detectportal.firefox.com/success.txt?ipv4
200 OK
8
URL
HTTP/1.1
detectportal.firefox.com/success.txt?ipv4
IP
Hash
ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5
GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Thu, 23 Feb 2023 14:02:14 GMT
Age: 5651
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
r3.o.lencr.org/
200 OK
503
IP
ASN
#20940 Akamai International B.V.
Hash
bbe5e8dc913bdcab76f9fe8851ea2e77
9215fadd003873382ed2a4ace79ba337adadd692
e6094932dd4de52ea6360bdfbe8bb15951ebd76255766eee627c5de6f83fcea8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E6094932DD4DE52EA6360BDFBE8BB15951EBD76255766EEE627C5DE6F83FCEA8"
Last-Modified: Wed, 22 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5331
Expires: Thu, 23 Feb 2023 17:05:16 GMT
Date: Thu, 23 Feb 2023 15:36:25 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK
503
IP
ASN
#20940 Akamai International B.V.
Hash
c111b52b3610804b2963fdda8c9ba0de
6c60faf365023cb4cad49b1ca4fad1f373b92b87
b03c3b15d37d60d95a46ceb898445559066e8c0657e35d6d20580a301b95cc38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B03C3B15D37D60D95A46CEB898445559066E8C0657E35D6D20580A301B95CC38"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8888
Expires: Thu, 23 Feb 2023 18:04:33 GMT
Date: Thu, 23 Feb 2023 15:36:25 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK
503
IP
ASN
#20940 Akamai International B.V.
Hash
d4569ebd95f766b8f22ed69d69334c37
a7fcd3f640877885077a4126708968d7e1e0d252
e485343a8251f50009506dfc6a42c82ca6b09b434d1e0984ea7c2dfea7dcd28d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E485343A8251F50009506DFC6A42C82CA6B09B434D1E0984EA7C2DFEA7DCD28D"
Last-Modified: Wed, 22 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4685
Expires: Thu, 23 Feb 2023 16:54:30 GMT
Date: Thu, 23 Feb 2023 15:36:25 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
200 OK
5348
URL
HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
Magic
PEM certificate\012- , ASCII text
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: LULHrWEiq4BN9Br6BZqFnLUzGJsTlM7JNepe78Ov94OLF/m4WNkRLNVeV5uVHS44fbmKHRTIDV01pndoq6JqAA==
x-amz-request-id: WGR2NXZRZN398388
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 23 Feb 2023 15:19:47 GMT
age: 998
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30
200 OK
43593
URL
HTTP/2
getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30
IP
Magic
JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash
9a4d777e0f182b8505f0a518ef59a313
dee5363dc021991fb421d297b9e55b31c067ccdd
aa7cdc94ead305b02c21270fca7e2c29c45573bef7c467e1805a50cf593a0777
GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=NO&count=30 HTTP/1.1
Host: getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Miss from cloudfront
x-amz-cf-pop: SEA73-P2
x-amz-cf-id: ny39Z-rCKQQ4Fx4WEEIwKaHRLAI36BOIXErXw2kZM6MG8_fpGa9ORQ==
content-encoding: gzip
via: 1.1 c21a0d27ceec21e266c9f962d0349438.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Feb 2023 15:30:18 GMT
content-type: application/json
vary: Accept-Encoding
content-length: 43593
age: 367
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK
503
IP
ASN
#20940 Akamai International B.V.
Hash
6f313739c4c44174fc9a97ac63621b46
319da68d06694330ad9f7901bcde1ca0a6eeac0d
321236ee07769c741890815bc56fd2700ff1974b0534368b9ff2e96320ae4fee
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "321236EE07769C741890815BC56FD2700FF1974B0534368B9FF2E96320AE4FEE"
Last-Modified: Wed, 22 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7250
Expires: Thu, 23 Feb 2023 17:37:15 GMT
Date: Thu, 23 Feb 2023 15:36:25 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
200 OK
12
URL
HTTP/2
contile.services.mozilla.com/v1/tiles
IP
Magic
JSON data\012- , ASCII text, with no line terminators
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Feb 2023 15:36:25 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
200 OK
939
URL
HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
Magic
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash
7f03faaba3392caae6dae54467bfdf6d
57ea1f14e8bfbcca8190c706d708c9fda12442c1
02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 23 Feb 2023 14:53:56 GMT
content-type: application/json
age: 2549
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
jiuvdsjk623ocxve.buzz/login.php
200 OK
1090
URL
HTTP/1.1
jiuvdsjk623ocxve.buzz/login.php
IP
ASN
#35937 DATABANK-MARQUISNET
Magic
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash
c90fb42e80d8a1161f1c439f10a1388e
7397db86e704058ee3dc2d491106b93aa10f8cc3
99d47b6b37f5796351ab726ff9411bc8cb0dc329b1682edc39663cee97f6450a
Analyzer
Verdict
Alert
openphish
Facebook, Inc.
fortinet
Phishing
NIDS
Severity
Alert
suricata
medium
ET INFO HTTP Request to a *.buzz domain
GET /login.php HTTP/1.1
Host: jiuvdsjk623ocxve.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: PHP/8.2.1, ASP.NET
Date: Thu, 23 Feb 2023 15:36:25 GMT
Content-Length: 1090
ocsp.digicert.com/
200 OK
471
IP
Hash
310d31ca47f2ae6a1f02ba54d63d34ee
6f32c22bd013d5ac1c0a49ffa166d64e105deb3a
15b41dbfb5b9b5845ae51d8748db1210920057ad61d2d6686629446583679507
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4379
Cache-Control: max-age=164606
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 15:36:25 GMT
Etag: "63f756dc-1d7"
Expires: Sat, 25 Feb 2023 13:19:51 GMT
Last-Modified: Thu, 23 Feb 2023 12:06:52 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
cdn.jsdelivr.net/npm/bootstrap@5.2.0/dist/js/bootstrap.bundle.min.js
200 OK
23075
URL
HTTP/2
cdn.jsdelivr.net/npm/bootstrap@5.2.0/dist/js/bootstrap.bundle.min.js
IP
Magic
ASCII text, with very long lines (65299)
Hash
ed5c6463c7bbe5b6a99a36ee500352b7
05dcf59651be45fa7079e4586cb36c625f4a859c
e9c1ef143791a953e02f587edbddede54028c212954ec9daa5a789e79eb2e1cb
GET /npm/bootstrap@5.2.0/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://jiuvdsjk623ocxve.buzz
Connection: keep-alive
Referer: http://jiuvdsjk623ocxve.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 5.2.0
x-jsd-version-type: version
etag: W/"137ae-xmO6oFGFa2TXRmKalh4ju/D7r4w"
content-encoding: gzip
accept-ranges: bytes
date: Thu, 23 Feb 2023 15:36:26 GMT
age: 112547
x-served-by: cache-fra-eddf8230139-FRA, cache-bma1643-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 23075
X-Firefox-Spdy: h2
detectportal.firefox.com/success.txt?ipv4
200 OK
8
URL
HTTP/1.1
detectportal.firefox.com/success.txt?ipv4
IP
Hash
ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5
GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Thu, 23 Feb 2023 14:02:14 GMT
Age: 5652
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
cdn.jsdelivr.net/npm/bootstrap@5.2.0/dist/css/bootstrap.min.css
200 OK
27464
URL
HTTP/2
cdn.jsdelivr.net/npm/bootstrap@5.2.0/dist/css/bootstrap.min.css
IP
Magic
Unicode text, UTF-8 text, with very long lines (65305)
Hash
7888a9c5ee7f0dcbc252f18ea9205250
56fab9f4b3bf2422446e394be042eb29ef6a15bf
5da8436a211d7384f5a0ce219c548d245ae077f3474c95a66f25852bb9aa28d1
GET /npm/bootstrap@5.2.0/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://jiuvdsjk623ocxve.buzz
Connection: keep-alive
Referer: http://jiuvdsjk623ocxve.buzz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 5.2.0
x-jsd-version-type: version
etag: W/"2f88b-Yz6bIW1g1A6raHMXUTTpNbVU+JE"
content-encoding: gzip
accept-ranges: bytes
date: Thu, 23 Feb 2023 15:36:26 GMT
age: 112546
x-served-by: cache-fra-eddf8230090-FRA, cache-bma1643-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 27464
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK
471
IP
Hash
5aa46280b9f4ef8602f5e1b6864d898f
f1b8d2278116c2873ec0683122818fc186c74392
bb61e1178bc48dc26984f63f54d2621706fe49faa6f9a5651b06befa53cea9a0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 284
Cache-Control: max-age=91425
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 15:36:26 GMT
Etag: "63f648ff-1d7"
Expires: Fri, 24 Feb 2023 17:00:11 GMT
Last-Modified: Wed, 22 Feb 2023 16:55:27 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
200 OK
1462
URL
HTTP/1.1
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP
Hash
478a67926238de089ccb3ab6b74e1cf8
10540c1fc5d619f8b1d339151b563470acb0c897
9ac6bf15087e57524b066526c9db099744017d21db3dac86eee27f963c67fedc
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 Feb 2023 15:36:26 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "77773FC1B16C2FDDFC7D43E6D0AB646061A59D8D"
Expires: Fri, 24 Feb 2023 03:00:00 GMT
Last-Modified: Thu, 23 Feb 2023 15:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 642
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79e1097aef740b02-OSL
jiuvdsjk623ocxve.buzz/main2.css
200 OK
1271
URL
HTTP/1.1
jiuvdsjk623ocxve.buzz/main2.css
IP
ASN
#35937 DATABANK-MARQUISNET
Magic
assembler source text\012- assembler source, ASCII text
Hash
92f6f287bb109b5bbdd285e05f7f68e6
f3642316a061abf09eccc5ee3919590c8ae20bf0
0aecfee43b00ecd9045503014863ab63892264d34c1ba1abc6fcfa616e3bfc85
NIDS
Severity
Alert
suricata
medium
ET INFO HTTP Request to a *.buzz domain
GET /main2.css HTTP/1.1
Host: jiuvdsjk623ocxve.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jiuvdsjk623ocxve.buzz/login.php
HTTP/1.1 200 OK
Cache-Control: max-age=31536000
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Mon, 29 Aug 2022 19:08:10 GMT
Accept-Ranges: bytes
ETag: "09c4addabbd81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Thu, 23 Feb 2023 15:36:25 GMT
Content-Length: 1271
jiuvdsjk623ocxve.buzz/js/app.js
404 Not Found
1245
URL
HTTP/1.1
jiuvdsjk623ocxve.buzz/js/app.js
IP
ASN
#35937 DATABANK-MARQUISNET
Magic
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash
5343c1a8b203c162a3bf3870d9f50fd4
04b5b886c20d88b57eea6d8ff882624a4ac1e51d
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
Analyzer
Verdict
Alert
fortinet
Phishing
NIDS
Severity
Alert
suricata
medium
ET INFO HTTP Request to a *.buzz domain
suricata
medium
ET INFO HTTP Request to a *.buzz domain
GET /js/app.js HTTP/1.1
Host: jiuvdsjk623ocxve.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jiuvdsjk623ocxve.buzz/login.php
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Thu, 23 Feb 2023 15:36:25 GMT
Content-Length: 1245
ocsp.digicert.com/
200 OK
280
IP
Hash
6e682edd89e84610bec7cfee64a26e04
3a4ce501a183c3f116a2c29204b5e478c096e001
2a805f51805eac3d20fa86e3c044a10f58ed0fc10889ad9e327ed1df58d12de8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5446
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 15:36:26 GMT
Last-Modified: Thu, 23 Feb 2023 14:05:40 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
200 OK
280
IP
Hash
6e682edd89e84610bec7cfee64a26e04
3a4ce501a183c3f116a2c29204b5e478c096e001
2a805f51805eac3d20fa86e3c044a10f58ed0fc10889ad9e327ed1df58d12de8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5446
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 15:36:26 GMT
Last-Modified: Thu, 23 Feb 2023 14:05:40 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
200 OK
280
IP
Hash
6e682edd89e84610bec7cfee64a26e04
3a4ce501a183c3f116a2c29204b5e478c096e001
2a805f51805eac3d20fa86e3c044a10f58ed0fc10889ad9e327ed1df58d12de8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5031
Cache-Control: max-age=86088
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 15:36:26 GMT
Etag: "63f6219c-118"
Expires: Fri, 24 Feb 2023 15:31:14 GMT
Last-Modified: Wed, 22 Feb 2023 14:07:24 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
200 OK
280
IP
Hash
6e682edd89e84610bec7cfee64a26e04
3a4ce501a183c3f116a2c29204b5e478c096e001
2a805f51805eac3d20fa86e3c044a10f58ed0fc10889ad9e327ed1df58d12de8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5446
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 23 Feb 2023 15:36:26 GMT
Last-Modified: Thu, 23 Feb 2023 14:05:40 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 280
ka-f.fontawesome.com/releases/v6.3.0/css/free.min.css?token=5956274f26
200 OK
23478
URL
HTTP/2
ka-f.fontawesome.com/releases/v6.3.0/css/free.min.css?token=5956274f26
IP
Magic
ASCII text, with very long lines (65321)
Hash
eba97fe446352ad6214619278c45cfaf
49700161fcd180033523362f884d37077206124b
d2cbb9b399638b561fe7956d2570158ba89ac52223d32abd93fee0cd5ac4ef62
GET /releases/v6.3.0/css/free.min.css?token=5956274f26 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://jiuvdsjk623ocxve.buzz/
Origin: http://jiuvdsjk623ocxve.buzz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Feb 2023 15:36:26 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Tue, 31 Jan 2023 18:17:21 GMT
etag: W/"b7d524a460c5ceb6420db3aec0be8c92"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 7334e58f541a6f336bf4941e79456558.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: 7FASwXtGDkS_3ZraV_JCoJAD5fj9xGujkjfQcbznbX1WtXC2QFthdA==
age: 37509
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y9WzrCNMDdCZIP26AQzGX%2FkJ3Z3GtOSQDZH3lBxvNBUMIFHDXNWrsYGTyv1tOcSCTA%2FUo0HjR6fGB%2B0czFkMUsQnLbSu%2BLmxmCeQ%2FjDWSpVZ4y%2F1qM9RtxkT4KKyeYYs%2Bo5RAHZjaA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79e1097be9b9412d-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
200 OK
8
URL
HTTP/1.1
shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
IP
Hash
29fc57841962e407cb50c1be60284bf7
ce968a77e2996da5eee8925182318f171ccdce47
ae7e7075247dcfad763f1e131aeac3d2e756bb03d48b0d315a50c69636e5dc8b
POST /downloads?client=Firefox&appver=96.0a&pver=2.2 HTTP/1.1
Host: shavar.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 773
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Thu, 23 Feb 2023 15:36:26 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 8
Connection: Close
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK
329
URL
HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
Magic
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Cache-Control, Backoff, Pragma, Expires, Last-Modified, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 23 Feb 2023 15:20:35 GMT
age: 951
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
jiuvdsjk623ocxve.buzz/favicon.png
200 OK
18425
URL
HTTP/1.1
jiuvdsjk623ocxve.buzz/favicon.png
IP
ASN
#35937 DATABANK-MARQUISNET
Magic
PNG image data, 600 x 600, 8-bit/color RGBA, non-interlaced\012- data
Hash
ef8817a9c3c8a5de3a566f1f928a05eb
601ad13466371386d29e89c63914aaa969c39f02
ae77cc7f100196cf21058c6a6ab1da6832fbc8a9a3cbbcb6958bbfb2dd8223ba
NIDS
Severity
Alert
suricata
medium
ET INFO HTTP Request to a *.buzz domain
GET /favicon.png HTTP/1.1
Host: jiuvdsjk623ocxve.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jiuvdsjk623ocxve.buzz/login.php
HTTP/1.1 200 OK
Cache-Control: max-age=31536000
Content-Type: image/png
Last-Modified: Sat, 20 Aug 2022 10:59:04 GMT
Accept-Ranges: bytes
ETag: "0c78dc83b4d81:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Thu, 23 Feb 2023 15:36:25 GMT
Content-Length: 18425
jiuvdsjk623ocxve.buzz/js/app.js
404 Not Found
1245
URL
HTTP/1.1
jiuvdsjk623ocxve.buzz/js/app.js
IP
ASN
#35937 DATABANK-MARQUISNET
Magic
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash
5343c1a8b203c162a3bf3870d9f50fd4
04b5b886c20d88b57eea6d8ff882624a4ac1e51d
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
Analyzer
Verdict
Alert
fortinet
Phishing
NIDS
Severity
Alert
suricata
medium
ET INFO HTTP Request to a *.buzz domain
suricata
medium
ET INFO HTTP Request to a *.buzz domain
GET /js/app.js HTTP/1.1
Host: jiuvdsjk623ocxve.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jiuvdsjk623ocxve.buzz/login.php
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Thu, 23 Feb 2023 15:36:25 GMT
Content-Length: 1245
r3.o.lencr.org/
200 OK
503
IP
ASN
#20940 Akamai International B.V.
Hash
5fa728a339ca32e616d483e61d0aebcd
6a63966de94d16390c8f1e47e5b67fe5bb67f7cd
7e83729d554404e59f1f1ff809ac776d3596487e2b062a1e38af8e29f33c0686
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E83729D554404E59F1F1FF809AC776D3596487E2B062A1E38AF8E29F33C0686"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4417
Expires: Thu, 23 Feb 2023 16:50:03 GMT
Date: Thu, 23 Feb 2023 15:36:26 GMT
Connection: keep-alive
push.services.mozilla.com/
101 Switching Protocols
0
URL
HTTP/1.1
push.services.mozilla.com/
IP
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: pB+zbBPQpHfsOpoVPdnx+A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: S0h//JKdURQHcqnDMr3/jzyAMIY=
firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221677164947380%22
200 OK
21681
URL
HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221677164947380%22
IP
Magic
JSON data\012- , ASCII text, with very long lines (21681), with no line terminators
Hash
8b1d40c68f693e9b8275c045af42159f
a89dc55eab23f8e0df1641ffa2c24cd6ddbc57ef
8e67b7897855773d4ed26af08de73e3c34825a5095b099f712fd7204b1573989
GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221677164947380%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Content-Type, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 21681
via: 1.1 google
date: Thu, 23 Feb 2023 15:12:02 GMT
last-modified: Thu, 23 Feb 2023 15:09:07 GMT
content-type: application/json
age: 1465
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1677069440866&_since=%221666204638208%22
200 OK
32643
URL
HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1677069440866&_since=%221666204638208%22
IP
Magic
JSON data\012- , ASCII text, with very long lines (32643), with no line terminators
Hash
111a124bfe0fcca1d00eacc4056304c0
09f7b2abd4d09de09db0e11add552e995346c23c
3dfc4c61e3f4a5d95c359d2914ec2dcf4bfc413116dec9b98bc104ecc9f446bf
GET /v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1677069440866&_since=%221666204638208%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 32643
via: 1.1 google
date: Thu, 23 Feb 2023 15:13:16 GMT
age: 1391
last-modified: Wed, 22 Feb 2023 12:37:20 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
200 OK
5348
URL
HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP
Magic
PEM certificate\012- , ASCII text
Hash
b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: gL9J33stCK00SMViQAn1hUhnMB4A3fMh6INsLDTnuVPr2BuhZgrRKWRtzdzsbQlPN9qg8UAoW1WRW7i2upinpw==
x-amz-request-id: CQ8HXQR2VV3DVH9Q
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 23 Feb 2023 14:49:07 GMT
age: 2840
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
200 OK
939
URL
HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
Magic
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash
7f03faaba3392caae6dae54467bfdf6d
57ea1f14e8bfbcca8190c706d708c9fda12442c1
02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 23 Feb 2023 14:53:56 GMT
content-type: application/json
age: 2551
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK
503
IP
ASN
#20940 Akamai International B.V.
Hash
135606a5e990506b3e92eda82ef79170
a3de3c800534ad64b2e2198941e3911a4e51df8e
558ce08e84a4581859ae4302371540e4240e0b85866e37fb03174786388d5546
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "558CE08E84A4581859AE4302371540E4240E0B85866E37FB03174786388D5546"
Last-Modified: Wed, 22 Feb 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11847
Expires: Thu, 23 Feb 2023 18:53:54 GMT
Date: Thu, 23 Feb 2023 15:36:27 GMT
Connection: keep-alive
firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin
200 OK
807180
URL
HTTP/2
firefox-settings-attachments.cdn.mozilla.net/staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin
IP
Hash
914be443bdfbe8a1c3ded61e1c114bd6
4fe7c5ff83f6a29e6699f4cebc17550891504661
41b036d0c889509d547296b238027a063c313261ad52d5f7bb81922011791857
GET /staging/addons-bloomfilters/8038652a-6557-460a-858c-84f19a5a0987.bin HTTP/1.1
Host: firefox-settings-attachments.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: W0BOTyhr4twUvOZ5PXzJJypgQYWSdxyiNIVbzii2sCr6bqxjFhob0vSInGW+A8Nz6kahQNDtgAM=
x-amz-request-id: 5VNAE12H3Z1T7YB6
x-amz-version-id: K1ODzappZsD35qeu0OM5zvs_BP1eybj7
accept-ranges: bytes
server: AmazonS3
content-length: 807180
via: 1.1 google
date: Thu, 23 Feb 2023 11:49:07 GMT
age: 13640
last-modified: Tue, 10 Jan 2023 12:38:46 GMT
etag: "914be443bdfbe8a1c3ded61e1c114bd6"
content-type: application/octet-stream
cache-control: public,max-age=604800
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/gfx/changeset?_expected=1676781773899&_since=%221643818378440%22
200 OK
5951
URL
HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/gfx/changeset?_expected=1676781773899&_since=%221643818378440%22
IP
Magic
JSON data\012- , ASCII text, with very long lines (5951), with no line terminators
Hash
84c45909a46631dec23c78a3a547ca95
b511f80ad0abe7a6f0ce8988a0b9275573665c9a
ce6af1c28962645f13129411c11c7f156f0cd9e282f5ef0146d5cbd84a4e2b7e
GET /v1/buckets/blocklists/collections/gfx/changeset?_expected=1676781773899&_since=%221643818378440%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 5951
via: 1.1 google
date: Thu, 23 Feb 2023 14:49:03 GMT
age: 2844
last-modified: Sun, 19 Feb 2023 04:42:53 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
200 OK
681
URL
HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
IP
Magic
JSON data\012- , ASCII text, with very long lines (681), with no line terminators
Hash
b3c57c4bb39f0c7541d93ba82a5cd4c9
be92fd1cee01b4a8bb4174b0b11e53be649cd1a3
98e848e13f44cb1595f2f1882c734fd25761a0e8facae4e0c3dcff6f322a4000
GET /v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Content-Type, Last-Modified, Backoff, Alert, Cache-Control, ETag, Expires, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 681
via: 1.1 google
date: Thu, 23 Feb 2023 14:55:08 GMT
age: 2479
last-modified: Wed, 22 Feb 2023 16:36:55 GMT
etag: "1677083815772"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22
200 OK
1718
URL
HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22
IP
Magic
JSON data\012- , ASCII text, with very long lines (1718), with no line terminators
Hash
3cbf51bbaf8bb528a034989257447d86
8dd38651205ecdbf2c5093b3df5de8bd626c9d92
59a47ed5c562bad2d78d22af00951c1fdf4a6eb2066324e966dbe4525e64ec3f
GET /v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1718
via: 1.1 google
date: Thu, 23 Feb 2023 14:42:02 GMT
age: 3265
last-modified: Wed, 22 Feb 2023 16:36:47 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22
200 OK
1250
URL
HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22
IP
Magic
JSON data\012- , ASCII text, with very long lines (1250), with no line terminators
Hash
c9f7f64ea0e8fd2d1098afb18806601b
fac82a10d89a339d7970db44b47633465d7b16f8
e0ed15ed986855d3c7eec307e2333aeea9211c5c3d8849dabaa56395dbaec026
GET /v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1250
via: 1.1 google
date: Thu, 23 Feb 2023 15:02:44 GMT
age: 2023
last-modified: Wed, 22 Feb 2023 16:36:45 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22
200 OK
1743
URL
HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22
IP
Magic
JSON data\012- , ASCII text, with very long lines (1743), with no line terminators
Hash
8d7098a815bd465cf003589b0703c6b0
202cba221e952763f4ccf8e16df65693d9098b44
8cf3d3a8263ffc0df70842cb3968feef260daaa2977cd450819a346d48712114
GET /v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Content-Type, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1743
via: 1.1 google
date: Thu, 23 Feb 2023 14:39:16 GMT
age: 3431
last-modified: Wed, 22 Feb 2023 16:36:45 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1675734066429&_since=%221662044085942%22
200 OK
5628
URL
HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1675734066429&_since=%221662044085942%22
IP
Magic
JSON data\012- , ASCII text, with very long lines (5628), with no line terminators
Hash
c2aaf121f79032d2dbef3b6bbebc5bda
9aea63df55fe7bbf0337658087da5679e68fff39
570d0386b573c64a975e5ce952c25a81ad35b59a114e7d86f9a85d2a0d4c5c62
GET /v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1675734066429&_since=%221662044085942%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 5628
via: 1.1 google
date: Thu, 23 Feb 2023 15:08:52 GMT
age: 1655
last-modified: Wed, 22 Feb 2023 16:36:43 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1677079981951&_since=%221666279968541%22
200 OK
106535
URL
HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1677079981951&_since=%221666279968541%22
IP
Magic
ASCII text, with very long lines (65536), with no line terminators
Hash
44317bc4f401543ba080c8b77e2aff54
ae769488dfa10cd08cf730a63ac64b0a29246a8a
167da22ccd9986da793ecdc27155152f073ca124306a599050be0c55cba79678
GET /v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1677079981951&_since=%221666279968541%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 106535
via: 1.1 google
date: Thu, 23 Feb 2023 15:00:56 GMT
age: 2131
last-modified: Wed, 22 Feb 2023 15:33:02 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1677012027435&_since=%221666483264567%22
200 OK
59855
URL
HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1677012027435&_since=%221666483264567%22
IP
Magic
JSON data\012- , ASCII text, with very long lines (59855), with no line terminators
Hash
bcb198ca74c45fbd1b5861b2a0f9d223
5412c0ce213fac042543ac71439580df1344f9d6
cc36baa1c30fb3d6aa628df0a08dad136d3ddbf90fb7efcd7d814b80fed967d9
GET /v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1677012027435&_since=%221666483264567%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 59855
via: 1.1 google
date: Thu, 23 Feb 2023 15:15:20 GMT
age: 1267
last-modified: Tue, 21 Feb 2023 20:40:27 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22
200 OK
1505
URL
HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22
IP
Magic
JSON data\012- , ASCII text, with very long lines (1505), with no line terminators
Hash
8c387573e466da58de34efecea89a4a1
3bee30f48f21c082dee7ce7b52ebd7b4e30edca8
019686dbf2b110ba2e746777c3539cf842f44eeb333ec45af0f41d785a2c9272
GET /v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1505
via: 1.1 google
date: Thu, 23 Feb 2023 14:40:54 GMT
age: 3334
last-modified: Mon, 20 Feb 2023 16:36:46 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22
200 OK
935
URL
HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22
IP
Magic
JSON data\012- , ASCII text, with very long lines (935), with no line terminators
Hash
6c796237d371d417e638a02a0cd932e7
6d289d3a27964ab953e0dd0d0d771ce754bc8851
b8d634496126a0452c5b9443293308160c29efffa1462027e0161876494982e8
GET /v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 935
via: 1.1 google
date: Thu, 23 Feb 2023 14:43:21 GMT
age: 3187
last-modified: Mon, 20 Feb 2023 16:36:44 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1675353179510&_since=%221661199949574%22
200 OK
22469
199.102.48.6
104.18.23.52
23.36.76.249
93.184.220.29![URL jiuvdsjk623ocxve.buzz/favicon.png](/search?q=http.url.addr:"jiuvdsjk623ocxve.buzz%2ffavicon.png"){kind=link}