r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 8997fa58a7262e8fd559d64b40511a1b
0aa1c4365c28f45e4d7a8a234fbcf51cd009e083
1580d1145f125c765e40e5983cb4bb4e2424010d2920a25ea7da992485da0dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1580D1145F125C765E40E5983CB4BB4E2424010D2920A25EA7DA992485DA0DEA"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10843
Expires: Sat, 21 Jan 2023 11:38:46 GMT
Date: Sat, 21 Jan 2023 08:38:03 GMT
Connection: keep-alive
143.198.46.106/bins/sora.mips
143.198.46.106303 See Other 0 B URL HTTP/1.1 143.198.46.106/bins/sora.mips
IP 143.198.46.106:0
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /bins/sora.mips HTTP/1.1
Host: 143.198.46.106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 303 See Other
Date: Sat, 21 Jan 2023 08:38:02 GMT
Server: Apache/2.4.54 (Debian)
Set-Cookie: phpsessid=pocb9uorndj1e7duip3ra0qb4a; expires=Sat, 21-Jan-2023 16:38:02 GMT; Max-Age=28800; path=/; HttpOnly; SameSite=Lax
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: /
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/plain;charset=UTF-8
Content-Language: fr-CA
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b36ef73c20dffb6bc10194bbd2d0dcfa
a67a4023dc8b4944debaeb92f3ba0f1402c079a6
05a7a4d832cf9e593ca44efea309edcbd80734583bada15fda3e740612eff991
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "05A7A4D832CF9E593CA44EFEA309EDCBD80734583BADA15FDA3E740612EFF991"
Last-Modified: Wed, 18 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2217
Expires: Sat, 21 Jan 2023 09:15:00 GMT
Date: Sat, 21 Jan 2023 08:38:03 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 21 Jan 2023 08:34:43 GMT
content-type: application/json
age: 200
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 17094b856fde02b2c8c2d3845ad325cf
26dc3f2ebf81faf5ab96eb75ffcbead6085528b8
6547376c41dcaa352cc4e747291916902bcddc0032b750bd84c5e3b2fe6f7d16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6547376C41DCAA352CC4E747291916902BCDDC0032B750BD84C5E3B2FE6F7D16"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5673
Expires: Sat, 21 Jan 2023 10:12:36 GMT
Date: Sat, 21 Jan 2023 08:38:03 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: GazSMVU0hc4MJPchs2zLAsor0NMcK89+RD+MfP9Sz/ZJcVGATqBawMdfE4iUe4GoVL5bOsh9UHk=
x-amz-request-id: Z06FV1Y6WMFSW8RN
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 21 Jan 2023 08:17:56 GMT
age: 1207
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 21 Jan 2023 08:38:03 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
143.198.46.106/
143.198.46.106200 OK 1.0 kB IP 143.198.46.106:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2181), with no line terminators
Hash fdbbc966bf1e56d11ceac8c2c1fb495c
4edc1c44700d13ccc1d8962f3335bd2928e32e30
8db5244b61407abbf7f23e6a113d33b4ab00f69e9a353d288782e099de398b13
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET / HTTP/1.1
Host: 143.198.46.106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: phpsessid=pocb9uorndj1e7duip3ra0qb4a
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 08:38:03 GMT
Server: Apache/2.4.54 (Debian)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
Content-Security-Policy: default-src 'self';script-src 'self' https://ajax.googleapis.com https://maps.googleapis.com https://www.google-analytics.com http://connect.facebook.net https://cdn.jsdelivr.net 'nonce-W2qeL4uAF488BlWLXEnfDWo7xTL';worker-src blob:;style-src 'self' https://fonts.googleapis.com 'unsafe-inline';font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com;img-src 'self' blob: data: https://chart.googleapis.com https://www.gravatar.com https://api.qrserver.com;child-src 'self' http://staticxx.facebook.com;base-uri http://143.198.46.106;connect-src 'self' https://api.mapbox.com https://events.mapbox.com;
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1042
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Language: fr-CA
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Pragma, Content-Length, Alert, Expires, ETag, Last-Modified, Backoff, Content-Type, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 21 Jan 2023 07:48:58 GMT
age: 2945
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
143.198.46.106/stylesheets/style-login.css
143.198.46.106200 OK 544 B URL HTTP/1.1 143.198.46.106/stylesheets/style-login.css
IP 143.198.46.106:0
ASN #14061 DIGITALOCEAN-ASN
Hash a310a64d3cdd99c6ef456e29f504142c
435d13db6630423fd89396d8ea261066bf9d30b0
69f67141e815383c4b18b4b1c1c519979122d36e62fbecb809518b2ac7ba88ae
Analyzer Verdict Alert quad9 Sinkholed
GET /stylesheets/style-login.css HTTP/1.1
Host: 143.198.46.106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.46.106/
Cookie: phpsessid=pocb9uorndj1e7duip3ra0qb4a
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 08:38:03 GMT
Server: Apache/2.4.54 (Debian)
Last-Modified: Fri, 18 Nov 2022 15:43:12 GMT
Accept-Ranges: bytes
Cache-Control: max-age=63072000
Expires: Mon, 20 Jan 2025 08:38:03 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 544
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
Content-Language: fr-CA
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash bdb8a13dfce39d6e151a9ef185a772a1
037a680510f9dbce3c7cc3c0f9115fd587dbcd1d
98c8b7f269b9aad73b73fd946788ebfd7a4d7afbdd5347b56c67f73b947f5ff6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 200
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 08:38:03 GMT
Last-Modified: Sat, 21 Jan 2023 08:34:43 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 5422c49666fc195ae94aa0f5cf837bfc
e0f1dd926cd9328ccf9cc99389337056c62f1043
f639aad2dc85708fa922b793660f13ae597f275a8ebf61e7e72fb2bce257cc76
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 08:38:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
143.198.46.106/javascripts/backpack/vendor/pace.min.js
143.198.46.106200 OK 4.3 kB URL HTTP/1.1 143.198.46.106/javascripts/backpack/vendor/pace.min.js
IP 143.198.46.106:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (12345)
Hash 40f7622d3e1a65ffbd4a6517a49bc250
47dd21fd134ecd8ad8b040bf6c68fc25e232c55a
26dc7e9243f55ca78ba793a81f01f31238dab2a6fc9c2daa46802a9c61d77008
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /javascripts/backpack/vendor/pace.min.js HTTP/1.1
Host: 143.198.46.106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.46.106/
Cookie: phpsessid=pocb9uorndj1e7duip3ra0qb4a
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 08:38:03 GMT
Server: Apache/2.4.54 (Debian)
Last-Modified: Fri, 18 Nov 2022 20:27:35 GMT
Accept-Ranges: bytes
Cache-Control: public, must-revalidate, max-age=3600
Expires: Mon, 20 Jan 2025 08:38:03 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4289
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
Content-Language: fr-CA
143.198.46.106/stylesheets/backpack/style-login.css
143.198.46.106200 OK 1.7 kB URL HTTP/1.1 143.198.46.106/stylesheets/backpack/style-login.css
IP 143.198.46.106:0
ASN #14061 DIGITALOCEAN-ASN
Hash 92e52ce90208448a756992cc2c9d3bcc
341c5522e2c967d755db16dee15fab764561af5e
90cb8d01770c7ca7d2cb5d748a2153b0d0917552938172cafd66b3473a0ad0ae
Analyzer Verdict Alert quad9 Sinkholed
GET /stylesheets/backpack/style-login.css HTTP/1.1
Host: 143.198.46.106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.46.106/stylesheets/style-login.css
Cookie: phpsessid=pocb9uorndj1e7duip3ra0qb4a
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 08:38:03 GMT
Server: Apache/2.4.54 (Debian)
Last-Modified: Fri, 18 Nov 2022 20:27:35 GMT
Accept-Ranges: bytes
Cache-Control: max-age=63072000
Expires: Mon, 20 Jan 2025 08:38:03 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1712
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
Content-Language: fr-CA
143.198.46.106/stylesheets/theme.css
143.198.46.106200 OK 687 B URL HTTP/1.1 143.198.46.106/stylesheets/theme.css
IP 143.198.46.106:0
ASN #14061 DIGITALOCEAN-ASN
Hash b8837790a23f87c6aa53f0d66c06c611
5f52ff18add4bcad1bf8ae00380d14257b41dfcf
a7e46e185343550046a2100b43127b0d790a320489d9a0f595bd0a556fc235e7
Analyzer Verdict Alert quad9 Sinkholed
GET /stylesheets/theme.css HTTP/1.1
Host: 143.198.46.106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.46.106/stylesheets/style-login.css
Cookie: phpsessid=pocb9uorndj1e7duip3ra0qb4a
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 08:38:03 GMT
Server: Apache/2.4.54 (Debian)
Last-Modified: Fri, 18 Nov 2022 15:14:47 GMT
Accept-Ranges: bytes
Cache-Control: max-age=63072000
Expires: Mon, 20 Jan 2025 08:38:03 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 687
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
Content-Language: fr-CA
143.198.46.106/javascripts/backpack/vendor/popper.min.js
143.198.46.106200 OK 6.9 kB URL HTTP/1.1 143.198.46.106/javascripts/backpack/vendor/popper.min.js
IP 143.198.46.106:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (19015)
Hash 50b761bb6891e4daf5a481ebbb628359
daecda87133c45c189d3304103dfdc665332b571
d3ab098b650f86ccd5a12a6e6cd8739e24589c53a976abb316d24a6cf707ef70
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /javascripts/backpack/vendor/popper.min.js HTTP/1.1
Host: 143.198.46.106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.46.106/
Cookie: phpsessid=pocb9uorndj1e7duip3ra0qb4a
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 08:38:03 GMT
Server: Apache/2.4.54 (Debian)
Last-Modified: Fri, 18 Nov 2022 20:27:35 GMT
Accept-Ranges: bytes
Cache-Control: public, must-revalidate, max-age=3600
Expires: Mon, 20 Jan 2025 08:38:03 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6910
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
Content-Language: fr-CA
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 5422c49666fc195ae94aa0f5cf837bfc
e0f1dd926cd9328ccf9cc99389337056c62f1043
f639aad2dc85708fa922b793660f13ae597f275a8ebf61e7e72fb2bce257cc76
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 08:38:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
143.198.46.106/javascripts/backpack/vendor/bootstrap.min.js
143.198.46.106200 OK 15 kB URL HTTP/1.1 143.198.46.106/javascripts/backpack/vendor/bootstrap.min.js
IP 143.198.46.106:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (57791)
Hash 99149db20887fb4b2f22eda0e7704308
7acba3ce092e36a7d7ff228de2cb371cbe244af4
eb78802cf7d380290c18bc5ea6ea5aaa1b6139893a4c2fa1401d6fc6683078a2
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /javascripts/backpack/vendor/bootstrap.min.js HTTP/1.1
Host: 143.198.46.106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.46.106/
Cookie: phpsessid=pocb9uorndj1e7duip3ra0qb4a
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 08:38:03 GMT
Server: Apache/2.4.54 (Debian)
Last-Modified: Fri, 18 Nov 2022 20:27:35 GMT
Accept-Ranges: bytes
Cache-Control: public, must-revalidate, max-age=3600
Expires: Mon, 20 Jan 2025 08:38:03 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 15405
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
Content-Language: fr-CA
143.198.46.106/javascripts/backpack/vendor/jquery-3.6.0.min.js
143.198.46.106200 OK 31 kB URL HTTP/1.1 143.198.46.106/javascripts/backpack/vendor/jquery-3.6.0.min.js
IP 143.198.46.106:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (65447)
Hash 31d53c8cdce8012a24abc8e84aa972e5
7287b1ec5d88304ba44fc1958b8de9596274c4e3
1b72bc7f54bc9170e605f6c4bb5529668c4ee3efeee602fdb63036b45b49f41c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /javascripts/backpack/vendor/jquery-3.6.0.min.js HTTP/1.1
Host: 143.198.46.106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.46.106/
Cookie: phpsessid=pocb9uorndj1e7duip3ra0qb4a
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 08:38:03 GMT
Server: Apache/2.4.54 (Debian)
Last-Modified: Fri, 18 Nov 2022 20:27:35 GMT
Accept-Ranges: bytes
Cache-Control: public, must-revalidate, max-age=3600
Expires: Mon, 20 Jan 2025 08:38:03 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 30902
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
Content-Language: fr-CA
143.198.46.106/stylesheets/backpack/vendor/pretty-checkbox.min.css
143.198.46.106200 OK 2.7 kB URL HTTP/1.1 143.198.46.106/stylesheets/backpack/vendor/pretty-checkbox.min.css
IP 143.198.46.106:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (19017)
Hash 207d0b9f8423436888c99dbe817a8902
fa09fa7c1093926345c4111d416c4d262e24dead
b742fa9c2274e8c5a9d8b17ca00403400bce10e0c349a92f83d8c7ddd6379579
Analyzer Verdict Alert quad9 Sinkholed
GET /stylesheets/backpack/vendor/pretty-checkbox.min.css HTTP/1.1
Host: 143.198.46.106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.46.106/stylesheets/backpack/style-login.css
Cookie: phpsessid=pocb9uorndj1e7duip3ra0qb4a
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 08:38:03 GMT
Server: Apache/2.4.54 (Debian)
Last-Modified: Fri, 18 Nov 2022 20:27:35 GMT
Accept-Ranges: bytes
Cache-Control: max-age=63072000
Expires: Mon, 20 Jan 2025 08:38:03 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2723
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
Content-Language: fr-CA
143.198.46.106/stylesheets/backpack/vendor/fontawesome.min.css
143.198.46.106200 OK 13 kB URL HTTP/1.1 143.198.46.106/stylesheets/backpack/vendor/fontawesome.min.css
IP 143.198.46.106:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (59446)
Hash fd0efe022448954a78b068d135504877
4187807542fc5d90a721b2400646bf305cca89ba
812e0243676ebd48ff9a626f78fcd65a422b29cf64dc8588b37c9b51a45c8d42
Analyzer Verdict Alert quad9 Sinkholed
GET /stylesheets/backpack/vendor/fontawesome.min.css HTTP/1.1
Host: 143.198.46.106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.46.106/stylesheets/backpack/style-login.css
Cookie: phpsessid=pocb9uorndj1e7duip3ra0qb4a
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 08:38:03 GMT
Server: Apache/2.4.54 (Debian)
Last-Modified: Fri, 18 Nov 2022 20:27:35 GMT
Accept-Ranges: bytes
Cache-Control: max-age=63072000
Expires: Mon, 20 Jan 2025 08:38:03 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 12886
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
Content-Language: fr-CA
push.services.mozilla.com/
52.89.106.162101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.106.162:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: piomxB9OZfQ2GaxjLrqCnw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 9fvKc6Lc0N+MXgoeBUwZmVHLx5U=
143.198.46.106/stylesheets/backpack/vendor/bootstrap.min.css
143.198.46.106200 OK 21 kB URL HTTP/1.1 143.198.46.106/stylesheets/backpack/vendor/bootstrap.min.css
IP 143.198.46.106:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (65324)
Hash 1915402e29e5f47e6f676d4469a1e7b4
14fa16bc29be435ff81e16e649c62f0bcb075f6b
a109cc865884a27ab1b8f695e82139ff6cf45c7e23864df97cea1d6f0e716db0
Analyzer Verdict Alert quad9 Sinkholed
GET /stylesheets/backpack/vendor/bootstrap.min.css HTTP/1.1
Host: 143.198.46.106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.46.106/stylesheets/backpack/style-login.css
Cookie: phpsessid=pocb9uorndj1e7duip3ra0qb4a
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 08:38:03 GMT
Server: Apache/2.4.54 (Debian)
Last-Modified: Fri, 18 Nov 2022 20:27:35 GMT
Accept-Ranges: bytes
Cache-Control: max-age=63072000
Expires: Mon, 20 Jan 2025 08:38:03 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 21046
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
Content-Language: fr-CA
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash e6d21eff1927f7a74984663b16cfe21a
b747f7d42cdf7cfea6900348cd257066b2634222
a4343acb5bda29aa0d6d64bbefd6bc07a1c5e0166646171be74f4a1d266e3c92
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 08:38:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash e6d21eff1927f7a74984663b16cfe21a
b747f7d42cdf7cfea6900348cd257066b2634222
a4343acb5bda29aa0d6d64bbefd6bc07a1c5e0166646171be74f4a1d266e3c92
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 08:38:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
143.198.46.106/stylesheets/backpack/images/dotgrid.png
143.198.46.106200 OK 1.0 kB URL HTTP/1.1 143.198.46.106/stylesheets/backpack/images/dotgrid.png
IP 143.198.46.106:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 3 x 3, 8-bit/color RGBA, non-interlaced\012- data
Hash 2a581593473bbb2cd63871222fe765f3
fae51d33794c7f4998d6c654d976fbab614dc491
1f84edf36d10fc958352009c0ccc178f9a74fe1cdd349cbdc1949bb8590e86d8
Analyzer Verdict Alert quad9 Sinkholed
GET /stylesheets/backpack/images/dotgrid.png HTTP/1.1
Host: 143.198.46.106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.46.106/stylesheets/backpack/style-login.css
Cookie: phpsessid=pocb9uorndj1e7duip3ra0qb4a
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 08:38:04 GMT
Server: Apache/2.4.54 (Debian)
Last-Modified: Fri, 18 Nov 2022 20:27:35 GMT
Accept-Ranges: bytes
Content-Length: 1021
Cache-Control: max-age=63072000
Expires: Mon, 20 Jan 2025 08:38:04 GMT
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
Content-Language: fr-CA
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.35200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://143.198.46.106
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 16 Jan 2023 18:52:41 GMT
expires: Tue, 16 Jan 2024 18:52:41 GMT
cache-control: public, max-age=31536000
age: 395123
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash e6d21eff1927f7a74984663b16cfe21a
b747f7d42cdf7cfea6900348cd257066b2634222
a4343acb5bda29aa0d6d64bbefd6bc07a1c5e0166646171be74f4a1d266e3c92
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2023 08:38:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
143.198.46.106/stylesheets/backpack/fonts/fa-solid-900.woff2
143.198.46.106200 OK 80 kB URL HTTP/1.1 143.198.46.106/stylesheets/backpack/fonts/fa-solid-900.woff2
IP 143.198.46.106:0
ASN #14061 DIGITALOCEAN-ASN
File type Web Open Font Format (Version 2), TrueType, length 80252, version 331.-31327\012- data
Hash 9ae050d1876ac1763eb6afe4264e6d5a
72344eab2e7431eec313caa21f266cbfda7caf60
6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /stylesheets/backpack/fonts/fa-solid-900.woff2 HTTP/1.1
Host: 143.198.46.106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://143.198.46.106/stylesheets/backpack/vendor/fontawesome.min.css
Cookie: phpsessid=pocb9uorndj1e7duip3ra0qb4a
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 08:38:04 GMT
Server: Apache/2.4.54 (Debian)
Last-Modified: Fri, 18 Nov 2022 20:27:35 GMT
ETag: "1397c-5edc489385121"
Accept-Ranges: bytes
Content-Length: 80252
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: font/woff2
Content-Language: fr-CA
143.198.46.106/stylesheets/images/logo-white.png
143.198.46.106200 OK 395 kB URL HTTP/1.1 143.198.46.106/stylesheets/images/logo-white.png
IP 143.198.46.106:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 6000 x 6000, 8-bit/color RGBA, non-interlaced DIY-Thermocam raw data\012- (Lepton 3.x), scale 0-254, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 36893488147419103232.000000, slope 24930952165530168463458304.000000\012- data
Size 395 kB (395090 bytes)
Hash 494f8a2e669ac643c29808f4152f31e7
fd01bfc5bca66330197644cbefa908a09103ecbd
d4b48e81cc61f222cceeca1b8583c3b89b7ab6417547c6cdda3b58cace36425a
Analyzer Verdict Alert quad9 Sinkholed
GET /stylesheets/images/logo-white.png HTTP/1.1
Host: 143.198.46.106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.46.106/
Cookie: phpsessid=pocb9uorndj1e7duip3ra0qb4a
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 08:38:04 GMT
Server: Apache/2.4.54 (Debian)
Last-Modified: Fri, 18 Nov 2022 15:33:33 GMT
Accept-Ranges: bytes
Content-Length: 395090
Cache-Control: max-age=63072000
Expires: Mon, 20 Jan 2025 08:38:04 GMT
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
Content-Language: fr-CA
143.198.46.106/assets/images/favicon/apple-touch-icon.png
143.198.46.106200 OK 11 kB URL HTTP/1.1 143.198.46.106/assets/images/favicon/apple-touch-icon.png
IP 143.198.46.106:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash 234ddefc8bb4abdc0e790ef1ed1bd17f
5dd25a63d4e22dbd370096a03e5c0601e8666288
5fe1761cd47aba294f275933e2d3a0135ee011a428ec1a9df9e0fef1b72c96f6
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/images/favicon/apple-touch-icon.png HTTP/1.1
Host: 143.198.46.106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.46.106/
Cookie: phpsessid=pocb9uorndj1e7duip3ra0qb4a
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 08:38:04 GMT
Server: Apache/2.4.54 (Debian)
Last-Modified: Fri, 18 Nov 2022 15:14:47 GMT
Accept-Ranges: bytes
Content-Length: 10774
Cache-Control: max-age=63072000
Expires: Mon, 20 Jan 2025 08:38:04 GMT
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
Content-Language: fr-CA
143.198.46.106/assets/images/favicon/favicon-16x16.png
143.198.46.106200 OK 591 B URL HTTP/1.1 143.198.46.106/assets/images/favicon/favicon-16x16.png
IP 143.198.46.106:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 2b1240ae5651a3a7bfcebe70c3ca0481
5a8f31224ecc8caf63c4c862d7601f48f5269e33
da42327b37281017ea38e32e754db9a3e6fe7af73b99e638ff374da5d2e89d22
Analyzer Verdict Alert quad9 Sinkholed
GET /assets/images/favicon/favicon-16x16.png HTTP/1.1
Host: 143.198.46.106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://143.198.46.106/
Cookie: phpsessid=pocb9uorndj1e7duip3ra0qb4a
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2023 08:38:04 GMT
Server: Apache/2.4.54 (Debian)
Last-Modified: Fri, 18 Nov 2022 15:14:47 GMT
Accept-Ranges: bytes
Content-Length: 591
Cache-Control: max-age=63072000
Expires: Mon, 20 Jan 2025 08:38:04 GMT
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/png
Content-Language: fr-CA
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6033dad399355478c264e1c7c27e7f62
7d5546258015b8a834ee87b5a679be0545723e9d
5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3077
Expires: Sat, 21 Jan 2023 09:29:22 GMT
Date: Sat, 21 Jan 2023 08:38:05 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6033dad399355478c264e1c7c27e7f62
7d5546258015b8a834ee87b5a679be0545723e9d
5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3077
Expires: Sat, 21 Jan 2023 09:29:22 GMT
Date: Sat, 21 Jan 2023 08:38:05 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6033dad399355478c264e1c7c27e7f62
7d5546258015b8a834ee87b5a679be0545723e9d
5126b70d194535387e80aab563a02db1ade53c682b9db45eb533ff4001e6ed1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5126B70D194535387E80AAB563A02DB1ADE53C682B9DB45EB533FF4001E6ED1C"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3077
Expires: Sat, 21 Jan 2023 09:29:22 GMT
Date: Sat, 21 Jan 2023 08:38:05 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b7e829d-d4bc-4fa0-b5e5-e4527e48fd42.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b7e829d-d4bc-4fa0-b5e5-e4527e48fd42.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4483cb695fef2fe82f38a65e18ea1fd7
ea95504fc5be0259c8c3a39f47f8fcb322bca88d
807a120b964ee7ec7c83c5d943d29cea5df2171291ad1b99de9ef4df7e7e9046
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4b7e829d-d4bc-4fa0-b5e5-e4527e48fd42.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9657
x-amzn-requestid: 63c51fc8-3cd1-486b-960b-91d0d4b14dbd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: exbnMFUvoAMFvYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c3a62d-3f30f1cb5bc13bf812d3cf71;Sampled=0
x-amzn-remapped-date: Sun, 15 Jan 2023 07:07:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 34RyiiWTD7qtrgZHxL7KpjUkCETug9eJ0TvPh6b2qGiLWLcZnmT3wg==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 04:42:20 GMT
age: 14145
etag: "ea95504fc5be0259c8c3a39f47f8fcb322bca88d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcee2448b-66c5-48e7-89de-838393cf3f07.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcee2448b-66c5-48e7-89de-838393cf3f07.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b08ef55971faa2683ab9f2af8a11dcec
a46c748cccb714f05a068c2438181328b4fbd57a
1d073abf25fbea2d85f34076eae47f9e89502846815094f5288b8e80762a8fe4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcee2448b-66c5-48e7-89de-838393cf3f07.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11562
x-amzn-requestid: 67ff0d3d-ed43-4269-92f4-c3eb5445e9c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e-EyBEhzIAMFnCw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c8b4d9-27c6ebf6450d0e3275dad906;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 03:11:21 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8-aCSDcxTLree8fsGCxZEqY0272fNcqQEtHJ7aVAO6XjQRmjZXgqdw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 05:18:04 GMT
age: 12001
etag: "a46c748cccb714f05a068c2438181328b4fbd57a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02d903ef-00fc-4f25-8b4f-138ec32359bf.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02d903ef-00fc-4f25-8b4f-138ec32359bf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 893ea518ea7c11ec06ffea60b2ee7921
34675a13bbac6abd1b087e546425e141215cf072
675ec12ed5803fad5036cedc1a3b66229316836bb321b4ad3a34aab56a100ca7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02d903ef-00fc-4f25-8b4f-138ec32359bf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8698
x-amzn-requestid: 97c3bd04-2d8a-447e-85cb-376ea44b283c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e0K85GOQIAMFbPw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c4beb8-5b6517906d2f8bad6488e6f8;Sampled=0
x-amzn-remapped-date: Mon, 16 Jan 2023 03:04:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: reROJ7ha0LKGWpSMN0ioNVaIrIEhJUn_cfprHVZlfyY7jBoFyKh0rw==
via: 1.1 c9b161639a9353c2354b895548ea9fca.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 20 Jan 2023 13:48:55 GMT
age: 67750
etag: "34675a13bbac6abd1b087e546425e141215cf072"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07b5b95d-798c-4d73-bd79-8e3c092be9b0.jpeg
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07b5b95d-798c-4d73-bd79-8e3c092be9b0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4b8e05930ca3ed03e20300b36819b1a
90645bb11f3788a9a03ad1756de541fea594fb15
0530c3fd68291836e997842e3e4b5bbef6086e89686f786dbda059143a5a8b5d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07b5b95d-798c-4d73-bd79-8e3c092be9b0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5081
x-amzn-requestid: 56788104-29ed-4ff9-b9c5-58b83e53d169
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: etktlF50oAMFwNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c21b23-1dafe7e12dbeee0e3318ccdc;Sampled=0
x-amzn-remapped-date: Sat, 14 Jan 2023 03:01:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 886cYViC-eBqAPpavmVYF0Jxqhsk8VQc8O1KPpTGM1yFpjrs-IxFVw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Fri, 20 Jan 2023 11:59:42 GMT
age: 74303
etag: "90645bb11f3788a9a03ad1756de541fea594fb15"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F565a8eca-40af-442b-9fe9-95e12dc0170a.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F565a8eca-40af-442b-9fe9-95e12dc0170a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aa786854fde0d99189b458067b9d9418
ddf0fb650816b969d53d6e32ae31074bcb7e944e
a3d08b87658f756aa2f9e3072e87d52db30884aa6b6ab0cd8b278d0c870db2b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F565a8eca-40af-442b-9fe9-95e12dc0170a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7000
x-amzn-requestid: 05354e13-330d-40fc-9a96-ac345cfc80f5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e4BN9HBgoAMF9Iw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c648bf-146e89a423565a04139b19cb;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 07:05:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JPr1Q54hGh5TxVRUTIHXPEviHADCGwqbU5WDd7B4JubG6ZiRG1Yr4Q==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 07:28:23 GMT
age: 4182
etag: "ddf0fb650816b969d53d6e32ae31074bcb7e944e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F831c16ae-85e5-4da2-b22e-f840afcd3678.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F831c16ae-85e5-4da2-b22e-f840afcd3678.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5a7ab95a69ddfa5014258076e66a6e19
1a54cca86788536002d6d18c5180ccf265ba1169
09348afd6055b26b5dba6f8f6ef763d52e6e040c039c6f763d64f71b8ca08d51
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F831c16ae-85e5-4da2-b22e-f840afcd3678.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10988
x-amzn-requestid: 67c03c6c-3896-4890-a75b-ecd7c1c1a4e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3foHG8tIAMF3XQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61300-2de17e5b0225f9427c197bc5;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: cxuHpm9vR0_DvHdEtR5p5eRRNAFgCrOTnak0RsH3OeCccehhurKhJA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 01:38:03 GMT
age: 25202
etag: "1a54cca86788536002d6d18c5180ccf265ba1169"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:300,400
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400
IP 142.250.74.106:0
GET /css?family=Open+Sans:300,400 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://143.198.46.106/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 21 Jan 2023 08:38:03 GMT
date: Sat, 21 Jan 2023 08:38:03 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
143.198.46.106/assets/videos/background.mp4
143.198.46.106206 Partial Content 0 B URL HTTP/1.1 143.198.46.106/assets/videos/background.mp4
IP 143.198.46.106:0
ASN #14061 DIGITALOCEAN-ASN
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /assets/videos/background.mp4 HTTP/1.1
Host: 143.198.46.106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: http://143.198.46.106/
Cookie: phpsessid=pocb9uorndj1e7duip3ra0qb4a
HTTP/1.1 206 Partial Content
Date: Sat, 21 Jan 2023 08:38:04 GMT
Server: Apache/2.4.54 (Debian)
Last-Modified: Fri, 18 Nov 2022 15:14:47 GMT
ETag: "10d3d9-5edc02a8f41af"
Accept-Ranges: bytes
Content-Length: 1102809
Content-Range: bytes 0-1102808/1102809
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: video/mp4
Content-Language: fr-CA