| attacker.com/css/bootstrap-custom.min.css | 45.88.202.115 | 200 OK | 5.2 kB |
URL GET HTTP/2attacker.com/css/bootstrap-custom.min.css IP45.88.202.115:443
CertificateIssuerLet's Encrypt Subjectattacker.com FingerprintF4:E1:14:13:7E:C5:69:5A:42:E3:16:40:10:29:94:45:A1:8D:7D:14 ValidityMon, 08 Apr 2024 03:19:01 GMT - Sun, 07 Jul 2024 03:19:00 GMT
File typeASCII text, with very long lines (25011), with no line terminators Hasha0dfdea43ec9daffdbcb4a983ae3b37c 0c12475628fc7739fbad4b06d6c05ef56f0c2644 c3b57a79ad7f506aab3ebe6521d7d3c9020f69dea6eb56f43f4afd0edb57cb54
Analyzer | Verdict | Alert | PhishTank | phishing | Other |
GET /css/bootstrap-custom.min.css HTTP/1.1
Host: attacker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://attacker.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 14:06:17 GMT
content-type: text/css
content-length: 5219
last-modified: Wed, 07 Feb 2024 16:29:00 GMT
etag: "61b3-610cd313cacfe-gzip"
vary: Accept-Encoding
content-encoding: gzip
expires: Sat, 04 May 2024 14:06:17 GMT
cache-control: max-age=1296000
x-upstream-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| attacker.com/css/parking2.min.css?v=6 | 45.88.202.115 | 200 OK | 3.6 kB |
URL GET HTTP/2attacker.com/css/parking2.min.css?v=6 IP45.88.202.115:443
CertificateIssuerLet's Encrypt Subjectattacker.com FingerprintF4:E1:14:13:7E:C5:69:5A:42:E3:16:40:10:29:94:45:A1:8D:7D:14 ValidityMon, 08 Apr 2024 03:19:01 GMT - Sun, 07 Jul 2024 03:19:00 GMT
File typeASCII text, with very long lines (20636), with no line terminators Hash953a5fc295df6ead7ad17cd8018a4cbe 0a93266984d59715aab18dad3c90c8d151dd5b73 e06c04a93ef8fe0e24751ca000492cfb41ff8ef335bf7a24e77b474a8248a4b0
Analyzer | Verdict | Alert | PhishTank | phishing | Other |
GET /css/parking2.min.css?v=6 HTTP/1.1
Host: attacker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://attacker.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 14:06:17 GMT
content-type: text/css
content-length: 3636
last-modified: Wed, 07 Feb 2024 16:29:00 GMT
etag: "509c-610cd313cacfe-gzip"
vary: Accept-Encoding
content-encoding: gzip
expires: Sat, 04 May 2024 14:06:17 GMT
cache-control: max-age=1296000
x-upstream-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| attacker.com/images/epik-domain-names-dark.svg?v=1 | 45.88.202.115 | 200 OK | 1.7 kB |
URL GET HTTP/2attacker.com/images/epik-domain-names-dark.svg?v=1 IP45.88.202.115:443
CertificateIssuerLet's Encrypt Subjectattacker.com FingerprintF4:E1:14:13:7E:C5:69:5A:42:E3:16:40:10:29:94:45:A1:8D:7D:14 ValidityMon, 08 Apr 2024 03:19:01 GMT - Sun, 07 Jul 2024 03:19:00 GMT
File typeSVG Scalable Vector Graphics image Hash54a79e9ebbd158a93f4c156f64dddf22 7fcd435dbd3d10a4c3fdfe8266767c8511909be0 ba545882b3d3f5283281e96f148b824a413378050d017aa6957f658856f32abe
Analyzer | Verdict | Alert | PhishTank | phishing | Other |
GET /images/epik-domain-names-dark.svg?v=1 HTTP/1.1
Host: attacker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://attacker.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 14:06:17 GMT
content-type: image/svg+xml
content-length: 1717
last-modified: Wed, 07 Feb 2024 16:29:00 GMT
etag: "df4-610cd313cacfe-gzip"
vary: Accept-Encoding
content-encoding: gzip
expires: Sat, 04 May 2024 14:06:17 GMT
cache-control: max-age=1296000
x-upstream-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| attacker.com/images/parking2/payments/cc.svg | 45.88.202.115 | 200 OK | 3.6 kB |
URL GET HTTP/2attacker.com/images/parking2/payments/cc.svg IP45.88.202.115:443
CertificateIssuerLet's Encrypt Subjectattacker.com FingerprintF4:E1:14:13:7E:C5:69:5A:42:E3:16:40:10:29:94:45:A1:8D:7D:14 ValidityMon, 08 Apr 2024 03:19:01 GMT - Sun, 07 Jul 2024 03:19:00 GMT
File typeSVG Scalable Vector Graphics image Hashb95e6b0f9239493a0002f7b6402b291f f056c91179ea2f78a3008d167b065a27dec34d31 5a7e3b9b95cbd9c6aab1ff1d97802322e0528aac98556430e80ca53b9720a4ff
Analyzer | Verdict | Alert | PhishTank | phishing | Other |
GET /images/parking2/payments/cc.svg HTTP/1.1
Host: attacker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://attacker.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 14:06:17 GMT
content-type: image/svg+xml
content-length: 3605
last-modified: Wed, 07 Feb 2024 16:29:00 GMT
etag: "25ec-610cd313d0abe-gzip"
vary: Accept-Encoding
content-encoding: gzip
expires: Sat, 04 May 2024 14:06:17 GMT
cache-control: max-age=1296000
x-upstream-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| attacker.com/images/parking2/payments/paypal.svg | 45.88.202.115 | 200 OK | 3.0 kB |
URL GET HTTP/2attacker.com/images/parking2/payments/paypal.svg IP45.88.202.115:443
CertificateIssuerLet's Encrypt Subjectattacker.com FingerprintF4:E1:14:13:7E:C5:69:5A:42:E3:16:40:10:29:94:45:A1:8D:7D:14 ValidityMon, 08 Apr 2024 03:19:01 GMT - Sun, 07 Jul 2024 03:19:00 GMT
File typeSVG Scalable Vector Graphics image Hashe63bcdaec263e75aa9670af5124057de e8c8736067b21039eedb9f76e457a0d97eda7e1a 8f11f3455df73bf6d18b6dd9d3e0d9812300e92ed985621e02a4c0c9121528ed
Analyzer | Verdict | Alert | PhishTank | phishing | Other |
GET /images/parking2/payments/paypal.svg HTTP/1.1
Host: attacker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://attacker.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 14:06:17 GMT
content-type: image/svg+xml
content-length: 2984
last-modified: Wed, 07 Feb 2024 16:29:00 GMT
etag: "1a65-610cd313d0abe-gzip"
vary: Accept-Encoding
content-encoding: gzip
expires: Sat, 04 May 2024 14:06:17 GMT
cache-control: max-age=1296000
x-upstream-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| attacker.com/images/parking2/payments/in_store_credit.svg | 45.88.202.115 | 200 OK | 4.6 kB |
URL GET HTTP/2attacker.com/images/parking2/payments/in_store_credit.svg IP45.88.202.115:443
CertificateIssuerLet's Encrypt Subjectattacker.com FingerprintF4:E1:14:13:7E:C5:69:5A:42:E3:16:40:10:29:94:45:A1:8D:7D:14 ValidityMon, 08 Apr 2024 03:19:01 GMT - Sun, 07 Jul 2024 03:19:00 GMT
File typeSVG Scalable Vector Graphics image Hash5a6952d1ab89a0ee0a2bab97097f884b c72f92fc267c2fe61d1ceb764e23f691e478741c 120204bbbae24282d9fbd493f82f5ce183314bf4a2aec1374c133f8c368bc9b9
Analyzer | Verdict | Alert | PhishTank | phishing | Other |
GET /images/parking2/payments/in_store_credit.svg HTTP/1.1
Host: attacker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://attacker.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 14:06:17 GMT
content-type: image/svg+xml
content-length: 4567
last-modified: Wed, 07 Feb 2024 16:29:00 GMT
etag: "2f4c-610cd313d0abe-gzip"
vary: Accept-Encoding
content-encoding: gzip
expires: Sat, 04 May 2024 14:06:17 GMT
cache-control: max-age=1296000
x-upstream-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| attacker.com/images/parking2/payments/ach.svg | 45.88.202.115 | 200 OK | 4.1 kB |
URL GET HTTP/2attacker.com/images/parking2/payments/ach.svg IP45.88.202.115:443
CertificateIssuerLet's Encrypt Subjectattacker.com FingerprintF4:E1:14:13:7E:C5:69:5A:42:E3:16:40:10:29:94:45:A1:8D:7D:14 ValidityMon, 08 Apr 2024 03:19:01 GMT - Sun, 07 Jul 2024 03:19:00 GMT
File typeSVG Scalable Vector Graphics image Hash1aeeeca9efd19cf90482d9a4e4010ac9 e8086fe685ba0d5907aed7e9fb9d6a152f2401d7 efcb8731964b2d071021c8d243ed3b435c88464a717cb395024f6cb84c254773
Analyzer | Verdict | Alert | PhishTank | phishing | Other |
GET /images/parking2/payments/ach.svg HTTP/1.1
Host: attacker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://attacker.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 14:06:17 GMT
content-type: image/svg+xml
content-length: 4088
last-modified: Wed, 07 Feb 2024 16:29:00 GMT
etag: "26c2-610cd313d0abe-gzip"
vary: Accept-Encoding
content-encoding: gzip
expires: Sat, 04 May 2024 14:06:17 GMT
cache-control: max-age=1296000
x-upstream-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| attacker.com/js/lab.min.js | 45.88.202.115 | 200 OK | 1.7 kB |
URL GET HTTP/2attacker.com/js/lab.min.js IP45.88.202.115:443
CertificateIssuerLet's Encrypt Subjectattacker.com FingerprintF4:E1:14:13:7E:C5:69:5A:42:E3:16:40:10:29:94:45:A1:8D:7D:14 ValidityMon, 08 Apr 2024 03:19:01 GMT - Sun, 07 Jul 2024 03:19:00 GMT
File typeJavaScript source, ASCII text, with very long lines (4493), with no line terminators Hash5bae8f54eb5be64b131e498e2c233bbc 25aa4807d5d07f1dbd9705866fbe6540ad0fd1d5 565169484eb0f13570db78742dcf091e83129a2a0471ae485aa13a890f378258
Analyzer | Verdict | Alert | PhishTank | phishing | Other |
GET /js/lab.min.js HTTP/1.1
Host: attacker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://attacker.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 14:06:17 GMT
content-type: text/javascript
content-length: 1742
last-modified: Wed, 07 Feb 2024 16:29:00 GMT
etag: "118d-610cd313d399e-gzip"
vary: Accept-Encoding
content-encoding: gzip
expires: Sat, 04 May 2024 14:06:17 GMT
cache-control: max-age=1296000
x-upstream-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| attacker.com/js/global.js?v=1 | 45.88.202.115 | 200 OK | 815 B |
URL GET HTTP/2attacker.com/js/global.js?v=1 IP45.88.202.115:443
CertificateIssuerLet's Encrypt Subjectattacker.com FingerprintF4:E1:14:13:7E:C5:69:5A:42:E3:16:40:10:29:94:45:A1:8D:7D:14 ValidityMon, 08 Apr 2024 03:19:01 GMT - Sun, 07 Jul 2024 03:19:00 GMT
File typeJavaScript source, ASCII text Hash7b08992307bf75cff71e268fe1bec7b7 6518204f41cec36228d2c19c2d138cf1c4d972ee 24704d232f9937d71f8aec02c4308ed0b1e4fa237e144fc373fd520b6d935076
Analyzer | Verdict | Alert | PhishTank | phishing | Other |
GET /js/global.js?v=1 HTTP/1.1
Host: attacker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://attacker.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 14:06:17 GMT
content-type: text/javascript
content-length: 815
last-modified: Wed, 07 Feb 2024 16:29:00 GMT
etag: "7bb-610cd313d1a5e-gzip"
vary: Accept-Encoding
content-encoding: gzip
expires: Sat, 04 May 2024 14:06:17 GMT
cache-control: max-age=1296000
x-upstream-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| attacker.com/js/openpixel.min.js?t=1713571200000 | 45.88.202.115 | 200 OK | 2.7 kB |
URL GET HTTP/2attacker.com/js/openpixel.min.js?t=1713571200000 IP45.88.202.115:443
CertificateIssuerLet's Encrypt Subjectattacker.com FingerprintF4:E1:14:13:7E:C5:69:5A:42:E3:16:40:10:29:94:45:A1:8D:7D:14 ValidityMon, 08 Apr 2024 03:19:01 GMT - Sun, 07 Jul 2024 03:19:00 GMT
File typeJavaScript source, ASCII text, with very long lines (7001) Hashc3f7401540792da8651fd98ba29d6234 18031b36055b29f303e50b950c840c2a38d0d99a 9d3d199481d627ddbcc19f0117d96cd434708338822064b2bc63a3dddd54c8dc
GET /js/openpixel.min.js?t=1713571200000 HTTP/1.1
Host: attacker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://attacker.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 14:06:17 GMT
content-type: text/javascript
content-length: 2706
last-modified: Wed, 07 Feb 2024 16:29:00 GMT
etag: "1bb0-610cd313d399e-gzip"
vary: Accept-Encoding
content-encoding: gzip
expires: Sat, 04 May 2024 14:06:17 GMT
cache-control: max-age=1296000
x-upstream-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cust-api.trustratings.com/api/v1/widget/epik.com?background=white&orientation=horizontal | 136.243.10.248 | 200 OK | 1.9 kB |
URL GET HTTP/1.1cust-api.trustratings.com/api/v1/widget/epik.com?background=white&orientation=horizontal IP136.243.10.248:443 ASN#24940 Hetzner Online GmbH
CertificateIssuerLet's Encrypt Subjectcust-api.trustratings.com FingerprintE2:A6:72:F7:AE:AC:BE:66:F0:13:7E:B7:FF:B2:68:6B:2F:9F:17:8F ValidityTue, 12 Mar 2024 22:34:59 GMT - Mon, 10 Jun 2024 22:34:58 GMT
File typeHTML document, ASCII text, with very long lines (4449), with CRLF line terminators Hash6d0457ca70c797a5e6f5174b562153ed 46a021d1c12b0259f70cb1e3047934770daaa3ef fc65ffb427ab26e1b2c5019ca86bfaf221d2b0fb71c4b35a34126ec58b72dfe7
GET /api/v1/widget/epik.com?background=white&orientation=horizontal HTTP/1.1
Host: cust-api.trustratings.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://attacker.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 19 Apr 2024 14:06:17 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: X-Requested-With
ETag: W/"2c20-RqAh0cErAln3DLHjBHk0dw2qo+8"
Vary: Accept-Encoding
Content-Encoding: gzip
|
|
| fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 IP216.58.207.227:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15752, version 1.0 Hashb20371a6daf29d4a1f2e85dbbf40fb20 0355a01c1ccb45cb728e7e07c41c8ebf456f70bb 7e262106f82cc52663e403f5b73795bbeab9ca0630c33c03579354fbcd4fae1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://attacker.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15752
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 13:20:59 GMT
expires: Fri, 18 Apr 2025 13:20:59 GMT
cache-control: public, max-age=31536000
age: 89118
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| attacker.com/images/opt/css_sprites.png | 45.88.202.115 | 200 OK | 67 kB |
URL GET HTTP/2attacker.com/images/opt/css_sprites.png IP45.88.202.115:443
CertificateIssuerLet's Encrypt Subjectattacker.com FingerprintF4:E1:14:13:7E:C5:69:5A:42:E3:16:40:10:29:94:45:A1:8D:7D:14 ValidityMon, 08 Apr 2024 03:19:01 GMT - Sun, 07 Jul 2024 03:19:00 GMT
File typegzip compressed data, from Unix Hashec92495fc7f136b075bc72d394d12d82 d1dc0e1558e6fc423c318b4b93985ab383d59646 536289355e878213bc416916471e776aff259a15386a8b68413ec0d0aadad158
Analyzer | Verdict | Alert | PhishTank | phishing | Other |
GET /images/opt/css_sprites.png HTTP/1.1
Host: attacker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://attacker.com/css/parking2.min.css?v=6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 14:06:17 GMT
content-type: image/png
vary: Accept-Encoding
last-modified: Wed, 07 Feb 2024 16:29:00 GMT
etag: W/"39c0-610cd313cdbde"
expires: Sat, 04 May 2024 14:06:17 GMT
cache-control: max-age=1296000
x-upstream-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 IP216.58.207.227:443
Requested byhttps://cust-api.trustratings.com/api/v1/widget/epik.com?background=white&orientation=horizontal CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15744, version 1.0 Hash15d9f621c3bd1599f0169dcf0bd5e63e 7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52 f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://attacker.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 16:27:38 GMT
expires: Wed, 16 Apr 2025 16:27:38 GMT
cache-control: public, max-age=31536000
age: 250719
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 | 216.58.207.227 | 200 OK | 48 kB |
URL GET HTTP/2fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 IP216.58.207.227:443
CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 48236, version 1.0 Hash015c126a3520c9a8f6a27979d0266e96 2acf956561d44434a6d84204670cf849d3215d5f 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://attacker.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:35:00 GMT
expires: Fri, 18 Apr 2025 02:35:00 GMT
cache-control: public, max-age=31536000
age: 127877
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 IP216.58.207.227:443
Requested byhttps://cust-api.trustratings.com/api/v1/widget/epik.com?background=white&orientation=horizontal CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9 ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15744, version 1.0 Hash15d9f621c3bd1599f0169dcf0bd5e63e 7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52 f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cust-api.trustratings.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 16:27:38 GMT
expires: Wed, 16 Apr 2025 16:27:38 GMT
cache-control: public, max-age=31536000
age: 250719
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| attacker.com/favicon.ico | 45.88.202.115 | 200 OK | 371 B |
IP45.88.202.115:443
CertificateIssuerLet's Encrypt Subjectattacker.com FingerprintF4:E1:14:13:7E:C5:69:5A:42:E3:16:40:10:29:94:45:A1:8D:7D:14 ValidityMon, 08 Apr 2024 03:19:01 GMT - Sun, 07 Jul 2024 03:19:00 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hashb1108e0d70db20c8606e1a8016caeb81 e2fc2a3593c7e8378af9a0ac0e709f2f1c09fc56 c5e2b9c7c4a22ec143291554b29883670c6746294588e6a7ef1e7db0565bad8f
Analyzer | Verdict | Alert | PhishTank | phishing | Other |
GET /favicon.ico HTTP/1.1
Host: attacker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://attacker.com/
Cookie: __opix_uid=1-lda736gn-lv6qu9a8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 14:06:17 GMT
content-type: image/vnd.microsoft.icon
content-length: 371
last-modified: Wed, 07 Feb 2024 16:29:00 GMT
etag: "47e-610cd313cacfe-gzip"
vary: Accept-Encoding
content-encoding: gzip
expires: Sat, 04 May 2024 14:06:17 GMT
cache-control: max-age=1296000
x-upstream-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Roboto&display=swap | 142.250.74.106 | 200 OK | 1.1 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Roboto&display=swap IP142.250.74.106:443
Requested byhttps://cust-api.trustratings.com/api/v1/widget/epik.com?background=white&orientation=horizontal CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
File typegzip compressed data, max compression Hashaaec47102fc5fa6a9b3ecbe6863df9b5 4deb98f45bd49cd108f26c29c4b71c4406b344df 23173043d3cbdb33ee9397d8999920a5de60b2a1f2ff55daf2442c8f7ddd8b2b
GET /css?family=Roboto&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cust-api.trustratings.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 19 Apr 2024 14:06:17 GMT
date: Fri, 19 Apr 2024 14:06:17 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| pixel.epik.com/pixel.gif?id=parking&uid=1-lda736gn-lv6qu9a8&ev=pageload&ed=Attacker.com&v=1&dl=https%3A%2F%2Fattacker.com%2F&rl=&ts=1713535577195&de=UTF-8&sr=1280x1024&vp=1280x1024&cd=24&dt=Attacker%20-%20The%20Domain%20Name%20Attacker.com%20is%20Now%20For%20Sale.&bn=Firefox%2096&md=false&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&tz=0&utm_source=&utm_medium=&utm_term=&utm_content=&utm_campaign= | 102.223.180.96 | 200 OK | 42 B |
URL POST HTTP/1.1pixel.epik.com/pixel.gif?id=parking&uid=1-lda736gn-lv6qu9a8&ev=pageload&ed=Attacker.com&v=1&dl=https%3A%2F%2Fattacker.com%2F&rl=&ts=1713535577195&de=UTF-8&sr=1280x1024&vp=1280x1024&cd=24&dt=Attacker%20-%20The%20Domain%20Name%20Attacker.com%20is%20Now%20For%20Sale.&bn=Firefox%2096&md=false&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&tz=0&utm_source=&utm_medium=&utm_term=&utm_content=&utm_campaign= IP102.223.180.96:443
CertificateIssuerLet's Encrypt Subjectpixel.epik.com FingerprintEA:4F:9A:28:A5:41:96:F4:A5:9A:70:69:79:E1:16:1D:DA:FE:17:72 ValidityTue, 05 Mar 2024 06:04:04 GMT - Mon, 03 Jun 2024 06:04:03 GMT
File typeGIF image data, version 89a, 1 x 1 Hashd89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
POST /pixel.gif?id=parking&uid=1-lda736gn-lv6qu9a8&ev=pageload&ed=Attacker.com&v=1&dl=https%3A%2F%2Fattacker.com%2F&rl=&ts=1713535577195&de=UTF-8&sr=1280x1024&vp=1280x1024&cd=24&dt=Attacker%20-%20The%20Domain%20Name%20Attacker.com%20is%20Now%20For%20Sale.&bn=Firefox%2096&md=false&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&tz=0&utm_source=&utm_medium=&utm_term=&utm_content=&utm_campaign= HTTP/1.1
Host: pixel.epik.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://attacker.com
DNT: 1
Connection: keep-alive
Referer: https://attacker.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 19 Apr 2024 14:06:17 GMT
Content-Type: image/gif
Content-Length: 42
Last-Modified: Mon, 09 Jan 2023 14:22:48 GMT
Connection: keep-alive
ETag: "63bc2338-2a"
Expires: Fri, 19 Apr 2024 15:06:17 GMT
Cache-Control: max-age=3600
Accept-Ranges: bytes
|
|
| static.zdassets.com/web_widget/classic/latest/web-widget-main-7bc1c0f.js | 104.18.72.113 | 200 OK | 992 kB |
URL GET HTTP/2static.zdassets.com/web_widget/classic/latest/web-widget-main-7bc1c0f.js IP104.18.72.113:443
CertificateIssuerLet's Encrypt Subjectzdassets.com FingerprintF8:AF:5C:DB:58:D5:35:9F:56:A0:A1:A2:92:FE:E3:BA:26:DA:5D:2D ValiditySun, 03 Mar 2024 22:41:52 GMT - Sat, 01 Jun 2024 22:41:51 GMT
Size992 kB (992059 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /web_widget/classic/latest/web-widget-main-7bc1c0f.js HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 19 Apr 2024 14:06:18 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: ldH41+NY0+fYAgvbqFIJmvudIE2j/SxzaKSwKqxB3P/vSWpJ08HqoFV2mSP6KWgMbK8lgvcvTvmD4moNqUmffw==
x-amz-request-id: 64S1GV9HNQKB0DVA
x-amz-replication-status: COMPLETED
last-modified: Mon, 08 Apr 2024 13:46:13 GMT
etag: W/"3784cf5e1ddd3a68e335f3bb4a5e2fcd"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=31536000
expires: Tue, 08 Apr 2025 13:46:12 GMT
x-amz-version-id: _IYDenNVju8wHXIpAa8FJzBqmTlghdyK
cf-cache-status: HIT
age: 699669
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=32E5Uy%2FVKEK%2BQ13IpYKJbFEiftRVeoPVoRuatwqsWGlBeArRBwycuoIVxIl9Iy8O4%2Bxu%2F5htPOwT03e6MAP8WKBhNlUAvfStgxXqdlZ0EhIlVaIl84ZxleG178mU1fNoPy35bk0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
access-control-allow-headers: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
access-control-max-age: 0
server: cloudflare
cf-ray: 876d74532dec1c16-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| attacker.com/images/parking2/bg/a18.jpg | 45.88.202.115 | 200 OK | 70 kB |
URL GET HTTP/2attacker.com/images/parking2/bg/a18.jpg IP45.88.202.115:443
CertificateIssuerLet's Encrypt Subjectattacker.com FingerprintF4:E1:14:13:7E:C5:69:5A:42:E3:16:40:10:29:94:45:A1:8D:7D:14 ValidityMon, 08 Apr 2024 03:19:01 GMT - Sun, 07 Jul 2024 03:19:00 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x850, components 3 Hashb42d146949ba703bd24eccfb2fd77952 01c50ae233e5c5a54c4e64b0943f5bac2a0671df d3c707d2faf0b09856b1868a625bb1f6535f9ababa1d041ada9e25ed2909d2a9
Analyzer | Verdict | Alert | PhishTank | phishing | Other |
GET /images/parking2/bg/a18.jpg HTTP/1.1
Host: attacker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://attacker.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 14:06:17 GMT
content-type: image/jpeg
vary: Accept-Encoding
last-modified: Wed, 07 Feb 2024 16:29:00 GMT
etag: W/"110c6-610cd313ceb7e"
expires: Sat, 04 May 2024 14:06:17 GMT
cache-control: max-age=1296000
x-upstream-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?display=swap&family=Open+Sans:400,600 | 142.250.74.106 | 200 OK | 12 kB |
URL GET HTTP/2fonts.googleapis.com/css?display=swap&family=Open+Sans:400,600 IP142.250.74.106:443
CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
File typeASCII text, with very long lines (1572) Hash4f81b7ec203efaec023f045ad6b337ef 13681aeec8bf31df45d7ee3b78bf64b47bd06f7c c0c4dc54f76b3ed86c0ffe83ff98f7d2b0cd8c3de92bca47159b3dd8d948b78a
GET /css?display=swap&family=Open+Sans:400,600 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://attacker.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 19 Apr 2024 14:06:17 GMT
date: Fri, 19 Apr 2024 14:06:17 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ekr.zdassets.com/compose/1546ebb5-45e1-49c4-94dc-4b5d44a6d66c | 104.18.72.113 | 200 OK | 332 B |
URL GET HTTP/2ekr.zdassets.com/compose/1546ebb5-45e1-49c4-94dc-4b5d44a6d66c IP104.18.72.113:443
CertificateIssuerLet's Encrypt Subjectzdassets.com FingerprintF8:AF:5C:DB:58:D5:35:9F:56:A0:A1:A2:92:FE:E3:BA:26:DA:5D:2D ValiditySun, 03 Mar 2024 22:41:52 GMT - Sat, 01 Jun 2024 22:41:51 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (360), with no line terminators Hashfca70184c5ef33426e75de5d295e3f28 79def342501cb549c1be9228efad189dfe44b88b 673aabdde0593326a567ffee61339c320e4a9fcf277d0861661cd8c5fedfb620
GET /compose/1546ebb5-45e1-49c4-94dc-4b5d44a6d66c HTTP/1.1
Host: ekr.zdassets.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://attacker.com/
Origin: https://attacker.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 19 Apr 2024 14:06:18 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-expose-headers:
access-control-max-age: 7200
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
cdn-cache-control: max-age=60
vary: Accept, Origin, Accept-Encoding
cache-control: max-age=300, public, stale-while-revalidate=300, stale-if-error=21600
etag: W/"683d213f053ef211e9c70924af641ddc"
x-request-id: 872abd25cb688f81-SEA, 872abd25cb688f81-SEA
x-runtime: 0.003711
x-zendesk-zorg: yes
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=drWg8%2F4CaUkW2xE348DwtnInT4pmrY9OUmHd2mIkX8YZx6Ps3dzhwpiJtFJuws8MKhqry2%2F%2FzM1bGbVlDhpkij3xQ1d%2Fw8Fq7RoIW7ht%2FXVb4hwjnQYoM8uN%2BMTt%2FUY5trE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 876d744e5a39568b-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?display=swap&family=Roboto:400,900 | 142.250.74.106 | 200 OK | 4.7 kB |
URL GET HTTP/2fonts.googleapis.com/css?display=swap&family=Roboto:400,900 IP142.250.74.106:443
CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
File typeASCII text, with very long lines (4786), with no line terminators Hashde9edebde7e4d325045588af23269981 a5e8fe7ae2371a75ade452d3bd1d8a93276f23a3 92ad356cef2291bc6b2fc43a7a33ef04e5b816645e9c337e2b4ba133b757af08
GET /css?display=swap&family=Roboto:400,900 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://attacker.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 19 Apr 2024 14:06:17 GMT
date: Fri, 19 Apr 2024 14:06:17 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| | 45.88.202.115 | 200 OK | 15 kB |
URL User Request GET HTTP/2IP45.88.202.115:443
CertificateIssuerLet's Encrypt Subjectattacker.com FingerprintF4:E1:14:13:7E:C5:69:5A:42:E3:16:40:10:29:94:45:A1:8D:7D:14 ValidityMon, 08 Apr 2024 03:19:01 GMT - Sun, 07 Jul 2024 03:19:00 GMT
File typeHTML document, ASCII text, with very long lines (706) Hashd5c31810761a9d8ab2b068df7f2336fd 77ec3b867447051ccb06641734d85eef42d281a0 95ccf2d920d04afc7714ad59654c60be87abac7e5de0494b5bf7045a33ada3b5
Analyzer | Verdict | Alert | PhishTank | phishing | Other |
GET / HTTP/1.1
Host: attacker.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 14:06:16 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33-51+ubuntu22.04.1+deb.sury.org+1
access-control-allow-origin: http://attacker.com
vary: Accept-Encoding, Accept-Encoding
expires: Fri, 19 Apr 2024 14:21:16 GMT
cache-control: max-age=900
content-encoding: br
X-Firefox-Spdy: h2
|
|
| static.zdassets.com/ekr/snippet.js?key=1546ebb5-45e1-49c4-94dc-4b5d44a6d66c | 104.18.72.113 | 200 OK | 10 kB |
URL GET HTTP/2static.zdassets.com/ekr/snippet.js?key=1546ebb5-45e1-49c4-94dc-4b5d44a6d66c IP104.18.72.113:443
CertificateIssuerLet's Encrypt Subjectzdassets.com FingerprintF8:AF:5C:DB:58:D5:35:9F:56:A0:A1:A2:92:FE:E3:BA:26:DA:5D:2D ValiditySun, 03 Mar 2024 22:41:52 GMT - Sat, 01 Jun 2024 22:41:51 GMT
File typeJavaScript source, ASCII text, with very long lines (10187), with no line terminators Hashc0053b411b753138af468db1bd3b19f3 7c3a187aa58f2b9e5446edb761b3d4d2ba506fe7 ce337ec7dda4b3a741363a2673c7edce5c736f1660e2aa908131ecfd9dd1343f
GET /ekr/snippet.js?key=1546ebb5-45e1-49c4-94dc-4b5d44a6d66c HTTP/1.1
Host: static.zdassets.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://attacker.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 19 Apr 2024 14:06:17 GMT
content-type: application/javascript
x-amz-id-2: 4OYei3DkpSYkS6dKBDFbZjtSdVexoHjQ1eS9Mf3MCmEOCurZC/+Isbd1AVVpsiKAmJ7FWWviPJSrjy0q3mZxeg==
x-amz-request-id: 9X4B0G1GWNB25PJG
x-amz-replication-status: PENDING
last-modified: Mon, 15 Jan 2024 02:56:11 GMT
etag: W/"c0053b411b753138af468db1bd3b19f3"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=3600, s-maxage=60
x-amz-version-id: sR7NItkX1i3nKckB5vEat7T2DUmPnRiJ
cf-cache-status: HIT
age: 13
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JdT%2F20EA8tqsfyKWia2TId5891VEdc%2BBeI9c7SsLTPEL33dhjPcQWuCHPOkFjKZB4EwoUUYK%2FkeDXu3OAuNZNNJmsHea3soEXa7N5iplfNMYOAc3MPq0mLe8AL2rgNOPuvpTU%2B4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=0
access-control-allow-headers: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
access-control-max-age: 0
server: cloudflare
cf-ray: 876d744d99fb1c16-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|