Report - freeflywindstation.com/unicredit/carta

Report Overview

Submitted URL
freeflywindstation.com/unicredit/carta
IP
108.167.143.215
ASN
#46606 UNIFIEDLAYER-AS-1
Submitted
2022-09-01 06:17:33
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
20

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-07T05:09:07Z	594 B	127 B	35.162.35.244
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-07T05:09:06Z	758 B	2.7 kB	143.204.55.27
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-07T05:09:06Z	321 B	229 B	34.117.237.239
freeflywindstation.com	unknown	2015-07-11T17:27:02Z	2023-01-28T20:03:52Z	7.0 kB	800 kB	108.167.143.215
code.jquery.com	634	2012-05-21T19:28:02Z	2023-03-07T05:10:14Z	364 B	30 kB	69.16.175.42
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-07T09:34:07Z	329 B	796 B	93.184.220.29
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-07T05:09:22Z	3.2 kB	68 kB	34.120.237.76
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-07T05:09:07Z	978 B	2.7 kB	23.36.76.226
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-07T05:09:06Z	401 B	5.8 kB	143.204.55.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-08-31	medium	freeflywindstation.com/unicredit/carta	UniCredit Bank

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-01	medium	freeflywindstation.com/unicredit/carta	Phishing
2022-09-01	medium	freeflywindstation.com/unicredit/carta/	Phishing
2022-09-01	medium	freeflywindstation.com/unicredit/carta/assets/fonts/UniCredit-Regular.otf	Phishing
2022-09-01	medium	freeflywindstation.com/unicredit/carta/assets/fonts/UniCredit-Bold.otf	Phishing
2022-09-01	medium	freeflywindstation.com/unicredit/carta/assets/fonts/roboto-regular.woff2	Phishing
2022-09-01	medium	freeflywindstation.com/unicredit/carta/assets/fonts/UniCredit-Medium.otf	Phishing
2022-09-01	medium	freeflywindstation.com/unicredit/carta/assets/fonts/UniCredit-Light.otf	Phishing
2022-09-01	medium	freeflywindstation.com/unicredit/carta/assets/fonts/roboto-regular.woff	Phishing
2022-09-01	medium	freeflywindstation.com/unicredit/carta/assets/fonts/roboto-regular.ttf	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	code.jquery.com/jquery-2.2.4.min.js	86 kB	2023-03-07	2024-04-19
Pretty URL code.jquery.com/jquery-2.2.4.min.js IP 69.16.175.42 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-19 23:48:31 Times Seen380304 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	freeflywindstation.com/unicredit/carta/	96 B	2023-03-07	2024-02-07
Pretty URL freeflywindstation.com/unicredit/carta/ IP 108.167.143.215 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:40:04 Last Seen2024-02-07 04:06:11 Times Seen42 Hash 78c4753b6ccc862f637f2e5b0aee4213 60b1a9f8005aa0351e407429951b5c591660a2ea 555924add900e0cb9ec966e76118018d41f05b4c065e5e8d6134d5b9d28aeb5e Loading...

HTTP Transactions (33)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
517693963cc46e7a35a054296d0edfd5
11dfcd7e118e5f8d31e664e56ac29c57f973b8b3
ece269e8b9be8a5839d75c1343823d68b96930c593c2e3e8d522999176ee3149

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ECE269E8B9BE8A5839D75C1343823D68B96930C593C2E3E8D522999176EE3149"
Last-Modified: Mon, 29 Aug 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11001
Expires: Thu, 01 Sep 2022 09:20:43 GMT
Date: Thu, 01 Sep 2022 06:17:22 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.27

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 01 Sep 2022 05:41:11 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: yJn5cs5ozhKiU99KHKHwFFekFHwJXaWaW_DmEpRpGVixMtU8X7-tgg==
Age: 2171

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.35

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
date: Thu, 01 Sep 2022 01:15:17 GMT
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
etag: "742edb4038f38bc533514982f3d2e861"
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 81Hrmw4SCrlhUt5OJkPp-b4RwLo70tnsPyTQuXUTRM25IDCdPXinaQ==
age: 18126
X-Firefox-Spdy: h2

freeflywindstation.com/unicredit/carta

108.167.143.215

301 Moved Permanently

254 B

URL HTTP/1.1
freeflywindstation.com/unicredit/carta
IP
108.167.143.215:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
254 B (254 bytes)
Hash
3bb5ec5d9b8f32057384da93d277c5f0
4938a935c27d1e136271837674720cc87f66d1ac
0479efe1b7437aec59154eef7d252a30bb7fbfa964f6b6f37e862b962c8b827a

Detections

Analyzer	Verdict	Alert
openphish	UniCredit Bank
fortinet	Phishing

HTTP Headers

GET /unicredit/carta HTTP/1.1
Host: freeflywindstation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Thu, 01 Sep 2022 06:17:22 GMT
Server: Apache
Location: http://freeflywindstation.com/unicredit/carta/
Content-Length: 254
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 01 Sep 2022 06:17:22 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

freeflywindstation.com/unicredit/carta/

108.167.143.215

200 OK

4.0 kB

URL HTTP/1.1
freeflywindstation.com/unicredit/carta/
IP
108.167.143.215:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1058), with CRLF line terminators
Size
4.0 kB (4041 bytes)
Hash
1a373b7629cf6d7ca938c9cb111b5c26
e7368d95eb55f1eb22488ef816deb4deb674d421
56819e64d070b10368d3af9906f14d438ec767e4a008489703e50e4f23f7dde1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /unicredit/carta/ HTTP/1.1
Host: freeflywindstation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Thu, 01 Sep 2022 06:17:22 GMT
Server: Apache
Set-Cookie: COOKIE_KEY=166201304249; expires=Sun, 29-Aug-2032 06:17:22 GMT; Max-Age=315360000
COOKIE_KEY=166201304229; expires=Sun, 29-Aug-2032 06:17:22 GMT; Max-Age=315360000
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 0
X-nginx-cache: WordPress
Content-Length: 4041
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

code.jquery.com/jquery-2.2.4.min.js

69.16.175.42

200 OK

30 kB

URL HTTP/2
code.jquery.com/jquery-2.2.4.min.js
IP
69.16.175.42:0
ASN
#20446 STACKPATH-CDN

File type
ASCII text, with very long lines (32065)
Size
30 kB (29811 bytes)
Hash
82885772205f23cd59e25a221521b059
96ed36f45544295f28df1ab251e7e38faceeff0e
8e85465daae15b31a1837a4112cf920c1eeec7a5c189595651b3a53cb9b97215

HTTP Headers

GET /jquery-2.2.4.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://freeflywindstation.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 01 Sep 2022 06:17:22 GMT
content-encoding: gzip
content-length: 29811
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-14e4a"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1662013042.dop226.sk1.t,1662013042.cds231.sk1.hn,1662013042.cds214.sk1.c
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.27

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.27:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Cache-Control, Pragma, Backoff, Last-Modified, ETag, Expires, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Thu, 01 Sep 2022 05:57:05 GMT
Expires: Thu, 01 Sep 2022 06:56:45 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 7i3Nw-OTFnYf_28-0WyKCzvz0Az7NH15HbwWJkkjlJBUwjIK3RV6KA==
Age: 1218

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
83be4ca2ebb87af44323dd073807bc9e
3ef0ca2b0c351c7d1eb1b7f4daeba6453a632fc6
1ba9c4dbdbd577bf443bc6499ab1edb2e0ea3b382f529fdc2d98021276a3158b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2519
Cache-Control: max-age=95483
Content-Type: application/ocsp-response
Date: Thu, 01 Sep 2022 06:17:23 GMT
Etag: "630f1697-1d7"
Expires: Fri, 02 Sep 2022 08:48:46 GMT
Last-Modified: Wed, 31 Aug 2022 08:06:47 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

35.162.35.244

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.162.35.244:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: jp6d3+bwGdtd7wjlq6quyA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 5x8dWvOAwKNkGIVxkwoRM1DOXm8=

freeflywindstation.com/unicredit/carta/assets/main.4c1b8b4624.css

108.167.143.215

200 OK

467 kB

URL HTTP/1.1
freeflywindstation.com/unicredit/carta/assets/main.4c1b8b4624.css
IP
108.167.143.215:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
ASCII text, with very long lines (65536), with no line terminators
Size
467 kB (466866 bytes)
Hash
6a0f1ebcc7ae8d0d9ecb635fbbe68d65
74b6a40134f1cd63607dcfb090675c6a9481bf1e
98802cfc3623796dcb74be0f1aab505e95aefbd5bdcc471d084da36de80dd219

HTTP Headers

GET /unicredit/carta/assets/main.4c1b8b4624.css HTTP/1.1
Host: freeflywindstation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://freeflywindstation.com/unicredit/carta/
Cookie: COOKIE_KEY=166201304229

HTTP/1.1 200 OK
Date: Thu, 01 Sep 2022 06:17:23 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 09 Nov 2020 15:05:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 0
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=75
Transfer-Encoding: chunked
Content-Type: text/css

freeflywindstation.com/unicredit/carta/assets/icon/orientation.png

108.167.143.215

200 OK

8.9 kB

URL HTTP/1.1
freeflywindstation.com/unicredit/carta/assets/icon/orientation.png
IP
108.167.143.215:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 302 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
8.9 kB (8882 bytes)
Hash
2073cded710eb1ff89baf36eac4cbc59
9a4a5185ae47a7630f3dfccdb234e924f044fc19
034e29c302d5a67bb29f401a4b26ece4d920b0891e88337a37919dbd74abbf84

HTTP Headers

GET /unicredit/carta/assets/icon/orientation.png HTTP/1.1
Host: freeflywindstation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://freeflywindstation.com/unicredit/carta/
Cookie: COOKIE_KEY=166201304229

HTTP/1.1 200 OK
Date: Thu, 01 Sep 2022 06:17:24 GMT
Server: Apache
Last-Modified: Mon, 09 Nov 2020 15:05:38 GMT
Accept-Ranges: bytes
Content-Length: 8882
X-Endurance-Cache-Level: 0
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/png

freeflywindstation.com/unicredit/carta/assets/icon/login/msite/locator.png

108.167.143.215

200 OK

2.3 kB

URL HTTP/1.1
freeflywindstation.com/unicredit/carta/assets/icon/login/msite/locator.png
IP
108.167.143.215:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced\012- data
Size
2.3 kB (2325 bytes)
Hash
50c7809e2e4c323f6a92f5522f9f3348
5b0160b5f22afc8b9d82122793e880f70becd59e
6953f2685dc754d4e2489826d52fbf36a5c8d0aa18fb8c23be70dc2ba5e71402

HTTP Headers

GET /unicredit/carta/assets/icon/login/msite/locator.png HTTP/1.1
Host: freeflywindstation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://freeflywindstation.com/unicredit/carta/
Cookie: COOKIE_KEY=166201304229

HTTP/1.1 200 OK
Date: Thu, 01 Sep 2022 06:17:24 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 09 Nov 2020 15:05:38 GMT
Accept-Ranges: bytes
Content-Length: 2325
X-Endurance-Cache-Level: 0
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=75
Content-Type: image/png

freeflywindstation.com/unicredit/carta/assets/icon/login/msite/home.png

108.167.143.215

200 OK

2.7 kB

URL HTTP/1.1
freeflywindstation.com/unicredit/carta/assets/icon/login/msite/home.png
IP
108.167.143.215:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced\012- data
Size
2.7 kB (2738 bytes)
Hash
093ff98de56ace3c0c9c497446759840
9c5307f15c91ad9fead6234a7105fc55b08397b3
825ff7e698273277b498ff7a2ccdfd6c2db7712e0f6904a30e4d944e5adbb611

HTTP Headers

GET /unicredit/carta/assets/icon/login/msite/home.png HTTP/1.1
Host: freeflywindstation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://freeflywindstation.com/unicredit/carta/
Cookie: COOKIE_KEY=166201304229

HTTP/1.1 200 OK
Date: Thu, 01 Sep 2022 06:17:24 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 09 Nov 2020 15:05:38 GMT
Accept-Ranges: bytes
Content-Length: 2738
X-Endurance-Cache-Level: 0
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=75
Content-Type: image/png

freeflywindstation.com/unicredit/carta/assets/msite/footer/info-trasparenza.jpg

108.167.143.215

200 OK

17 kB

URL HTTP/1.1
freeflywindstation.com/unicredit/carta/assets/msite/footer/info-trasparenza.jpg
IP
108.167.143.215:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 295 x 84, 8-bit/color RGBA, non-interlaced\012- data
Size
17 kB (17060 bytes)
Hash
56b5bb79ce602307ebea7cef2eca03ec
61eb31d995e3508006c0c47366fdfd92d6ced384
ee937dcede34527a7158666d9ddcd10ea8f23558b285a6b8ca1b0ff6e01c1473

HTTP Headers

GET /unicredit/carta/assets/msite/footer/info-trasparenza.jpg HTTP/1.1
Host: freeflywindstation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://freeflywindstation.com/unicredit/carta/
Cookie: COOKIE_KEY=166201304229

HTTP/1.1 200 OK
Date: Thu, 01 Sep 2022 06:17:24 GMT
Server: Apache
Last-Modified: Mon, 09 Nov 2020 15:13:40 GMT
Accept-Ranges: bytes
Content-Length: 17060
X-Endurance-Cache-Level: 0
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/jpeg

freeflywindstation.com/unicredit/carta/assets/imgs/Logo-UniCredit.png

108.167.143.215

200 OK

2.9 kB

URL HTTP/1.1
freeflywindstation.com/unicredit/carta/assets/imgs/Logo-UniCredit.png
IP
108.167.143.215:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 240 x 47, 8-bit colormap, non-interlaced\012- data
Size
2.9 kB (2879 bytes)
Hash
6da3b1dadbf4752b21c9976b5b5a0e59
d6222a646ba72ad6a6784ed8e9d26fb93f8f6c86
ce2a90b7453d592f36994cf622a4c7a016e6050c5dc115c97127e15f9adb2bab

HTTP Headers

GET /unicredit/carta/assets/imgs/Logo-UniCredit.png HTTP/1.1
Host: freeflywindstation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://freeflywindstation.com/unicredit/carta/
Cookie: COOKIE_KEY=166201304229

HTTP/1.1 200 OK
Date: Thu, 01 Sep 2022 06:17:24 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 09 Nov 2020 15:05:38 GMT
Accept-Ranges: bytes
Content-Length: 2879
X-Endurance-Cache-Level: 0
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=75
Content-Type: image/png

freeflywindstation.com/unicredit/carta/assets/imgs/logo-splash-msite.png

108.167.143.215

200 OK

7.1 kB

URL HTTP/1.1
freeflywindstation.com/unicredit/carta/assets/imgs/logo-splash-msite.png
IP
108.167.143.215:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
PNG image data, 1174 x 285, 8-bit colormap, non-interlaced\012- data
Size
7.1 kB (7123 bytes)
Hash
65294bbb5427d8dd82b6001edec003f1
9a389c60ae57ff80fe2542d355709ea5f51d70fc
e62e38d3cda262687803f85dcfeb47f8a8960e01a4f493475b95bf0be235481f

HTTP Headers

GET /unicredit/carta/assets/imgs/logo-splash-msite.png HTTP/1.1
Host: freeflywindstation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://freeflywindstation.com/unicredit/carta/
Cookie: COOKIE_KEY=166201304229

HTTP/1.1 200 OK
Date: Thu, 01 Sep 2022 06:17:24 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 09 Nov 2020 15:05:38 GMT
Accept-Ranges: bytes
Content-Length: 7123
X-Endurance-Cache-Level: 0
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=75
Content-Type: image/png

freeflywindstation.com/unicredit/carta/assets/fonts/UniCredit-Regular.otf

108.167.143.215

200 OK

64 kB

URL HTTP/1.1
freeflywindstation.com/unicredit/carta/assets/fonts/UniCredit-Regular.otf
IP
108.167.143.215:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
OpenType font data\012- data
Size
64 kB (63864 bytes)
Hash
ead58f7ad732335b3efcfcb49baa3982
7d98101c525a65129b0ef6d44913071d35721c18
9cfe221c6d9b096b2b7db501ec58d6ce58b03cd87a8cdda037cd5eb69d634bee

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /unicredit/carta/assets/fonts/UniCredit-Regular.otf HTTP/1.1
Host: freeflywindstation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://freeflywindstation.com/unicredit/carta/assets/main.4c1b8b4624.css
Cookie: COOKIE_KEY=166201304229

HTTP/1.1 200 OK
Date: Thu, 01 Sep 2022 06:17:24 GMT
Server: Apache
Last-Modified: Mon, 09 Nov 2020 15:13:14 GMT
Accept-Ranges: bytes
Content-Length: 63864
X-Endurance-Cache-Level: 0
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: font/otf

freeflywindstation.com/unicredit/carta/assets/fonts/UniCredit-Bold.otf

108.167.143.215

404 Not Found

7.9 kB

URL HTTP/1.1
freeflywindstation.com/unicredit/carta/assets/fonts/UniCredit-Bold.otf
IP
108.167.143.215:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8196), with CRLF, LF line terminators
Size
7.9 kB (7927 bytes)
Hash
250a9a2714fd315c7942285708a4cf36
94e1ab54361818682066ba069db9853ce0f207d2
dedcd1a0bc62923156415a1cb8150b39f97e4a82e51874f37ee13933e74da326

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /unicredit/carta/assets/fonts/UniCredit-Bold.otf HTTP/1.1
Host: freeflywindstation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://freeflywindstation.com/unicredit/carta/assets/main.4c1b8b4624.css
Cookie: COOKIE_KEY=166201304229

HTTP/1.1 404 Not Found
Date: Thu, 01 Sep 2022 06:17:24 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <http://freeflywindstation.com/wp-json/>; rel="https://api.w.org/"
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 0
X-nginx-cache: WordPress
Content-Length: 7927
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

freeflywindstation.com/unicredit/carta/assets/fonts/roboto-regular.woff2

108.167.143.215

404 Not Found

30 kB

URL HTTP/1.1
freeflywindstation.com/unicredit/carta/assets/fonts/roboto-regular.woff2
IP
108.167.143.215:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8196), with CRLF, LF line terminators
Size
30 kB (29846 bytes)
Hash
68a7563ff056d729ad50735a0d8e4492
da692ed0402483deb7dada4f22d05a91f80be2d2
e7482dd1ceae6863583dbfda866c9b3e83c259c6716374a66f26c52695bcfee7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /unicredit/carta/assets/fonts/roboto-regular.woff2 HTTP/1.1
Host: freeflywindstation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://freeflywindstation.com/unicredit/carta/assets/main.4c1b8b4624.css
Cookie: COOKIE_KEY=166201304229

HTTP/1.1 404 Not Found
Date: Thu, 01 Sep 2022 06:17:24 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <http://freeflywindstation.com/wp-json/>; rel="https://api.w.org/"
Vary: Accept-Encoding
X-Endurance-Cache-Level: 0
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

freeflywindstation.com/unicredit/carta/assets/fonts/UniCredit-Medium.otf

108.167.143.215

200 OK

69 kB

URL HTTP/1.1
freeflywindstation.com/unicredit/carta/assets/fonts/UniCredit-Medium.otf
IP
108.167.143.215:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
OpenType font data\012- data
Size
69 kB (69416 bytes)
Hash
e06c0fb36f7080e2014d33df87f8f5d3
61cd7b696e9cdf680a8509cde6d66dd6a819ff8a
b3d6fea3cf3db29242671ea9d4f5498b05f82b938ff7e2bc94b2c399c06bdec6

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /unicredit/carta/assets/fonts/UniCredit-Medium.otf HTTP/1.1
Host: freeflywindstation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://freeflywindstation.com/unicredit/carta/assets/main.4c1b8b4624.css
Cookie: COOKIE_KEY=166201304229

HTTP/1.1 200 OK
Date: Thu, 01 Sep 2022 06:17:24 GMT
Server: Apache
Last-Modified: Mon, 09 Nov 2020 15:13:00 GMT
Accept-Ranges: bytes
Content-Length: 69416
X-Endurance-Cache-Level: 0
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: font/otf

freeflywindstation.com/unicredit/carta/assets/fonts/UniCredit-Light.otf

108.167.143.215

200 OK

64 kB

URL HTTP/1.1
freeflywindstation.com/unicredit/carta/assets/fonts/UniCredit-Light.otf
IP
108.167.143.215:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
OpenType font data\012- data
Size
64 kB (64444 bytes)
Hash
2f70f3a7da1eee3afb7f600fc0894f0f
d31c2d6465d4759f6521acfd0d8a0d03e413f350
d51aa085e49a4211758b17675299bdf1c65da3a2c7fdd1e4bd9ed1ce78e19a7b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /unicredit/carta/assets/fonts/UniCredit-Light.otf HTTP/1.1
Host: freeflywindstation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://freeflywindstation.com/unicredit/carta/assets/main.4c1b8b4624.css
Cookie: COOKIE_KEY=166201304229

HTTP/1.1 200 OK
Date: Thu, 01 Sep 2022 06:17:24 GMT
Server: Apache
Last-Modified: Mon, 09 Nov 2020 15:12:54 GMT
Accept-Ranges: bytes
Content-Length: 64444
X-Endurance-Cache-Level: 0
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: font/otf

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10296
Expires: Thu, 01 Sep 2022 09:09:00 GMT
Date: Thu, 01 Sep 2022 06:17:24 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10296
Expires: Thu, 01 Sep 2022 09:09:00 GMT
Date: Thu, 01 Sep 2022 06:17:24 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9564bd06-b264-460b-96bb-6b37cf25a72b.jpeg

34.120.237.76

200 OK

17 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9564bd06-b264-460b-96bb-6b37cf25a72b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
17 kB (16818 bytes)
Hash
12756903aaa74164feb5f8525398ca36
9fef9b071daea6793cbbdfe391254ac4326b1aa2
6d474a6d96aebfed43a4f6812f18a1be8d100c590f75eb0fbf4ec7277dd0c442

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9564bd06-b264-460b-96bb-6b37cf25a72b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 16818
x-amzn-requestid: fa921878-2054-453b-b313-681cdd9c9068
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xj-Z_HUNIAMFltg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630b110c-053ce81943fea70c2de7daa0;Sampled=0
x-amzn-remapped-date: Sun, 28 Aug 2022 06:54:04 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 69fDjN-ZeYA8RVO_WGTY1KQHZ1t3PNdWIwq3ax1e1wKmuPODyGCMcQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Wed, 31 Aug 2022 14:46:29 GMT
age: 55855
etag: "9fef9b071daea6793cbbdfe391254ac4326b1aa2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0198fd1f-b00c-442e-9184-8ce8ebf9593c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10777 bytes)
Hash
ba98f63d9bef7deebb9a8d1b3126d396
d97a8b0e4b4dbc60dfc9eb15ba28f68e8e3731ef
b8f6c1c6b34ec452a6aa3090c30ebf3a68cb3b4d45a7b134ed32e1959f4f0682

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0198fd1f-b00c-442e-9184-8ce8ebf9593c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10777
x-amzn-requestid: 2e9a081f-2ae4-49b9-b9d4-79cae2b7eae9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xv3kRFiJIAMFgNA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630fd2e7-2f9eec0b239ceb6d617431b6;Sampled=0
x-amzn-remapped-date: Wed, 31 Aug 2022 21:30:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: w9ACDg_Mxbl2GSEDeDAqdMlKjkCiMyWExvCUa2jHquaQy6U-4EJtbQ==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 31 Aug 2022 21:37:20 GMT
age: 31204
etag: "d97a8b0e4b4dbc60dfc9eb15ba28f68e8e3731ef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbfc1af67-f228-4148-a5f1-b9d751d203d5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.1 kB (4138 bytes)
Hash
6e6bf286fe74ee70a2819dba1d843cd9
5a81f8462cfc9f17689152bb3a77407227099d41
4678c57ae3e892d1a39414992fe248b4638e6e1ba1ff9310c47c906e3a717cd3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbfc1af67-f228-4148-a5f1-b9d751d203d5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4138
x-amzn-requestid: 63a73745-7dc5-434b-ad2c-4dbf05013749
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XjIrEH1cIAMFx_w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630abb13-3e815ee876f88f0a2d1a825d;Sampled=0
x-amzn-remapped-date: Sun, 28 Aug 2022 00:47:15 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: lah1xj0ju15ZqU-bw95GqUx1TukEeI3PTbUFZqU8qaQWd9JX4JT8Xw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 31 Aug 2022 07:23:24 GMT
age: 82440
etag: "5a81f8462cfc9f17689152bb3a77407227099d41"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff48464b4-ee99-46c1-8a3e-aa01e1b670f8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11031 bytes)
Hash
494ba0180ab4b2b80ca11aeb67ae69ab
2082e9f809e97bbcaf6ff11846398aca472f9f0f
c6a707e79315677912fa7cf6ab592abf4377aa76e51ae5149d4bae7e663d6801

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff48464b4-ee99-46c1-8a3e-aa01e1b670f8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11031
x-amzn-requestid: bd49a4c9-205b-4553-90a3-308ebc6be818
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xv4hOHzVoAMFl8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630fd46e-783de8c2461d7cb9167f734e;Sampled=0
x-amzn-remapped-date: Wed, 31 Aug 2022 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: mDad6prX28HjnDw7hq0B9vE_BaX9qqrjaOo7A46jhu2S505prB5SJA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 31 Aug 2022 21:37:11 GMT
age: 31213
etag: "2082e9f809e97bbcaf6ff11846398aca472f9f0f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bffab86-e623-4ccd-9297-981c9dc6e4cd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9674 bytes)
Hash
b0f6c541f6335bb709d2270147bd5aed
b691ef5e7a302e2678302818130a9637c3efbe3a
e63922331a4463519e6df77ae7a1ad3316a36e54dd03c00ff6b119ee3fa684c5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bffab86-e623-4ccd-9297-981c9dc6e4cd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9674
x-amzn-requestid: 79dc68ea-ea2e-4eab-bab9-1c89b0a955a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XjMSvHJ-oAMF6Jw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630ac0de-2370cf5363d5f308121f0ca4;Sampled=0
x-amzn-remapped-date: Sun, 28 Aug 2022 01:11:58 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qAEve6mBQ9a1hr2fBR8xq42pxeG9Kjn4yWaMr4z4On46QC9R1K91pw==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Wed, 31 Aug 2022 14:58:03 GMT
age: 55161
etag: "b691ef5e7a302e2678302818130a9637c3efbe3a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcce30929-1614-4a6d-80aa-fd9b2f12af34.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.3 kB (9305 bytes)
Hash
4b629767aa19f78c2734128d2cb1e93d
2a66e9c2654e04097031304feca86eea7ab0395e
2bf73bd574a294029803eb25c23442a12519c5d186d806d165ea4fa9b8961b87

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcce30929-1614-4a6d-80aa-fd9b2f12af34.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9305
x-amzn-requestid: 3ec274e1-6e02-4099-ba20-f622b20da568
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xv4ibGU-oAMFj9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630fd475-7f2b1dc86353361e105c6f7d;Sampled=0
x-amzn-remapped-date: Wed, 31 Aug 2022 21:36:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 31J99N3FeSApJbAZbYRpIfPdeiBm4bucT3RwaoGFTwhQWxhncPHL8w==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Wed, 31 Aug 2022 21:54:54 GMT
age: 30150
etag: "2a66e9c2654e04097031304feca86eea7ab0395e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

freeflywindstation.com/unicredit/carta/assets/fonts/roboto-regular.woff

108.167.143.215

404 Not Found

30 kB

URL HTTP/1.1
freeflywindstation.com/unicredit/carta/assets/fonts/roboto-regular.woff
IP
108.167.143.215:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8196), with CRLF, LF line terminators
Size
30 kB (29846 bytes)
Hash
68a7563ff056d729ad50735a0d8e4492
da692ed0402483deb7dada4f22d05a91f80be2d2
e7482dd1ceae6863583dbfda866c9b3e83c259c6716374a66f26c52695bcfee7

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /unicredit/carta/assets/fonts/roboto-regular.woff HTTP/1.1
Host: freeflywindstation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://freeflywindstation.com/unicredit/carta/assets/main.4c1b8b4624.css
Cookie: COOKIE_KEY=166201304229

HTTP/1.1 404 Not Found
Date: Thu, 01 Sep 2022 06:17:24 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <http://freeflywindstation.com/wp-json/>; rel="https://api.w.org/"
Vary: Accept-Encoding
X-Endurance-Cache-Level: 0
X-nginx-cache: WordPress
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

freeflywindstation.com/unicredit/carta/assets/imgs/logo-msite.png

108.167.143.215

404 Not Found

7.9 kB

URL HTTP/1.1
freeflywindstation.com/unicredit/carta/assets/imgs/logo-msite.png
IP
108.167.143.215:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8196), with CRLF, LF line terminators
Size
7.9 kB (7927 bytes)
Hash
250a9a2714fd315c7942285708a4cf36
94e1ab54361818682066ba069db9853ce0f207d2
dedcd1a0bc62923156415a1cb8150b39f97e4a82e51874f37ee13933e74da326

HTTP Headers

GET /unicredit/carta/assets/imgs/logo-msite.png HTTP/1.1
Host: freeflywindstation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://freeflywindstation.com/unicredit/carta/
Cookie: COOKIE_KEY=166201304229

HTTP/1.1 404 Not Found
Date: Thu, 01 Sep 2022 06:17:24 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <http://freeflywindstation.com/wp-json/>; rel="https://api.w.org/"
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 0
X-nginx-cache: WordPress
Content-Length: 7927
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

freeflywindstation.com/unicredit/carta/assets/fonts/roboto-regular.ttf

108.167.143.215

404 Not Found

7.9 kB

URL HTTP/1.1
freeflywindstation.com/unicredit/carta/assets/fonts/roboto-regular.ttf
IP
108.167.143.215:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8196), with CRLF, LF line terminators
Size
7.9 kB (7927 bytes)
Hash
250a9a2714fd315c7942285708a4cf36
94e1ab54361818682066ba069db9853ce0f207d2
dedcd1a0bc62923156415a1cb8150b39f97e4a82e51874f37ee13933e74da326

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /unicredit/carta/assets/fonts/roboto-regular.ttf HTTP/1.1
Host: freeflywindstation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://freeflywindstation.com/unicredit/carta/assets/main.4c1b8b4624.css
Cookie: COOKIE_KEY=166201304229

HTTP/1.1 404 Not Found
Date: Thu, 01 Sep 2022 06:17:24 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <http://freeflywindstation.com/wp-json/>; rel="https://api.w.org/"
Vary: Accept-Encoding
Content-Encoding: gzip
X-Endurance-Cache-Level: 0
X-nginx-cache: WordPress
Content-Length: 7927
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (33)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type