy6KDPY8N3GFQ19Oy09JwcXbnKcTcZbBzJ6qUpu%2FEUNsVS8fM2eTBt8z7jMbS1EFnP2O2DDOKTKONPR85bwi6pPkKQO5GsZ842sU0SwS9Dz5IXvhqSn4wgQQJ%2BCxtEoHpWJgekIl4gFM7eGUgzKDqrdP5bqodySKIdGBYHq3iAs5akxl1OB8Cfw%2BMPIgJclqTRmre1nVCgVmSr8a7bcOIp6zw3oOG3YOkKImECieCuKzdK7u1fgv1gx%2F1lURqDTlia4S5ifLV2Twm%2B2tQT1XAcH%2FKUOKotejK6ZY42E3W4zL1nvl%2FPBCSKliL9YK1eXJGjblOEQTxT7y4tsfQ7JEijMEenL69Nji1qGOT5GqmWIilH6rMyCnEPBxjIhVX5cVlHNA0QZ5n0TYiTQAxftSNo9woRXAmN%2F8mA%2FqcAJw5SD8ePLLuh1jZx%2BAdZLhju7bZlN2XnTlFfuNdSDaqZQLf00jvEqJiJLtJzUT%2BNU0OREsL0I5p37%2BNIWQAwWAxGRc9u0u7i694lkdr%2BtRr%2Fnm0HdoiDwROOjl4Y%2BFMxnh3X8xS26CeGe%2FPE4D8y00L%2FITQT6crV9z1jGDRR3bNFFtQoMkq2SXpa%2B9A9CtV%2FO%2BPIRIzzjeCeDYQZbadwBvFHDyF%2B0sIB7AuDs0h6BlDsQYKPzlzterVTU6%2Bj91SnLg8%2FmAIavljVWnIR8tkdbFFIuE7Am4zroKVoVz4J5HTh%2FBC4BaT%2B9BxbU%2B7g1jmLFOOLltSeJEfhAz3S2%2B6G5j3%2B9AIoGq6bePt5367kHOjcxafHgcQZmlvEEg39sxqzz06WioDtK1ut7dlUiMpZI1faU4JsrlU4lCBOuVTovqRGyakcNZmCtOVBouTKVSS0UusSmw3YTfT57jlBMdXGX0VpeESmy25RHk0gZbk1rqu5Qcj%2FDSPTTaCSKGO4ThSSnY6YFZCgwVwzk%2BsqqC5c6A6H9vfRLOTLExM%2B1wmVGn2oU9tehXx1yG8w1QvuVu027ry9G8B1HcXXb3qXkRkIbopvftLQDfln4%2BkkjgDp3%2F8Xw%2B5GySjdGc8I9GgPCnQ0dU7BL0tWjJuxb8Ob49KJl7OjqUw9he1oCBhtZUeK1XvwI%2F1xRALZJxdEMPd99%2FPvGE8CfL%2FZxPM7OMV9nh%2B%2FZSyzUHZ%2BPIEdFlN5R84V5hUdgVSBrVV0m4IKR5UIEeYeTGnpe48%2FlGKhSsx7b8dU%2BrqHIb4RcLxHopNFhz9jGk%2B0KcH8gLQ%2Fedi6RQiSUyxpRTcQKUpcJAuL7xWWNB4cB5HaLWGFCOigpxE%2Bsp3Ob%2BvN%2Bpm64HuTwgvChfgfdlyio51dQarOvu%2FfLirDVJj66QXHBk%2Bu9447V6tvUB%2F1AznA7%2FGA4my3anahUg%2BjM43Moc0kTUajrI4t%2FDs%2BPsQGHqc4E2HquVcgn%2BHp%2FL6gCwmQwpKR%2BWg%2BunY1fytfRQAqXfNZIvcgX9GoVEwp7E3xD25a%2BmuV74%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Dec 2022 13:27:25 GMT
Content-Type: image/webp
Content-Length: 13110
Connection: keep-alive
Last-Modified: Tue, 14 Dec 2021 15:58:23 GMT
ETag: "61b8bf1f-3336"
Accept-Ranges: bytes

bdabjdi.naughtymets.com/bundle/544/assets/images/23623572.webp

178.162.199.80

200 OK

9.7 kB

URL HTTP/1.1
bdabjdi.naughtymets.com/bundle/544/assets/images/23623572.webp
IP
178.162.199.80:0
ASN
#28753 Leaseweb Deutschland GmbH

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 600x850, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
9.7 kB (9698 bytes)
Hash
3fafdbbfb28989e6011a49fcc7d269fc
6baa82c199322cb1e6460e911c51b03ba9c601de
ce102ab44ba3181db8a99c384dbfc4be7e177ef3020ea6736377d35d9ab0f6db

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /bundle/544/assets/images/23623572.webp HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/6211a7f91b00d
Cookie: s=rxOKXBQNWzjWqdy1ia2afBnMuQ9HA2FNgdZQpKcyV6DkR5%2BD2kmF302q8GuFVX9HSPfOH4dFFsagMw9CWOINoSB%2BNvgXH%2BNb%2BRRUAgRfFMIBoDIhPisBpCXX2E1zyhQMXgvz8duoNzKIO5cUj65SDFzVjH8aCumWy6KDPY8N3GFQ19Oy09JwcXbnKcTcZbBzJ6qUpu%2FEUNsVS8fM2eTBt8z7jMbS1EFnP2O2DDOKTKONPR85bwi6pPkKQO5GsZ842sU0SwS9Dz5IXvhqSn4wgQQJ%2BCxtEoHpWJgekIl4gFM7eGUgzKDqrdP5bqodySKIdGBYHq3iAs5akxl1OB8Cfw%2BMPIgJclqTRmre1nVCgVmSr8a7bcOIp6zw3oOG3YOkKImECieCuKzdK7u1fgv1gx%2F1lURqDTlia4S5ifLV2Twm%2B2tQT1XAcH%2FKUOKotejK6ZY42E3W4zL1nvl%2FPBCSKliL9YK1eXJGjblOEQTxT7y4tsfQ7JEijMEenL69Nji1qGOT5GqmWIilH6rMyCnEPBxjIhVX5cVlHNA0QZ5n0TYiTQAxftSNo9woRXAmN%2F8mA%2FqcAJw5SD8ePLLuh1jZx%2BAdZLhju7bZlN2XnTlFfuNdSDaqZQLf00jvEqJiJLtJzUT%2BNU0OREsL0I5p37%2BNIWQAwWAxGRc9u0u7i694lkdr%2BtRr%2Fnm0HdoiDwROOjl4Y%2BFMxnh3X8xS26CeGe%2FPE4D8y00L%2FITQT6crV9z1jGDRR3bNFFtQoMkq2SXpa%2B9A9CtV%2FO%2BPIRIzzjeCeDYQZbadwBvFHDyF%2B0sIB7AuDs0h6BlDsQYKPzlzterVTU6%2Bj91SnLg8%2FmAIavljVWnIR8tkdbFFIuE7Am4zroKVoVz4J5HTh%2FBC4BaT%2B9BxbU%2B7g1jmLFOOLltSeJEfhAz3S2%2B6G5j3%2B9AIoGq6bePt5367kHOjcxafHgcQZmlvEEg39sxqzz06WioDtK1ut7dlUiMpZI1faU4JsrlU4lCBOuVTovqRGyakcNZmCtOVBouTKVSS0UusSmw3YTfT57jlBMdXGX0VpeESmy25RHk0gZbk1rqu5Qcj%2FDSPTTaCSKGO4ThSSnY6YFZCgwVwzk%2BsqqC5c6A6H9vfRLOTLExM%2B1wmVGn2oU9tehXx1yG8w1QvuVu027ry9G8B1HcXXb3qXkRkIbopvftLQDfln4%2BkkjgDp3%2F8Xw%2B5GySjdGc8I9GgPCnQ0dU7BL0tWjJuxb8Ob49KJl7OjqUw9he1oCBhtZUeK1XvwI%2F1xRALZJxdEMPd99%2FPvGE8CfL%2FZxPM7OMV9nh%2B%2FZSyzUHZ%2BPIEdFlN5R84V5hUdgVSBrVV0m4IKR5UIEeYeTGnpe48%2FlGKhSsx7b8dU%2BrqHIb4RcLxHopNFhz9jGk%2B0KcH8gLQ%2Fedi6RQiSUyxpRTcQKUpcJAuL7xWWNB4cB5HaLWGFCOigpxE%2Bsp3Ob%2BvN%2Bpm64HuTwgvChfgfdlyio51dQarOvu%2FfLirDVJj66QXHBk%2Bu9447V6tvUB%2F1AznA7%2FGA4my3anahUg%2BjM43Moc0kTUajrI4t%2FDs%2BPsQGHqc4E2HquVcgn%2BHp%2FL6gCwmQwpKR%2BWg%2BunY1fytfRQAqXfNZIvcgX9GoVEwp7E3xD25a%2BmuV74%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Dec 2022 13:27:25 GMT
Content-Type: image/webp
Content-Length: 9698
Connection: keep-alive
Last-Modified: Tue, 14 Dec 2021 15:58:23 GMT
ETag: "61b8bf1f-25e2"
Accept-Ranges: bytes

bdabjdi.naughtymets.com/bundle/544/assets/images/23695857.webp

178.162.199.80

200 OK

18 kB

URL HTTP/1.1
bdabjdi.naughtymets.com/bundle/544/assets/images/23695857.webp
IP
178.162.199.80:0
ASN
#28753 Leaseweb Deutschland GmbH

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 600x850, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
18 kB (17626 bytes)
Hash
eab53105ffbbbc0a7065c4080435e443
7624e928909d8f5fc2aa8f4349ad8e8d225c4212
193fc92167dc889d65b8320225bc1dab67c29d583ec6a0cbfd27f842cb712ca0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /bundle/544/assets/images/23695857.webp HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/6211a7f91b00d
Cookie: s=rxOKXBQNWzjWqdy1ia2afBnMuQ9HA2FNgdZQpKcyV6DkR5%2BD2kmF302q8GuFVX9HSPfOH4dFFsagMw9CWOINoSB%2BNvgXH%2BNb%2BRRUAgRfFMIBoDIhPisBpCXX2E1zyhQMXgvz8duoNzKIO5cUj65SDFzVjH8aCumWy6KDPY8N3GFQ19Oy09JwcXbnKcTcZbBzJ6qUpu%2FEUNsVS8fM2eTBt8z7jMbS1EFnP2O2DDOKTKONPR85bwi6pPkKQO5GsZ842sU0SwS9Dz5IXvhqSn4wgQQJ%2BCxtEoHpWJgekIl4gFM7eGUgzKDqrdP5bqodySKIdGBYHq3iAs5akxl1OB8Cfw%2BMPIgJclqTRmre1nVCgVmSr8a7bcOIp6zw3oOG3YOkKImECieCuKzdK7u1fgv1gx%2F1lURqDTlia4S5ifLV2Twm%2B2tQT1XAcH%2FKUOKotejK6ZY42E3W4zL1nvl%2FPBCSKliL9YK1eXJGjblOEQTxT7y4tsfQ7JEijMEenL69Nji1qGOT5GqmWIilH6rMyCnEPBxjIhVX5cVlHNA0QZ5n0TYiTQAxftSNo9woRXAmN%2F8mA%2FqcAJw5SD8ePLLuh1jZx%2BAdZLhju7bZlN2XnTlFfuNdSDaqZQLf00jvEqJiJLtJzUT%2BNU0OREsL0I5p37%2BNIWQAwWAxGRc9u0u7i694lkdr%2BtRr%2Fnm0HdoiDwROOjl4Y%2BFMxnh3X8xS26CeGe%2FPE4D8y00L%2FITQT6crV9z1jGDRR3bNFFtQoMkq2SXpa%2B9A9CtV%2FO%2BPIRIzzjeCeDYQZbadwBvFHDyF%2B0sIB7AuDs0h6BlDsQYKPzlzterVTU6%2Bj91SnLg8%2FmAIavljVWnIR8tkdbFFIuE7Am4zroKVoVz4J5HTh%2FBC4BaT%2B9BxbU%2B7g1jmLFOOLltSeJEfhAz3S2%2B6G5j3%2B9AIoGq6bePt5367kHOjcxafHgcQZmlvEEg39sxqzz06WioDtK1ut7dlUiMpZI1faU4JsrlU4lCBOuVTovqRGyakcNZmCtOVBouTKVSS0UusSmw3YTfT57jlBMdXGX0VpeESmy25RHk0gZbk1rqu5Qcj%2FDSPTTaCSKGO4ThSSnY6YFZCgwVwzk%2BsqqC5c6A6H9vfRLOTLExM%2B1wmVGn2oU9tehXx1yG8w1QvuVu027ry9G8B1HcXXb3qXkRkIbopvftLQDfln4%2BkkjgDp3%2F8Xw%2B5GySjdGc8I9GgPCnQ0dU7BL0tWjJuxb8Ob49KJl7OjqUw9he1oCBhtZUeK1XvwI%2F1xRALZJxdEMPd99%2FPvGE8CfL%2FZxPM7OMV9nh%2B%2FZSyzUHZ%2BPIEdFlN5R84V5hUdgVSBrVV0m4IKR5UIEeYeTGnpe48%2FlGKhSsx7b8dU%2BrqHIb4RcLxHopNFhz9jGk%2B0KcH8gLQ%2Fedi6RQiSUyxpRTcQKUpcJAuL7xWWNB4cB5HaLWGFCOigpxE%2Bsp3Ob%2BvN%2Bpm64HuTwgvChfgfdlyio51dQarOvu%2FfLirDVJj66QXHBk%2Bu9447V6tvUB%2F1AznA7%2FGA4my3anahUg%2BjM43Moc0kTUajrI4t%2FDs%2BPsQGHqc4E2HquVcgn%2BHp%2FL6gCwmQwpKR%2BWg%2BunY1fytfRQAqXfNZIvcgX9GoVEwp7E3xD25a%2BmuV74%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Dec 2022 13:27:25 GMT
Content-Type: image/webp
Content-Length: 17626
Connection: keep-alive
Last-Modified: Tue, 14 Dec 2021 15:58:23 GMT
ETag: "61b8bf1f-44da"
Accept-Ranges: bytes

bdabjdi.naughtymets.com/bundle/544/assets/images/22535598.webp

178.162.199.80

200 OK

28 kB

URL HTTP/1.1
bdabjdi.naughtymets.com/bundle/544/assets/images/22535598.webp
IP
178.162.199.80:0
ASN
#28753 Leaseweb Deutschland GmbH

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 600x850, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
28 kB (28204 bytes)
Hash
0494d3a33c5efab1dfee492f406b74b2
cad892595a3165bab87b21187702b5009529b6a6
ae74086142c700112bb19f1e1dd9ef660e5269721b70a9c2fd7d220ddc90a8b9

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /bundle/544/assets/images/22535598.webp HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/6211a7f91b00d
Cookie: s=rxOKXBQNWzjWqdy1ia2afBnMuQ9HA2FNgdZQpKcyV6DkR5%2BD2kmF302q8GuFVX9HSPfOH4dFFsagMw9CWOINoSB%2BNvgXH%2BNb%2BRRUAgRfFMIBoDIhPisBpCXX2E1zyhQMXgvz8duoNzKIO5cUj65SDFzVjH8aCumWy6KDPY8N3GFQ19Oy09JwcXbnKcTcZbBzJ6qUpu%2FEUNsVS8fM2eTBt8z7jMbS1EFnP2O2DDOKTKONPR85bwi6pPkKQO5GsZ842sU0SwS9Dz5IXvhqSn4wgQQJ%2BCxtEoHpWJgekIl4gFM7eGUgzKDqrdP5bqodySKIdGBYHq3iAs5akxl1OB8Cfw%2BMPIgJclqTRmre1nVCgVmSr8a7bcOIp6zw3oOG3YOkKImECieCuKzdK7u1fgv1gx%2F1lURqDTlia4S5ifLV2Twm%2B2tQT1XAcH%2FKUOKotejK6ZY42E3W4zL1nvl%2FPBCSKliL9YK1eXJGjblOEQTxT7y4tsfQ7JEijMEenL69Nji1qGOT5GqmWIilH6rMyCnEPBxjIhVX5cVlHNA0QZ5n0TYiTQAxftSNo9woRXAmN%2F8mA%2FqcAJw5SD8ePLLuh1jZx%2BAdZLhju7bZlN2XnTlFfuNdSDaqZQLf00jvEqJiJLtJzUT%2BNU0OREsL0I5p37%2BNIWQAwWAxGRc9u0u7i694lkdr%2BtRr%2Fnm0HdoiDwROOjl4Y%2BFMxnh3X8xS26CeGe%2FPE4D8y00L%2FITQT6crV9z1jGDRR3bNFFtQoMkq2SXpa%2B9A9CtV%2FO%2BPIRIzzjeCeDYQZbadwBvFHDyF%2B0sIB7AuDs0h6BlDsQYKPzlzterVTU6%2Bj91SnLg8%2FmAIavljVWnIR8tkdbFFIuE7Am4zroKVoVz4J5HTh%2FBC4BaT%2B9BxbU%2B7g1jmLFOOLltSeJEfhAz3S2%2B6G5j3%2B9AIoGq6bePt5367kHOjcxafHgcQZmlvEEg39sxqzz06WioDtK1ut7dlUiMpZI1faU4JsrlU4lCBOuVTovqRGyakcNZmCtOVBouTKVSS0UusSmw3YTfT57jlBMdXGX0VpeESmy25RHk0gZbk1rqu5Qcj%2FDSPTTaCSKGO4ThSSnY6YFZCgwVwzk%2BsqqC5c6A6H9vfRLOTLExM%2B1wmVGn2oU9tehXx1yG8w1QvuVu027ry9G8B1HcXXb3qXkRkIbopvftLQDfln4%2BkkjgDp3%2F8Xw%2B5GySjdGc8I9GgPCnQ0dU7BL0tWjJuxb8Ob49KJl7OjqUw9he1oCBhtZUeK1XvwI%2F1xRALZJxdEMPd99%2FPvGE8CfL%2FZxPM7OMV9nh%2B%2FZSyzUHZ%2BPIEdFlN5R84V5hUdgVSBrVV0m4IKR5UIEeYeTGnpe48%2FlGKhSsx7b8dU%2BrqHIb4RcLxHopNFhz9jGk%2B0KcH8gLQ%2Fedi6RQiSUyxpRTcQKUpcJAuL7xWWNB4cB5HaLWGFCOigpxE%2Bsp3Ob%2BvN%2Bpm64HuTwgvChfgfdlyio51dQarOvu%2FfLirDVJj66QXHBk%2Bu9447V6tvUB%2F1AznA7%2FGA4my3anahUg%2BjM43Moc0kTUajrI4t%2FDs%2BPsQGHqc4E2HquVcgn%2BHp%2FL6gCwmQwpKR%2BWg%2BunY1fytfRQAqXfNZIvcgX9GoVEwp7E3xD25a%2BmuV74%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Dec 2022 13:27:25 GMT
Content-Type: image/webp
Content-Length: 28204
Connection: keep-alive
Last-Modified: Tue, 14 Dec 2021 15:58:23 GMT
ETag: "61b8bf1f-6e2c"
Accept-Ranges: bytes

bdabjdi.naughtymets.com/bundle/544/assets/images/24513351.gif

178.162.199.80

200 OK

842 kB

URL HTTP/1.1
bdabjdi.naughtymets.com/bundle/544/assets/images/24513351.gif
IP
178.162.199.80:0
ASN
#28753 Leaseweb Deutschland GmbH

File type
GIF image data, version 89a, 197 x 350\012- data
Size
842 kB (842292 bytes)
Hash
e5ed941db0c6a1abd2d72896119505c4
39111ab9674fa8703ff3a5b47fb1cee50eca1143
08f0879155859c61691fd95893277524547a20e24e9541b69f50b5336719b103

HTTP Headers

GET /bundle/544/assets/images/24513351.gif HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/6211a7f91b00d
Cookie: s=rxOKXBQNWzjWqdy1ia2afBnMuQ9HA2FNgdZQpKcyV6DkR5%2BD2kmF302q8GuFVX9HSPfOH4dFFsagMw9CWOINoSB%2BNvgXH%2BNb%2BRRUAgRfFMIBoDIhPisBpCXX2E1zyhQMXgvz8duoNzKIO5cUj65SDFzVjH8aCumWy6KDPY8N3GFQ19Oy09JwcXbnKcTcZbBzJ6qUpu%2FEUNsVS8fM2eTBt8z7jMbS1EFnP2O2DDOKTKONPR85bwi6pPkKQO5GsZ842sU0SwS9Dz5IXvhqSn4wgQQJ%2BCxtEoHpWJgekIl4gFM7eGUgzKDqrdP5bqodySKIdGBYHq3iAs5akxl1OB8Cfw%2BMPIgJclqTRmre1nVCgVmSr8a7bcOIp6zw3oOG3YOkKImECieCuKzdK7u1fgv1gx%2F1lURqDTlia4S5ifLV2Twm%2B2tQT1XAcH%2FKUOKotejK6ZY42E3W4zL1nvl%2FPBCSKliL9YK1eXJGjblOEQTxT7y4tsfQ7JEijMEenL69Nji1qGOT5GqmWIilH6rMyCnEPBxjIhVX5cVlHNA0QZ5n0TYiTQAxftSNo9woRXAmN%2F8mA%2FqcAJw5SD8ePLLuh1jZx%2BAdZLhju7bZlN2XnTlFfuNdSDaqZQLf00jvEqJiJLtJzUT%2BNU0OREsL0I5p37%2BNIWQAwWAxGRc9u0u7i694lkdr%2BtRr%2Fnm0HdoiDwROOjl4Y%2BFMxnh3X8xS26CeGe%2FPE4D8y00L%2FITQT6crV9z1jGDRR3bNFFtQoMkq2SXpa%2B9A9CtV%2FO%2BPIRIzzjeCeDYQZbadwBvFHDyF%2B0sIB7AuDs0h6BlDsQYKPzlzterVTU6%2Bj91SnLg8%2FmAIavljVWnIR8tkdbFFIuE7Am4zroKVoVz4J5HTh%2FBC4BaT%2B9BxbU%2B7g1jmLFOOLltSeJEfhAz3S2%2B6G5j3%2B9AIoGq6bePt5367kHOjcxafHgcQZmlvEEg39sxqzz06WioDtK1ut7dlUiMpZI1faU4JsrlU4lCBOuVTovqRGyakcNZmCtOVBouTKVSS0UusSmw3YTfT57jlBMdXGX0VpeESmy25RHk0gZbk1rqu5Qcj%2FDSPTTaCSKGO4ThSSnY6YFZCgwVwzk%2BsqqC5c6A6H9vfRLOTLExM%2B1wmVGn2oU9tehXx1yG8w1QvuVu027ry9G8B1HcXXb3qXkRkIbopvftLQDfln4%2BkkjgDp3%2F8Xw%2B5GySjdGc8I9GgPCnQ0dU7BL0tWjJuxb8Ob49KJl7OjqUw9he1oCBhtZUeK1XvwI%2F1xRALZJxdEMPd99%2FPvGE8CfL%2FZxPM7OMV9nh%2B%2FZSyzUHZ%2BPIEdFlN5R84V5hUdgVSBrVV0m4IKR5UIEeYeTGnpe48%2FlGKhSsx7b8dU%2BrqHIb4RcLxHopNFhz9jGk%2B0KcH8gLQ%2Fedi6RQiSUyxpRTcQKUpcJAuL7xWWNB4cB5HaLWGFCOigpxE%2Bsp3Ob%2BvN%2Bpm64HuTwgvChfgfdlyio51dQarOvu%2FfLirDVJj66QXHBk%2Bu9447V6tvUB%2F1AznA7%2FGA4my3anahUg%2BjM43Moc0kTUajrI4t%2FDs%2BPsQGHqc4E2HquVcgn%2BHp%2FL6gCwmQwpKR%2BWg%2BunY1fytfRQAqXfNZIvcgX9GoVEwp7E3xD25a%2BmuV74%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Dec 2022 13:27:25 GMT
Content-Type: image/gif
Content-Length: 842292
Connection: keep-alive
Last-Modified: Tue, 14 Dec 2021 15:58:24 GMT
ETag: "61b8bf20-cda34"
Accept-Ranges: bytes

bdabjdi.naughtymets.com/js/fp2.min.js

178.162.199.80

200 OK

31 kB

URL HTTP/1.1
bdabjdi.naughtymets.com/js/fp2.min.js
IP
178.162.199.80:0
ASN
#28753 Leaseweb Deutschland GmbH

File type
ASCII text, with very long lines (30507)
Size
31 kB (30685 bytes)
Hash
e7d6b85edb141824af8951e19333337c
76600b2cb1978ca24d9fe39b1412f052da855ddb
6e1bf43d1d49858aacd5de53b32b551732bca4b2a46b1f808eb6d6d0f2b70c0e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/fp2.min.js HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/6211a7f91b00d
Cookie: s=rxOKXBQNWzjWqdy1ia2afBnMuQ9HA2FNgdZQpKcyV6DkR5%2BD2kmF302q8GuFVX9HSPfOH4dFFsagMw9CWOINoSB%2BNvgXH%2BNb%2BRRUAgRfFMIBoDIhPisBpCXX2E1zyhQMXgvz8duoNzKIO5cUj65SDFzVjH8aCumWy6KDPY8N3GFQ19Oy09JwcXbnKcTcZbBzJ6qUpu%2FEUNsVS8fM2eTBt8z7jMbS1EFnP2O2DDOKTKONPR85bwi6pPkKQO5GsZ842sU0SwS9Dz5IXvhqSn4wgQQJ%2BCxtEoHpWJgekIl4gFM7eGUgzKDqrdP5bqodySKIdGBYHq3iAs5akxl1OB8Cfw%2BMPIgJclqTRmre1nVCgVmSr8a7bcOIp6zw3oOG3YOkKImECieCuKzdK7u1fgv1gx%2F1lURqDTlia4S5ifLV2Twm%2B2tQT1XAcH%2FKUOKotejK6ZY42E3W4zL1nvl%2FPBCSKliL9YK1eXJGjblOEQTxT7y4tsfQ7JEijMEenL69Nji1qGOT5GqmWIilH6rMyCnEPBxjIhVX5cVlHNA0QZ5n0TYiTQAxftSNo9woRXAmN%2F8mA%2FqcAJw5SD8ePLLuh1jZx%2BAdZLhju7bZlN2XnTlFfuNdSDaqZQLf00jvEqJiJLtJzUT%2BNU0OREsL0I5p37%2BNIWQAwWAxGRc9u0u7i694lkdr%2BtRr%2Fnm0HdoiDwROOjl4Y%2BFMxnh3X8xS26CeGe%2FPE4D8y00L%2FITQT6crV9z1jGDRR3bNFFtQoMkq2SXpa%2B9A9CtV%2FO%2BPIRIzzjeCeDYQZbadwBvFHDyF%2B0sIB7AuDs0h6BlDsQYKPzlzterVTU6%2Bj91SnLg8%2FmAIavljVWnIR8tkdbFFIuE7Am4zroKVoVz4J5HTh%2FBC4BaT%2B9BxbU%2B7g1jmLFOOLltSeJEfhAz3S2%2B6G5j3%2B9AIoGq6bePt5367kHOjcxafHgcQZmlvEEg39sxqzz06WioDtK1ut7dlUiMpZI1faU4JsrlU4lCBOuVTovqRGyakcNZmCtOVBouTKVSS0UusSmw3YTfT57jlBMdXGX0VpeESmy25RHk0gZbk1rqu5Qcj%2FDSPTTaCSKGO4ThSSnY6YFZCgwVwzk%2BsqqC5c6A6H9vfRLOTLExM%2B1wmVGn2oU9tehXx1yG8w1QvuVu027ry9G8B1HcXXb3qXkRkIbopvftLQDfln4%2BkkjgDp3%2F8Xw%2B5GySjdGc8I9GgPCnQ0dU7BL0tWjJuxb8Ob49KJl7OjqUw9he1oCBhtZUeK1XvwI%2F1xRALZJxdEMPd99%2FPvGE8CfL%2FZxPM7OMV9nh%2B%2FZSyzUHZ%2BPIEdFlN5R84V5hUdgVSBrVV0m4IKR5UIEeYeTGnpe48%2FlGKhSsx7b8dU%2BrqHIb4RcLxHopNFhz9jGk%2B0KcH8gLQ%2Fedi6RQiSUyxpRTcQKUpcJAuL7xWWNB4cB5HaLWGFCOigpxE%2Bsp3Ob%2BvN%2Bpm64HuTwgvChfgfdlyio51dQarOvu%2FfLirDVJj66QXHBk%2Bu9447V6tvUB%2F1AznA7%2FGA4my3anahUg%2BjM43Moc0kTUajrI4t%2FDs%2BPsQGHqc4E2HquVcgn%2BHp%2FL6gCwmQwpKR%2BWg%2BunY1fytfRQAqXfNZIvcgX9GoVEwp7E3xD25a%2BmuV74%3D; CF=w/o3jmGLL5t8AZe37dt9nQ__
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Dec 2022 13:27:25 GMT
Content-Type: application/javascript
Content-Length: 30685
Connection: keep-alive
Last-Modified: Fri, 23 Dec 2022 12:52:41 GMT
Vary: Accept-Encoding
ETag: "63a5a499-77dd"
Accept-Ranges: bytes

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fc328f2e44d4ac962c03be665dbf6436
7ac1bb5dd0d42c9cb2e6a67b06b55934190691fe
7d7ced4a7da10564449ddec77f05d85557a2b2f7e8fe2a7d15541c7b52aee928

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7CED4A7DA10564449DDEC77F05D85557A2B2F7E8FE2A7D15541C7B52AEE928"
Last-Modified: Thu, 22 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19204
Expires: Sat, 24 Dec 2022 18:47:29 GMT
Date: Sat, 24 Dec 2022 13:27:25 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fc328f2e44d4ac962c03be665dbf6436
7ac1bb5dd0d42c9cb2e6a67b06b55934190691fe
7d7ced4a7da10564449ddec77f05d85557a2b2f7e8fe2a7d15541c7b52aee928

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7CED4A7DA10564449DDEC77F05D85557A2B2F7E8FE2A7D15541C7B52AEE928"
Last-Modified: Thu, 22 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19204
Expires: Sat, 24 Dec 2022 18:47:29 GMT
Date: Sat, 24 Dec 2022 13:27:25 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fc328f2e44d4ac962c03be665dbf6436
7ac1bb5dd0d42c9cb2e6a67b06b55934190691fe
7d7ced4a7da10564449ddec77f05d85557a2b2f7e8fe2a7d15541c7b52aee928

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7CED4A7DA10564449DDEC77F05D85557A2B2F7E8FE2A7D15541C7B52AEE928"
Last-Modified: Thu, 22 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19204
Expires: Sat, 24 Dec 2022 18:47:29 GMT
Date: Sat, 24 Dec 2022 13:27:25 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fc328f2e44d4ac962c03be665dbf6436
7ac1bb5dd0d42c9cb2e6a67b06b55934190691fe
7d7ced4a7da10564449ddec77f05d85557a2b2f7e8fe2a7d15541c7b52aee928

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7CED4A7DA10564449DDEC77F05D85557A2B2F7E8FE2A7D15541C7B52AEE928"
Last-Modified: Thu, 22 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19204
Expires: Sat, 24 Dec 2022 18:47:29 GMT
Date: Sat, 24 Dec 2022 13:27:25 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fc328f2e44d4ac962c03be665dbf6436
7ac1bb5dd0d42c9cb2e6a67b06b55934190691fe
7d7ced4a7da10564449ddec77f05d85557a2b2f7e8fe2a7d15541c7b52aee928

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7CED4A7DA10564449DDEC77F05D85557A2B2F7E8FE2A7D15541C7B52AEE928"
Last-Modified: Thu, 22 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19204
Expires: Sat, 24 Dec 2022 18:47:29 GMT
Date: Sat, 24 Dec 2022 13:27:25 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d8a813d-10ee-4216-bb6b-8bcd1d8141e4.jpeg

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d8a813d-10ee-4216-bb6b-8bcd1d8141e4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7669 bytes)
Hash
6d90b80ebad103c48c3043c8d5e4c3ca
ab36c9309ce13b2a3d075461c2445f76bfc582aa
2287a6db0a6a58c570930c1f94c3b36d7acf383b26cdfa42261eb254598fa7c2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d8a813d-10ee-4216-bb6b-8bcd1d8141e4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7669
x-amzn-requestid: 4b35e79d-21c8-48d7-b11b-44bd820e29d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dnnROG4UoAMFZdA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a61f3a-765739ad7e9063781ccb12b2;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 21:35:54 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lhQA2yVBNtJ04goTms0KXhX6Q4v86TEe4EUioQs3eJzzMsCxbVmykw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Dec 2022 21:39:58 GMT
age: 56847
etag: "ab36c9309ce13b2a3d075461c2445f76bfc582aa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ebee3d-1399-4100-87ce-23d8990b97d2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7478 bytes)
Hash
33d7fa2f0af62e65eb23c36297749038
d28362f2babfde4ca02f309b80be75bfc520de9a
070da72e06d4492a954b130ff6bef5ca5fd625f0fcfee81e801ef26a03d07e2f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ebee3d-1399-4100-87ce-23d8990b97d2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7478
x-amzn-requestid: b9f7f6d8-fada-45fd-80a7-3ac122dae6fc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dnoYlEbVIAMF_lA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a62103-15601045320b166c295d24d2;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 21:43:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 1lxJbDYXaWwexDy9roJuh8FUu85Vi7qHtkZYBze8SbE2dWCCxH7duw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Dec 2022 21:49:01 GMT
age: 56304
etag: "d28362f2babfde4ca02f309b80be75bfc520de9a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcdce5468-cf1b-4a55-968b-1aaa101e60d6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11939 bytes)
Hash
38cc82b5e5d8c2fee6f51021e156ec81
eafb4e029313caabcdbdc1002abcab95f66e91b1
b8cad011e1a98ee4e896f00263495aab7f9cab986736a7a5b4187b8e94c46493

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcdce5468-cf1b-4a55-968b-1aaa101e60d6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11939
x-amzn-requestid: a00e5ab5-ad16-4576-b046-381e36456998
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dkUhqE94oAMFu5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a4ce0a-28687ad51eea1f6f3ce8cc86;Sampled=0
x-amzn-remapped-date: Thu, 22 Dec 2022 21:37:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uIDvI3BVK0v68x1jkgw9GB0U1i3l2kyW81q2Kiy3ZDREqQmyUTXCnQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Dec 2022 21:38:32 GMT
age: 56933
etag: "eafb4e029313caabcdbdc1002abcab95f66e91b1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46c838f6-5365-43bb-981e-8ddefc5f3f14.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5659 bytes)
Hash
2d4cf077d410b94f1326e942304f9e9b
98fb13feecfada3cc8b467aa48d7cdf1ed8ab001
ec82cd83bfd4da849888b0535c9764cd4d462ef9e12c5934512858375908dfe4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46c838f6-5365-43bb-981e-8ddefc5f3f14.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5659
x-amzn-requestid: bc225a93-868b-42d4-aa94-c8fa16ef2c64
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dk33gHUqIAMFg1A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a50696-7710727f0f086a791a0e7939;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 01:38:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Es7YaIRVfiybyKGY41ZE5UYSN0bfn6LmOUqcYZASi9QsXQqR9NSwTA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Dec 2022 07:07:36 GMT
age: 22789
etag: "98fb13feecfada3cc8b467aa48d7cdf1ed8ab001"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e532075-b8a0-41ff-8f08-8512cbb1b3d4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10356 bytes)
Hash
3071a834e874a992c3b14f7a3f91b30f
559014c7e6e5019097b7da8b3a820a80a1f55b6c
4f8e29303936b4168f0ad765d8a2773a7247f249396147f68f6f9639b1ad1208

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e532075-b8a0-41ff-8f08-8512cbb1b3d4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10356
x-amzn-requestid: 32dbf731-a18f-4150-b3cd-f30d2ab3c6a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dnoi1GY2oAMFesg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a62145-55a5f14a6ea6e7dc3754a8be;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 21:44:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: DC1Eu98-ihibH4I6ZY03Af2PxBrywSyjnoJRR2N453KiYvsa6hGefw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Dec 2022 21:49:04 GMT
age: 56301
etag: "559014c7e6e5019097b7da8b3a820a80a1f55b6c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b8b6b6f-05a3-4eb5-804c-574c03992933.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.1 kB (8078 bytes)
Hash
8a63236113546a7bfb369d741c2b76e2
737f6730f63deff51a39ef094fa1a263b91db89b
b811838126a7d3e814415c3b869f9f224361ef468c08c4c7d5e385371149263a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b8b6b6f-05a3-4eb5-804c-574c03992933.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8078
x-amzn-requestid: 0fa11c0d-584a-4790-83fe-d10780dd6df9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dnncXGjDIAMFvfg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a61f82-452f8acd148122756a8f0230;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 21:37:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ZsYREhlLzv_oHiB1qgGuelsC8t99SUMILEGgU42tKWeugQUU5iFgBA==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Dec 2022 21:47:42 GMT
age: 56383
etag: "737f6730f63deff51a39ef094fa1a263b91db89b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

bdabjdi.naughtymets.com/bundle/544/assets/images/favicon.png

178.162.199.80

200 OK

5.5 kB

URL HTTP/1.1
bdabjdi.naughtymets.com/bundle/544/assets/images/favicon.png
IP
178.162.199.80:0
ASN
#28753 Leaseweb Deutschland GmbH

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Size
5.5 kB (5533 bytes)
Hash
30c9e792a1ad6251ab3437d7da76e293
d440c16e6948c307382f67677d3561652b26275b
312e2177186abb7f162c20d5530fd4a4462e48ec6f611f374a497e73752ad523

HTTP Headers

GET /bundle/544/assets/images/favicon.png HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/6211a7f91b00d
Cookie: s=rxOKXBQNWzjWqdy1ia2afBnMuQ9HA2FNgdZQpKcyV6DkR5%2BD2kmF302q8GuFVX9HSPfOH4dFFsagMw9CWOINoSB%2BNvgXH%2BNb%2BRRUAgRfFMIBoDIhPisBpCXX2E1zyhQMXgvz8duoNzKIO5cUj65SDFzVjH8aCumWy6KDPY8N3GFQ19Oy09JwcXbnKcTcZbBzJ6qUpu%2FEUNsVS8fM2eTBt8z7jMbS1EFnP2O2DDOKTKONPR85bwi6pPkKQO5GsZ842sU0SwS9Dz5IXvhqSn4wgQQJ%2BCxtEoHpWJgekIl4gFM7eGUgzKDqrdP5bqodySKIdGBYHq3iAs5akxl1OB8Cfw%2BMPIgJclqTRmre1nVCgVmSr8a7bcOIp6zw3oOG3YOkKImECieCuKzdK7u1fgv1gx%2F1lURqDTlia4S5ifLV2Twm%2B2tQT1XAcH%2FKUOKotejK6ZY42E3W4zL1nvl%2FPBCSKliL9YK1eXJGjblOEQTxT7y4tsfQ7JEijMEenL69Nji1qGOT5GqmWIilH6rMyCnEPBxjIhVX5cVlHNA0QZ5n0TYiTQAxftSNo9woRXAmN%2F8mA%2FqcAJw5SD8ePLLuh1jZx%2BAdZLhju7bZlN2XnTlFfuNdSDaqZQLf00jvEqJiJLtJzUT%2BNU0OREsL0I5p37%2BNIWQAwWAxGRc9u0u7i694lkdr%2BtRr%2Fnm0HdoiDwROOjl4Y%2BFMxnh3X8xS26CeGe%2FPE4D8y00L%2FITQT6crV9z1jGDRR3bNFFtQoMkq2SXpa%2B9A9CtV%2FO%2BPIRIzzjeCeDYQZbadwBvFHDyF%2B0sIB7AuDs0h6BlDsQYKPzlzterVTU6%2Bj91SnLg8%2FmAIavljVWnIR8tkdbFFIuE7Am4zroKVoVz4J5HTh%2FBC4BaT%2B9BxbU%2B7g1jmLFOOLltSeJEfhAz3S2%2B6G5j3%2B9AIoGq6bePt5367kHOjcxafHgcQZmlvEEg39sxqzz06WioDtK1ut7dlUiMpZI1faU4JsrlU4lCBOuVTovqRGyakcNZmCtOVBouTKVSS0UusSmw3YTfT57jlBMdXGX0VpeESmy25RHk0gZbk1rqu5Qcj%2FDSPTTaCSKGO4ThSSnY6YFZCgwVwzk%2BsqqC5c6A6H9vfRLOTLExM%2B1wmVGn2oU9tehXx1yG8w1QvuVu027ry9G8B1HcXXb3qXkRkIbopvftLQDfln4%2BkkjgDp3%2F8Xw%2B5GySjdGc8I9GgPCnQ0dU7BL0tWjJuxb8Ob49KJl7OjqUw9he1oCBhtZUeK1XvwI%2F1xRALZJxdEMPd99%2FPvGE8CfL%2FZxPM7OMV9nh%2B%2FZSyzUHZ%2BPIEdFlN5R84V5hUdgVSBrVV0m4IKR5UIEeYeTGnpe48%2FlGKhSsx7b8dU%2BrqHIb4RcLxHopNFhz9jGk%2B0KcH8gLQ%2Fedi6RQiSUyxpRTcQKUpcJAuL7xWWNB4cB5HaLWGFCOigpxE%2Bsp3Ob%2BvN%2Bpm64HuTwgvChfgfdlyio51dQarOvu%2FfLirDVJj66QXHBk%2Bu9447V6tvUB%2F1AznA7%2FGA4my3anahUg%2BjM43Moc0kTUajrI4t%2FDs%2BPsQGHqc4E2HquVcgn%2BHp%2FL6gCwmQwpKR%2BWg%2BunY1fytfRQAqXfNZIvcgX9GoVEwp7E3xD25a%2BmuV74%3D; CF=w/o3jmGLL5t8AZe37dt9nQ__
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Sat, 24 Dec 2022 13:27:25 GMT
Content-Type: image/png
Content-Length: 5533
Connection: keep-alive
Last-Modified: Tue, 14 Dec 2021 15:58:24 GMT
ETag: "61b8bf20-159d"
Accept-Ranges: bytes

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98adc653-f9a6-4ecb-ac9e-bc2f050bce18.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8691 bytes)
Hash
f8c72ec1e9749463326e11f003982211
a76cc3e7d6ca04b4e1d1c947c25ad10a11e9750c
afeea88b39c0fa6957e58d13562222415705d408f89583adcf428a02140abbdd

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98adc653-f9a6-4ecb-ac9e-bc2f050bce18.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 8691
x-amzn-requestid: e8b31f4c-cf9e-4027-ba28-86dcc5ac5190
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dnnRDHvSIAMF9Vw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a61f39-06c81a124ae007023d03c375;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 21:35:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: K4yo4xbEQJQh6HZOfia0oQeSLF0UCRjP6_2utECzhCITAQIEGvGWjw==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Dec 2022 21:50:48 GMT
age: 56204
etag: "a76cc3e7d6ca04b4e1d1c947c25ad10a11e9750c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations