Report - loading-the-framework-52158.web.app/url%20=%20https:/actonpropertygroup.com/

Report Overview

URL

loading-the-framework-52158.web.app/url%20=%20https:/actonpropertygroup.com/
IP

199.36.158.100

ASN

#54113 FASTLY
Submitted

2023-04-04T23:29:54Z

Access

public
Tags

suspicious
urlquery detections

Suspicious - Suspicious JS code

Detections

urlquery

3
Network Intrusion Detection

0
Threat Detection Systems

0

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
loading-the-framework-52158.web.app (2)	unknown			912	1135	199.36.158.100
img-getpocket.cdn.mozilla.net (6)	1631	2018-06-22T01:36:00Z	2023-04-04T13:13:40Z	3246	48165	34.120.237.76
actonpropertygroup.com (3)	unknown	2015-10-11T22:41:35Z	2023-04-04T23:18:10Z	1266	124576	139.99.166.240
unpkg.com (1)	11693	2016-01-08T00:26:01Z	2023-04-03T22:02:52Z	401	128146	104.16.124.175
r3.o.lencr.org (7)	344	2020-12-02T09:52:13Z	2023-04-04T18:12:09Z	2366	6205	95.101.11.115
firefox.settings.services.mozilla.com (2)	867	2020-06-04T22:08:41Z	2023-04-04T18:13:55Z	782	2371	35.241.9.150
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03T13:26:46Z	2023-04-04T18:20:05Z	413	5882	34.160.144.191
contile.services.mozilla.com (1)	1114	2021-05-27T20:32:35Z	2023-04-04T18:13:50Z	333	391	34.117.237.239
ocsp.pki.goog (1)	175	2018-07-01T08:43:07Z	2023-04-04T18:12:04Z	360	711	142.250.74.35
push.services.mozilla.com (1)	2140	2014-10-24T10:27:06Z	2023-04-04T18:19:16Z	606	127	52.88.60.132
ocsp.sectigo.com (1)	487	2019-11-29T12:50:24Z	2023-04-04T23:41:09Z	340	964	172.64.155.188
dyshekteorllatit.com (6)	unknown	2023-03-23T22:41:11Z	2023-03-23T22:41:11Z	3123	1315	104.219.248.94

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (1)

HTTP Transactions (32)

URL IP Response Size

loading-the-framework-52158.web.app/url%20=%20https:/actonpropertygroup.com/

199.36.158.100

301 Moved Permanently

URL HTTP/1.1

loading-the-framework-52158.web.app/url%20=%20https:/actonpropertygroup.com/
IP

199.36.158.100:0
ASN

#54113 FASTLY

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /url%20=%20https:/actonpropertygroup.com/ HTTP/1.1
Host: loading-the-framework-52158.web.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Server: Varnish
Retry-After: 0
Location: https://loading-the-framework-52158.web.app/url%20=%20https:/actonpropertygroup.com/
Accept-Ranges: bytes
Date: Tue, 04 Apr 2023 23:29:43 GMT
X-Served-By: cache-bma1677-BMA
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1680650984.942162,VS0,VE0
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

r3.o.lencr.org/

95.101.11.115

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

95.101.11.115:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

1965860f5630f7dda817a236cb72ea24

beec8147d48911a007287014564ce544d296a5fd

00b4aafe530f6ceb3d6d4de42fffdaee0cb4e0a60834c85b1d21e42e5db2ef91

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "00B4AAFE530F6CEB3D6D4DE42FFFDAEE0CB4E0A60834C85B1D21E42E5DB2EF91"
Last-Modified: Mon, 03 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11133
Expires: Wed, 05 Apr 2023 02:35:17 GMT
Date: Tue, 04 Apr 2023 23:29:44 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

95.101.11.115:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

e50dac5108a698d61ca49516033d1a20

53d243b89fc00deb9bfae07351bbe36ddb7c1df3

e9e0ad98c485b56fe65ea0a8bc4974fff3f804fcf2d8f6266ada9acd27c7b7cc

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E9E0AD98C485B56FE65EA0A8BC4974FFF3F804FCF2D8F6266ADA9ACD27C7B7CC"
Last-Modified: Tue, 04 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10358
Expires: Wed, 05 Apr 2023 02:22:22 GMT
Date: Tue, 04 Apr 2023 23:29:44 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

7f03faaba3392caae6dae54467bfdf6d

57ea1f14e8bfbcca8190c706d708c9fda12442c1

02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Content-Length, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 04 Apr 2023 23:28:46 GMT
content-type: application/json
age: 58
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

95.101.11.115:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

903ed2d58f1f33d069b70c4b53f1cb1f

0ef89cd6eb79a2ddd74434f9233cf486fffc1142

d8c984b50f04fcdb1ebc99d982502d85193302c85239ee7497666247edfc0061

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8C984B50F04FCDB1EBC99D982502D85193302C85239EE7497666247EDFC0061"
Last-Modified: Sun, 02 Apr 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19350
Expires: Wed, 05 Apr 2023 04:52:14 GMT
Date: Tue, 04 Apr 2023 23:29:44 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

95f61d351f5fc9533cc78e255ce9bc06

fba284117f347782ac23c51d141d7e3ec15a867e

7fcc5f9e52e389d8d7c6df7f1f2a1291ae0aaae8e554f3022239ab092b2ef3c3

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: 6v/PK9RVhqay4DvhvUMpoA/WmoIDxHQbDBNSh6Vs/JR140PwkGWsV2ePG4/3iiTFDdwTl7gZ+YE=
x-amz-request-id: J7GFKXPACM01ZJX2
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 04 Apr 2023 22:53:19 GMT
age: 2185
last-modified: Fri, 31 Mar 2023 17:04:39 GMT
etag: "95f61d351f5fc9533cc78e255ce9bc06"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

loading-the-framework-52158.web.app/url%20=%20https:/actonpropertygroup.com/

199.36.158.100

200 OK

URL HTTP/2

loading-the-framework-52158.web.app/url%20=%20https:/actonpropertygroup.com/
IP

199.36.158.100:0
ASN

#54113 FASTLY

Magic

HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators

Size

84
Hash

9a83cafa2b46b80db2454caaa318891d

bb00d10ce06cfae70ab7512974fe954f5fbb7e89

0e1b9c80e8dd2a68672a2ed462d74941ec9f0b88d98969ecd51da8472eaff97d

HTTP Headers

                                        GET /url%20=%20https:/actonpropertygroup.com/ HTTP/1.1
Host: loading-the-framework-52158.web.app
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                        HTTP/2 200 OK
cache-control: max-age=3600
content-encoding: br
content-type: text/html; charset=utf-8
etag: "86ededb31368ef6696826cf1b361de446764ba9d76683f606059288cfa2c7cfe-br"
last-modified: Tue, 04 Apr 2023 19:53:55 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
accept-ranges: bytes
date: Tue, 04 Apr 2023 23:29:44 GMT
x-served-by: cache-bma1658-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1680650984.164314,VS0,VE97
vary: x-fh-requested-host, accept-encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 84
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Tue, 04 Apr 2023 23:29:44 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1d4int/t-n5gwylMXE

142.250.74.35

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/s/gts1d4int/t-n5gwylMXE
IP

142.250.74.35:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

5638e42c3aa6c9dfe8e9838adaed0aeb

08d12bc56fb2710b52f3138b65662d60909f0b91

24f39a1b9d1c41432051986dbb9c2cf09db2dca6431ec9c9800aa220578bc072

HTTP Headers

                                        POST /s/gts1d4int/t-n5gwylMXE HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:29:44 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, ETag, Cache-Control, Expires, Backoff, Last-Modified, Pragma, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 04 Apr 2023 23:17:29 GMT
age: 735
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

95.101.11.115:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

2820ca2dae3aed6a76736f236502749b

d2e4995fdd0fbb64d9051f50be93023a752ef449

0ac73659b8f464575a3596da96a94fc6dbc26a4d5a90bec1331a5df5ad796006

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0AC73659B8F464575A3596DA96A94FC6DBC26A4D5A90BEC1331A5DF5AD796006"
Last-Modified: Mon, 03 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9259
Expires: Wed, 05 Apr 2023 02:04:03 GMT
Date: Tue, 04 Apr 2023 23:29:44 GMT
Connection: keep-alive

push.services.mozilla.com/

52.88.60.132

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

52.88.60.132:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: /p6HZol/xEvtCb+Ggt8prA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: hPBtauSQ5H/JjZuOFtHrWeJPxzU=

r3.o.lencr.org/

95.101.11.115

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

95.101.11.115:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

f06399875b2b1c6a0afe8a1d791f5a4a

f2ce36c5d6599e57e4df8f08a030e8cb00ebe830

2eef24cc1ae135e7e1687c3e56cd7be21530e2aa7612e686a829d2c204ab532e

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2EEF24CC1AE135E7E1687C3E56CD7BE21530E2AA7612E686A829D2C204AB532E"
Last-Modified: Mon, 03 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6085
Expires: Wed, 05 Apr 2023 01:11:11 GMT
Date: Tue, 04 Apr 2023 23:29:46 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

95.101.11.115:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

f06399875b2b1c6a0afe8a1d791f5a4a

f2ce36c5d6599e57e4df8f08a030e8cb00ebe830

2eef24cc1ae135e7e1687c3e56cd7be21530e2aa7612e686a829d2c204ab532e

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2EEF24CC1AE135E7E1687C3E56CD7BE21530E2AA7612E686A829D2C204AB532E"
Last-Modified: Mon, 03 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6085
Expires: Wed, 05 Apr 2023 01:11:11 GMT
Date: Tue, 04 Apr 2023 23:29:46 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

95.101.11.115:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

f06399875b2b1c6a0afe8a1d791f5a4a

f2ce36c5d6599e57e4df8f08a030e8cb00ebe830

2eef24cc1ae135e7e1687c3e56cd7be21530e2aa7612e686a829d2c204ab532e

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2EEF24CC1AE135E7E1687C3E56CD7BE21530E2AA7612E686A829D2C204AB532E"
Last-Modified: Mon, 03 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6085
Expires: Wed, 05 Apr 2023 01:11:11 GMT
Date: Tue, 04 Apr 2023 23:29:46 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59d6989a-36a1-4ed7-9694-00dfbfc9b386.jpeg

34.120.237.76

200 OK

4774

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59d6989a-36a1-4ed7-9694-00dfbfc9b386.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

4774
Hash

6d504943bc15b039b6813b2d1a8a8783

865a647f277bf9234adce200cb6c3e0735f2c9e7

5906ddbaf547fcc998dc1121a1e345b34f575ffe867e32453121354f91df7d53

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59d6989a-36a1-4ed7-9694-00dfbfc9b386.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 4774
x-amzn-requestid: fa477761-b787-44f1-916d-c3c645324c85
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CvNnlG0ioAMF2Ew=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64292963-687098861c456f89593e2ff7;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Sun, 02 Apr 2023 07:06:11 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: v7SlWpId5gDQNec9lHlCcirQOQS0gyyVbhimXiirEbHVwCXQk83oyA==
via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 536063cb28bfc05fcb7a78183dd89b72.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 13:25:41 GMT
etag: "865a647f277bf9234adce200cb6c3e0735f2c9e7"
content-type: image/jpeg
age: 36245
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3500

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77527c77-7214-4edc-ac50-c610366aefd6.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

3500
Hash

0c14dd9bfa7f1f37c711973900dbb5af

c8dea8f9cafcf7d108c93156f40537e78f7da88f

b99050909eb528f9c22201ed2f0f185edbb1f0b1e16631ef21dca72433e1e05d

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77527c77-7214-4edc-ac50-c610366aefd6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 3500
x-amzn-requestid: 5626e00a-90a4-42c5-bcbd-1ec24decfa47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C3yqqG0_oAMFTcQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642c97dd-16eb602d2ac30b2521cc8165;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Tue, 04 Apr 2023 21:34:21 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: z3N_E-I5Av2Q7QhEUu5UNeFCxrzUIzu6eWwKQRu03HFutBSwr-xUYQ==
via: 1.1 773bf3616e85ce2b187fa78710a6beb2.cloudfront.net (CloudFront), 1.1 a9e73292d0b92053c3e38dcec15fd0e2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 21:39:50 GMT
age: 6596
etag: "c8dea8f9cafcf7d108c93156f40537e78f7da88f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9749

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0ce9423-d786-4295-8902-98540e77018c.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

9749
Hash

b4a430149d3ba353b328b8579050c540

07b8cc3c5a10e784d5555a3e0a973855d2351a1f

e68870543dbb89ce7c975267a940ed9c10becfd60553a68b422dff747d0b2067

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0ce9423-d786-4295-8902-98540e77018c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 9749
x-amzn-requestid: c4d91143-7ce5-482b-8715-7005e41b28e7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cyg9iFjDIAMF1RA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642a7b89-4bd1769c16248aa923e28b89;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Mon, 03 Apr 2023 07:08:57 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 5HfYy3We_OXuDolak2y1aAeeVoW9_bcEYNe2sKhU-yf0d6yGsMiQ2A==
via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 a3b5bb90516201e5ddd137696b7b0f50.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 08:05:36 GMT
age: 55450
etag: "07b8cc3c5a10e784d5555a3e0a973855d2351a1f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12649

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73999c40-7b3d-4374-b77c-c7085176f842.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

12649
Hash

07170d7044036eff2cb56f60cb46d2b9

f5f7e97f471fac1921d6af5bc85f23f5ea8cdf0e

074e4f53d398c0ff61c5cffbd88e32bfc9815a8f3a7ab5f53778cebe3569bb27

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73999c40-7b3d-4374-b77c-c7085176f842.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 12649
x-amzn-requestid: 149b7d03-ae5d-4f91-a6fa-f839f8a701f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C1mAwFGwoAMFUnA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642bb6d1-14711b672341802f5925b9eb;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Tue, 04 Apr 2023 05:34:09 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: zSD6vgZStAqHgWjk-QQEnVOSqutUjLmILTnmfDE0Ht2OrjdfMm2nVA==
via: 1.1 b3cdce1c2fc39b89f45c98c417351f26.cloudfront.net (CloudFront), 1.1 5292c0d5844327feadb38f1efe42ebc6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 11:21:57 GMT
age: 43669
etag: "f5f7e97f471fac1921d6af5bc85f23f5ea8cdf0e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6606

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79da5da9-3d26-4695-ae7f-58d008a2530b.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

6606
Hash

20ff30ea98e9f9086ee28d4ac369e938

40aee6f21d4958a8e36bb9e9359a1784bb4e059d

1fa8c56d96a34e8971f580a83ef30b460b622d43ed7486ccb2c317366cb2179c

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79da5da9-3d26-4695-ae7f-58d008a2530b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 6606
x-amzn-requestid: 2e52472d-4c31-46af-b2e7-4ffc169c2222
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C34yhEGhIAMF1sA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642ca1a9-4f0faa13315fe1e76cbb09a3;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Tue, 04 Apr 2023 22:16:09 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: -3eyeauXxMTnrWCD5BX_WX2pakIj6fexjGzeXiTotEkJi7tkQBFFjA==
via: 1.1 b6cdb2111444305bd4957a473b711ad6.cloudfront.net (CloudFront), 1.1 a9e73292d0b92053c3e38dcec15fd0e2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 22:49:16 GMT
age: 2430
etag: "40aee6f21d4958a8e36bb9e9359a1784bb4e059d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4424

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06d31622-0a13-44c5-af26-f54d7858062c.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

4424
Hash

a1f459480dc0b55ae4825d3a1c329c65

993e5077165cf389c986c7c73d39384bf21b24ec

360931163e5d707215d9a273661d364e6ae6a71b1821cb39a2e52619812312ed

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06d31622-0a13-44c5-af26-f54d7858062c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 4424
x-amzn-requestid: cfcba3e0-1e91-44de-883d-b059229834ee
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cyg_1H2roAMFU7A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642a7b98-022b97ae47933289670cd3ad;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Mon, 03 Apr 2023 07:09:12 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: Ada8Njbblc2wwzi4MwWRPIGQTRIBDuH27tw_SdQUoCggrebO58j11Q==
via: 1.1 02f1a759e4ec9fab6fc17c080dd851dc.cloudfront.net (CloudFront), 1.1 ae06b19943a6bad1c1b12b79f7339498.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 07:23:35 GMT
age: 57971
etag: "993e5077165cf389c986c7c73d39384bf21b24ec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

actonpropertygroup.com/

139.99.166.240

200 OK

437

URL HTTP/2

actonpropertygroup.com/
IP

139.99.166.240:0
ASN

#16276 OVH SAS

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1124), with no line terminators

Size

437
Hash

7986bba572d6662c8074bd4101b9b457

5e9dee3bc367fcf7ba0cbce0aadbe8b2d369aa0f

a99b92fb3319dddca3ae7165b0a2229704005338f8466f999cebd3a97c25341e

HTTP Headers

                                        GET / HTTP/1.1
Host: actonpropertygroup.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: text/html
last-modified: Sun, 02 Apr 2023 20:21:08 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 437
date: Tue, 04 Apr 2023 23:29:48 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

actonpropertygroup.com/static/js/main.2fde9851.js

139.99.166.240

200 OK

118573

URL HTTP/2

actonpropertygroup.com/static/js/main.2fde9851.js
IP

139.99.166.240:0
ASN

#16276 OVH SAS

Magic

ASCII text, with very long lines (65465)

Size

118573
Hash

9cd78714ea11750f2b4e5b25f75bc190

7b12d746545fa217c7cd2d86ceed4f54089b001f

427b9d75e6f3295c43c1b710f835533b0918402f80a4dddf43192ec0b3453383

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Suspicious JS code

HTTP Headers

                                        GET /static/js/main.2fde9851.js HTTP/1.1
Host: actonpropertygroup.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://actonpropertygroup.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 11 Apr 2023 23:29:49 GMT
content-type: application/javascript
last-modified: Sun, 02 Apr 2023 20:21:08 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 118573
date: Tue, 04 Apr 2023 23:29:49 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

actonpropertygroup.com/static/css/main.c6152b6c.css

139.99.166.240

200 OK

4425

URL HTTP/2

actonpropertygroup.com/static/css/main.c6152b6c.css
IP

139.99.166.240:0
ASN

#16276 OVH SAS

Magic

ASCII text, with very long lines (22914)

Size

4425
Hash

46457ac14877a959803295627ce5567d

9171fd7bdac2af71060dcf2de4b8c29f00c55c06

deca7908c06037bbc3d0a8dae1c86ce6124f03d9eec4838d30c3aeb0fc842547

HTTP Headers

                                        GET /static/css/main.c6152b6c.css HTTP/1.1
Host: actonpropertygroup.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://actonpropertygroup.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Tue, 11 Apr 2023 23:29:49 GMT
content-type: text/css
last-modified: Sun, 02 Apr 2023 20:21:08 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4425
date: Tue, 04 Apr 2023 23:29:49 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

unpkg.com/boxicons@2.1.4/css/boxicons.min.css

104.16.124.175

200 OK

127568

URL HTTP/2

unpkg.com/boxicons@2.1.4/css/boxicons.min.css
IP

104.16.124.175:0
ASN

#13335 CLOUDFLARENET

Magic

ASCII text, with very long lines (65536), with no line terminators

Size

127568
Hash

6c8da068121d1b731c4e9de34d915a15

44a88994ebb2c023c0cd5c1a0d632c53298a150f

4cacb24d76630cf0887d2631819005052ca17a0e6ab71a1718e54f3f564d7593

HTTP Headers

                                        GET /boxicons@2.1.4/css/boxicons.min.css HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://actonpropertygroup.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
date: Tue, 04 Apr 2023 23:29:49 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"109bc-IH/O3L/2oFuyFxGxc9h5/AQWzS0"
via: 1.1 fly.io
fly-request-id: 01GDB5C4C4EMMKVHV82231PTP9-ams
cf-cache-status: HIT
age: 17050157
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7b2d55e9ba02b50f-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

472

URL HTTP/1.1

ocsp.sectigo.com/
IP

172.64.155.188:0
ASN

#13335 CLOUDFLARENET

Magic

data

Size

472
Hash

e4e630409c40d98ae3b886bfcd3407c2

7f2aac791a358b953c57abd43c88c53a76cc055c

2a0e229a690d0b5a4a33a02bd3736ecbbfda4f48abcdaf6113148a20f938d14f

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Tue, 04 Apr 2023 23:29:50 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 04 Apr 2023 10:43:34 GMT
Expires: Tue, 11 Apr 2023 10:43:33 GMT
Etag: "7f2aac791a358b953c57abd43c88c53a76cc055c"
Cache-Control: max-age=558222,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7b2d55f51a19b51b-OSL

dyshekteorllatit.com/socket.io/?EIO=4&transport=polling&t=OTEclEJ

104.219.248.94

200 OK

118

URL HTTP/2

dyshekteorllatit.com/socket.io/?EIO=4&transport=polling&t=OTEclEJ
IP

104.219.248.94:0
ASN

#22612 NAMECHEAP-NET

Magic

ASCII text, with no line terminators

Size

118
Hash

b47b0b38032b6d0d993f452fd00f25d1

04f24645c6f318011d76c7dc91af4b488f33a981

bdc38e356ac3a1086f680cece5a9ec30df0ea0cdcfba1af6a5b2839cd4bcb369

HTTP Headers

                                        GET /socket.io/?EIO=4&transport=polling&t=OTEclEJ HTTP/1.1
Host: dyshekteorllatit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://actonpropertygroup.com
Connection: keep-alive
Referer: https://actonpropertygroup.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
content-type: text/plain; charset=UTF-8
content-length: 118
date: Tue, 04 Apr 2023 23:29:51 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

dyshekteorllatit.com/socket.io/?EIO=4&transport=polling&t=OTEclOF&sid=w8Xtga3rf8aA9ZtaAAAK

104.219.248.94

200 OK

URL HTTP/2

dyshekteorllatit.com/socket.io/?EIO=4&transport=polling&t=OTEclOF&sid=w8Xtga3rf8aA9ZtaAAAK
IP

104.219.248.94:0
ASN

#22612 NAMECHEAP-NET

Magic

ASCII text, with no line terminators

Size

2
Hash

444bcb3a3fcf8389296c49467f27e1d6

7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb

2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

HTTP Headers

                                        POST /socket.io/?EIO=4&transport=polling&t=OTEclOF&sid=w8Xtga3rf8aA9ZtaAAAK HTTP/1.1
Host: dyshekteorllatit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain;charset=UTF-8
Content-Length: 2
Origin: https://actonpropertygroup.com
Connection: keep-alive
Referer: https://actonpropertygroup.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
access-control-allow-origin: *
content-type: text/html
content-length: 2
date: Tue, 04 Apr 2023 23:29:51 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

dyshekteorllatit.com/socket.io/?EIO=4&transport=polling&t=OTEclOH&sid=w8Xtga3rf8aA9ZtaAAAK

104.219.248.94

200 OK

URL HTTP/2

dyshekteorllatit.com/socket.io/?EIO=4&transport=polling&t=OTEclOH&sid=w8Xtga3rf8aA9ZtaAAAK
IP

104.219.248.94:0
ASN

#22612 NAMECHEAP-NET

Magic

ASCII text, with no line terminators

Size

32
Hash

77002a2efbf9c0a882b1c82c5c7c051f

2e1b53773559ff40cd0aeac6ce9c8280f55be2a6

99d51fbb653891a4d7a91263d3bd0a7827f820feb8aaf11fd6a19e75b5b74b9a

HTTP Headers

                                        GET /socket.io/?EIO=4&transport=polling&t=OTEclOH&sid=w8Xtga3rf8aA9ZtaAAAK HTTP/1.1
Host: dyshekteorllatit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://actonpropertygroup.com
Connection: keep-alive
Referer: https://actonpropertygroup.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
access-control-allow-origin: *
content-type: text/plain; charset=UTF-8
content-length: 32
date: Tue, 04 Apr 2023 23:29:51 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

dyshekteorllatit.com/socket.io/?EIO=4&transport=websocket&sid=w8Xtga3rf8aA9ZtaAAAK

104.219.248.94

200 OK

URL HTTP/2

dyshekteorllatit.com/socket.io/?EIO=4&transport=websocket&sid=w8Xtga3rf8aA9ZtaAAAK
IP

104.219.248.94:0
ASN

#22612 NAMECHEAP-NET

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /socket.io/?EIO=4&transport=websocket&sid=w8Xtga3rf8aA9ZtaAAAK HTTP/1.1
Host: dyshekteorllatit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://actonpropertygroup.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +9cuXn9lBvpPOdw2VqrQlw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
TE: trailers

                                        HTTP/2 200 OK
sec-websocket-accept: lq83P8CUXfGtIigU5P0uaGbxMl8=
access-control-allow-origin: *
X-Firefox-Spdy: h2

dyshekteorllatit.com/socket.io/?EIO=4&transport=polling&t=OTEclRA&sid=w8Xtga3rf8aA9ZtaAAAK

104.219.248.94

200 OK

URL HTTP/2

dyshekteorllatit.com/socket.io/?EIO=4&transport=polling&t=OTEclRA&sid=w8Xtga3rf8aA9ZtaAAAK
IP

104.219.248.94:0
ASN

#22612 NAMECHEAP-NET

Magic

ASCII text, with no line terminators

Size

2
Hash

444bcb3a3fcf8389296c49467f27e1d6

7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb

2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

HTTP Headers

                                        POST /socket.io/?EIO=4&transport=polling&t=OTEclRA&sid=w8Xtga3rf8aA9ZtaAAAK HTTP/1.1
Host: dyshekteorllatit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain;charset=UTF-8
Content-Length: 71
Origin: https://actonpropertygroup.com
Connection: keep-alive
Referer: https://actonpropertygroup.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
access-control-allow-origin: *
content-type: text/html
content-length: 2
date: Tue, 04 Apr 2023 23:29:51 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

dyshekteorllatit.com/socket.io/?EIO=4&transport=polling&t=OTEclR9&sid=w8Xtga3rf8aA9ZtaAAAK

104.219.248.94

200 OK

URL HTTP/2

dyshekteorllatit.com/socket.io/?EIO=4&transport=polling&t=OTEclR9&sid=w8Xtga3rf8aA9ZtaAAAK
IP

104.219.248.94:0
ASN

#22612 NAMECHEAP-NET

Magic

very short file (no magic)

Size

1
Hash

1679091c5a880faf6fb5e6087eb1b2dc

c1dfd96eea8cc2b62785275bca38ac261256e278

e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683

HTTP Headers

                                        GET /socket.io/?EIO=4&transport=polling&t=OTEclR9&sid=w8Xtga3rf8aA9ZtaAAAK HTTP/1.1
Host: dyshekteorllatit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://actonpropertygroup.com
Connection: keep-alive
Referer: https://actonpropertygroup.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                        HTTP/2 200 OK
access-control-allow-origin: *
content-type: text/plain; charset=UTF-8
content-length: 1
date: Tue, 04 Apr 2023 23:29:51 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

#1 JS:Script (size: 409798)

HTTP Transactions (32)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size