Report - best-offer-no1.com/tesler2

Report Overview

Submitted URL
best-offer-no1.com/tesler2
IP
185.142.239.209
ASN
#174 COGENT-174
Submitted
2022-09-08 06:15:23
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
24

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	52.35.74.102
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.115
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.3 kB	6.2 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.110
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	2.8 kB	142.250.74.3
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	405 B	15 kB	142.250.74.10
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	497 B	14 kB	142.250.74.163
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	60 kB	34.120.237.76
best-offer-no1.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	17 kB	908 kB	185.142.239.209

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-08	medium	best-offer-no1.com/tesler2	Phishing
2022-09-08	medium	best-offer-no1.com/tesler2	Phishing
2022-09-08	medium	best-offer-no1.com/tesler2/	Phishing
2022-09-08	medium	best-offer-no1.com/tesler2/en/index.php	Phishing
2022-09-08	medium	best-offer-no1.com/tesler2/js/bluebird.min.js	Phishing
2022-09-08	medium	best-offer-no1.com/tesler2/js/videojs/video.js	Phishing
2022-09-08	medium	best-offer-no1.com/tesler2/js/scripts_i.js	Phishing
2022-09-08	medium	best-offer-no1.com/intgrtn/api/v1/integration/sdk.js?v=120228862	Phishing
2022-09-08	medium	best-offer-no1.com/tesler2/media/video-en.mp4	Phishing
2022-09-08	medium	best-offer-no1.com/intgrtn/api/v1/projects/agreements.php?type=4	Phishing
2022-09-08	medium	best-offer-no1.com/intgrtn/api/v1/projects/agreements.php?type=4	Phishing
2022-09-08	medium	best-offer-no1.com/intgrtn/api/v1/events/add.php	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	best-offer-no1.com/tesler2/en/index.php	1.8 kB	2023-03-07	2023-08-04
Pretty URL best-offer-no1.com/tesler2/en/index.php IP 185.142.239.209 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:49:41 Last Seen2023-08-04 22:57:35 Times Seen2 Hash 51d2e5089b2585a4f15241d97c21179c 0d159fe08fa2e86ba63373260bd9ebe2442224a2 31573ac4242d43bb5b218424c05ef621b469563d30146ba2b27a9f18f45d8adb Loading...

	best-offer-no1.com/tesler2/en/index.php	3.5 kB	2023-03-07	2023-03-13
Pretty URL best-offer-no1.com/tesler2/en/index.php IP 185.142.239.209 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:49:41 Last Seen2023-03-13 07:48:44 Times Seen1 Hash ec17487825ec0be31bc2e87687ffe3cf b33e28a256d7337c08aad32e6068a4bdeb9397f9 d338e4c3b72b89a6d282d8ec273263d70b18ffb0e9456776dd8af8e63c32a693 Loading...

	best-offer-no1.com/intgrtn/api/v1/integration/sdk.js?v=120228862	390 kB	2023-03-07	2023-03-07
Pretty URL best-offer-no1.com/intgrtn/api/v1/integration/sdk.js?v=120228862 IP 185.142.239.209 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:06 Last Seen2023-03-07 13:56:56 Times Seen1 Hash 7f9d78ed4d9b4981ce16f5007aaccd91 eb22513cf595ebb50a50f80789e3a2d0decae9d1 4cec4d36cf6969585dceb6036e0efffb7f4693de977b125d030a420a3e160775 Loading...

	best-offer-no1.com/tesler2/js/bluebird.min.js	77 kB	2023-03-07	2024-04-25
Pretty URL best-offer-no1.com/tesler2/js/bluebird.min.js IP 185.142.239.209 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:49:41 Last Seen2024-04-25 17:28:08 Times Seen77 Hash ad58638eca677ab0314b116d3194f27a 66bf0499c3488b461abd9c0ed62f8ec71a9594ea 4a8df52b71e0fc738da41e818f6b0e5e9d8fc116b65b56d017a237245b4383fa Loading...

	best-offer-no1.com/tesler2/js/videojs/video.js	1.5 MB	2023-03-07	2024-03-08
Pretty URL best-offer-no1.com/tesler2/js/videojs/video.js IP 185.142.239.209 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:45:04 Last Seen2024-03-08 09:40:01 Times Seen317 Hash 9045e3df1785b61657789608f6afa807 0a7ea1b2e2bfc262fcd4acd1023973b78082f5ee 96d3349232417f89dec7f5c26a3872bb542fceaba22361b580b78f6e8d92ef2c Loading...

	best-offer-no1.com/tesler2/js/scripts_i.js	138 kB	2023-03-07	2023-11-21
Pretty URL best-offer-no1.com/tesler2/js/scripts_i.js IP 185.142.239.209 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:49:41 Last Seen2023-11-21 11:12:03 Times Seen4 Hash 0488f02d9a4153adc6655a7ce3771cf8 eb9e78920ac32be98a47e258f36321a3f7ea4f44 c30cec99d7520db5264c1431827250c0dd273f7c6fc613fbe7e89384bc177e01 Loading...

HTTP Transactions (63)

URL IP Response Size

best-offer-no1.com/tesler2

185.142.239.209

301 Moved Permanently

162 B

URL HTTP/1.1
best-offer-no1.com/tesler2
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /tesler2 HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 08 Sep 2022 06:15:11 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://best-offer-no1.com/tesler2
Strict-Transport-Security: max-age=63072000

firefox.settings.services.mozilla.com/v1/

143.204.55.115

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 08 Sep 2022 05:38:02 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: acjaQbskjZdvnu2Vhl0YLOGAOjXttQ5TytOrHJcjBxwIApd8qlmrgA==
Age: 2229

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b9adda4796e3cda8d92753c46964621c
5f1eba1f6085b23dea088a91fe6f8947172f9f62
a0577a8fcfa81b3f86d99566eb4429655b93a238ffd1a3752bc9aae3d969deea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A0577A8FCFA81B3F86D99566EB4429655B93A238FFD1A3752BC9AAE3D969DEEA"
Last-Modified: Tue, 06 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6013
Expires: Thu, 08 Sep 2022 07:55:24 GMT
Date: Thu, 08 Sep 2022 06:15:11 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.110

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.110:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 08 Sep 2022 03:46:35 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: gO4aELhHK4dd7rAUojs8O6KGPbeMiShN-us0fql0kosgI5zbrmkhWw==
age: 8917
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 08 Sep 2022 06:15:12 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f7b4b5b7266763dda26d04ef8901efc8
cb6ca0bc81c4aac821fada38f74be309eea94fe7
9f71bd0f5f530cfe0bdaecabf4bb6650db5ad7c9a3a92e688dbb8c6e6d7bed86

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9F71BD0F5F530CFE0BDAECABF4BB6650DB5AD7C9A3A92E688DBB8C6E6D7BED86"
Last-Modified: Thu, 08 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 08 Sep 2022 12:15:12 GMT
Date: Thu, 08 Sep 2022 06:15:12 GMT
Connection: keep-alive

best-offer-no1.com/tesler2

185.142.239.209

301 Moved Permanently

162 B

URL HTTP/1.1
best-offer-no1.com/tesler2
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /tesler2 HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 08 Sep 2022 06:15:12 GMT
Content-Type: text/html
Content-Length: 162
Location: https://best-offer-no1.com/tesler2/
Connection: keep-alive
X-Server: igor
PX-X-Request-Id: 194d4eb4620f1d5e4a1d8d86e3438ec0
PX-IPTimestamp: 1662046186 1662617515 1662615713

best-offer-no1.com/tesler2/

185.142.239.209

302 Found

0 B

URL HTTP/1.1
best-offer-no1.com/tesler2/
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /tesler2/ HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 08 Sep 2022 06:15:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: en/index.php
X-Upstream: evlampi-***ko
X-Server: igor
PX-X-Request-Id: d8b2b1dd6e2ea504f821a9194d9c0865
PX-IPTimestamp: 1662046186 1662617515 1662615713

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.115

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Thu, 08 Sep 2022 05:38:18 GMT
Cache-Control: max-age=3600
Expires: Thu, 08 Sep 2022 06:13:35 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: DSghNOql9STJppCZ1KGNG7fK6vS1g3Q6BlET5xYgl07l5VV_56U9TQ==
Age: 2214

best-offer-no1.com/tesler2/en/index.php

185.142.239.209

200 OK

7.6 kB

URL HTTP/1.1
best-offer-no1.com/tesler2/en/index.php
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (312)
Size
7.6 kB (7595 bytes)
Hash
012683163f7c7bf98b7de7d639446492
e13bdf2bb35f81e05cb36d7fa550c9dcee717e59
a136eac4b7c2e8c2d6c4064c8e4b1ad88fd79fe8e2ee6420c6a707192dd2a9c4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /tesler2/en/index.php HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: intgrtn_language=en; expires=Sat, 08-Oct-2022 06:15:12 GMT; Max-Age=2592000; path=/tesler2/
X-Upstream: evlampi-***ko
Content-Encoding: gzip
X-Server: igor
PX-X-Request-Id: 0b37b0e2474e62c9e61861ec2d013809
PX-IPTimestamp: 1662046186 1662617515 1662615713

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
a81b0f5b5d11bf95fc176833b2f6e808
5b194aa5a8bf3a6b0d117ccfd0f487f6db0587b5
8f6ae83f2b85db7174bbbc6553e2921617b5c8a401315e76082682949a0bd9cc

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6537
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 06:15:12 GMT
Last-Modified: Thu, 08 Sep 2022 04:26:15 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

best-offer-no1.com/tesler2/css/styles.css

185.142.239.209

200 OK

10 kB

URL HTTP/1.1
best-offer-no1.com/tesler2/css/styles.css
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
ASCII text, with very long lines (2589)
Size
10 kB (10448 bytes)
Hash
09fec3f13be987f295a8675dfeeb1702
c2ed4472543a6871c95a6cf7ef26cf2827035707
6a14a4d8f007adde44c6b766c1fc7a84ad5cac481fe499d643c34a521483c9c8

HTTP Headers

GET /tesler2/css/styles.css HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/en/index.php
Cookie: intgrtn_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:12 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jul 2022 06:15:38 GMT
ETag: W/"62d64c0a-ce50"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: igor
PX-X-Request-Id: e4e8979cecad2b5fa472b972aa687c7e
PX-IPTimestamp: 1662046186 1662617515 1662615713
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
b63f97bc3dce37e8ee6a0c9fcae468fe
cc70326582c0016d7434d0553486734266e57e71
6b3b365123beead4021532b8f2578b3761bbd47af45ed2a461a0476d53aa637d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 06:15:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

best-offer-no1.com/tesler2/css/all.min.css

185.142.239.209

200 OK

12 kB

URL HTTP/1.1
best-offer-no1.com/tesler2/css/all.min.css
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
ASCII text
Size
12 kB (12384 bytes)
Hash
f6a3fddfabab9f1a3cf3a2af19db9396
5b1b8a776597b4d3120c90bec6039368c7b525d4
c7321fd841ab871fe59b5d9bf53c86bc5020502cb3d412344478f22d3a2f8206

HTTP Headers

GET /tesler2/css/all.min.css HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/en/index.php
Cookie: intgrtn_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:12 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jul 2022 06:15:38 GMT
ETag: W/"62d64c0a-1180a"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: igor
PX-X-Request-Id: dfed5d3cdcd0fbb844fb026608ac9fc8
PX-IPTimestamp: 1662046186 1662617515 1662615713
Content-Encoding: gzip

best-offer-no1.com/tesler2/js/videojs/video-js.css

185.142.239.209

200 OK

10 kB

URL HTTP/1.1
best-offer-no1.com/tesler2/js/videojs/video-js.css
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
ASCII text, with very long lines (5636)
Size
10 kB (10001 bytes)
Hash
2e9194db7b65da701663fd1550133a11
7bf10315530baed441c2ee0b991b31cb6bf80dd9
56c5f03204b6696a155965ca54b64f190413e020a36841c11bdc8ebf5f17ffde

HTTP Headers

GET /tesler2/js/videojs/video-js.css HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/en/index.php
Cookie: intgrtn_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:12 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jul 2022 06:15:38 GMT
ETag: W/"62d64c0a-9ed4"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: igor
PX-X-Request-Id: b52db2fca6a9b514fc1dcc3e3c113a03
PX-IPTimestamp: 1662046186 1662617515 1662615713
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
b63f97bc3dce37e8ee6a0c9fcae468fe
cc70326582c0016d7434d0553486734266e57e71
6b3b365123beead4021532b8f2578b3761bbd47af45ed2a461a0476d53aa637d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 06:15:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

best-offer-no1.com/tesler2/js/bluebird.min.js

185.142.239.209

200 OK

22 kB

URL HTTP/1.1
best-offer-no1.com/tesler2/js/bluebird.min.js
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
ASCII text, with very long lines (32044), with escape sequences
Size
22 kB (21843 bytes)
Hash
6eb2e564843b2a4c087aa4a4ddb0b5d6
0cff5e922b5f2a999f5c885330b19774528ae421
f75e4f90003fc4e877ee7c7ecd2f2716ddf634df7c75b39b70f1f415f741d885

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /tesler2/js/bluebird.min.js HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/en/index.php
Cookie: intgrtn_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:12 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jul 2022 06:15:38 GMT
ETag: W/"62d64c0a-12b3f"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: igor
PX-X-Request-Id: 7dcc34f3609b03a7b2e3587d4d6c84c1
PX-IPTimestamp: 1662046186 1662617515 1662615713
Content-Encoding: gzip

push.services.mozilla.com/

52.35.74.102

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.35.74.102:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: OsIwbxOE+qy6KmbcEMDmeg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: rS9xNwLN2Bxu06jLtiyNt9auyYI=

best-offer-no1.com/tesler2/js/videojs/video.js

185.142.239.209

200 OK

335 kB

URL HTTP/1.1
best-offer-no1.com/tesler2/js/videojs/video.js
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
ASCII text, with very long lines (491)
Size
335 kB (335015 bytes)
Hash
f20c3ec01ad7639d73154c9dee322a28
d0d30875dd51f800fa4ec2f6f26950c446541784
5b66dfe285931127decd3ab1c38da42a6975a05f513ad9b2de126018ec73f7b0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /tesler2/js/videojs/video.js HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/en/index.php
Cookie: intgrtn_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:12 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jul 2022 06:15:38 GMT
ETag: W/"62d64c0a-173a79"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: igor
PX-X-Request-Id: c12981f275e7ffdc29f73d0ae1db655e
PX-IPTimestamp: 1662046186 1662617515 1662615713
Content-Encoding: gzip

best-offer-no1.com/tesler2/css/intgrtn.css

185.142.239.209

200 OK

1.0 kB

URL HTTP/1.1
best-offer-no1.com/tesler2/css/intgrtn.css
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
ASCII text
Size
1.0 kB (1010 bytes)
Hash
33ebe2488c329793f92881c13e1e33d8
eb999cd53246446566cc5b69e64600d5b30cee20
110b7a415a43fb01f2836dc597ae9faa6512b10a3deb3fad3df9ae0e341852a4

HTTP Headers

GET /tesler2/css/intgrtn.css HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/en/index.php
Cookie: intgrtn_language=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:13 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jul 2022 06:15:38 GMT
ETag: W/"62d64c0a-1514"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: igor
PX-X-Request-Id: 3762350a4b13a91270ab396e2152da6d
PX-IPTimestamp: 1662046186 1662617515 1662615713
Content-Encoding: gzip

best-offer-no1.com/tesler2/img/logo.png

185.142.239.209

200 OK

1.7 kB

URL HTTP/1.1
best-offer-no1.com/tesler2/img/logo.png
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
PNG image data, 245 x 80, 8-bit colormap, non-interlaced\012- data
Size
1.7 kB (1688 bytes)
Hash
0a8c2c0795dac435b5a6134f94095262
70d34839d8bb6c7060ac82488d42f53585ea3a05
3ce0200875965ada605039243768e653fa7d2209ce93d6c0b8e330c7bbd78301

HTTP Headers

GET /tesler2/img/logo.png HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/en/index.php
Cookie: intgrtn_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:13 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jul 2022 06:15:38 GMT
ETag: W/"62d64c0a-67c"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: igor
PX-X-Request-Id: af9fff7ce2aa4b3528413f27c7ca7af8
PX-IPTimestamp: 1662046186 1662617515 1662615713
Content-Encoding: gzip

best-offer-no1.com/tesler2/img/ggl.png

185.142.239.209

200 OK

3.8 kB

URL HTTP/1.1
best-offer-no1.com/tesler2/img/ggl.png
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
PNG image data, 413 x 122, 8-bit colormap, non-interlaced\012- data
Size
3.8 kB (3757 bytes)
Hash
1dace915af7bfb5152904d0b9fb048fa
3ba570fda644205812704fb68afe758b1fd59f6b
b64ecd3632207b51972b82588babf76bcbe0ea17e61195f3a8a9b5b7d5da09b6

HTTP Headers

GET /tesler2/img/ggl.png HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/en/index.php
Cookie: intgrtn_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:13 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jul 2022 06:15:38 GMT
ETag: W/"62d64c0a-e91"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: igor
PX-X-Request-Id: 2a60825d48b455e60756daba89411c03
PX-IPTimestamp: 1662046186 1662617515 1662615713
Content-Encoding: gzip

best-offer-no1.com/tesler2/img/App-1.jpg

185.142.239.209

200 OK

12 kB

URL HTTP/1.1
best-offer-no1.com/tesler2/img/App-1.jpg
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 477x259, components 3\012- data
Size
12 kB (11902 bytes)
Hash
92395690318f62633236f6dc4482baf6
d732a7e30a7a9b0781b499f7c54aad976d19aa68
8a1f49bc96a81d3348dbe8be1b3aa81333d3edb3d532b10a28ccd6470d379214

HTTP Headers

GET /tesler2/img/App-1.jpg HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/en/index.php
Cookie: intgrtn_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:13 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jul 2022 06:15:38 GMT
ETag: W/"62d64c0a-3057"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: igor
PX-X-Request-Id: 1696966fe94650c9a0b5c196ef36fedc
PX-IPTimestamp: 1662046186 1662617515 1662615713
Content-Encoding: gzip

best-offer-no1.com/tesler2/img/apple.png

185.142.239.209

200 OK

2.2 kB

URL HTTP/1.1
best-offer-no1.com/tesler2/img/apple.png
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
PNG image data, 200 x 73, 8-bit colormap, non-interlaced\012- data
Size
2.2 kB (2221 bytes)
Hash
b3165ad0b9b9398a3d9745d557387bb6
84127e8e192fd30d23282537c2c64fc90fb78eb4
1541d72fe5174bda316892a26361636da4df50189a86ee62d06ccd039d4082d3

HTTP Headers

GET /tesler2/img/apple.png HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/en/index.php
Cookie: intgrtn_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:13 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jul 2022 06:15:38 GMT
ETag: W/"62d64c0a-891"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: igor
PX-X-Request-Id: 448279dc09a103dc9adbe9ab5019c06f
PX-IPTimestamp: 1662046186 1662617515 1662615713
Content-Encoding: gzip

best-offer-no1.com/tesler2/js/scripts_i.js

185.142.239.209

200 OK

48 kB

URL HTTP/1.1
best-offer-no1.com/tesler2/js/scripts_i.js
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
Unicode text, UTF-8 text, with very long lines (65449)
Size
48 kB (47910 bytes)
Hash
1a87fc8ea044b566c701903c6ab57776
fa48f753333f54ab6aaaaa756ca8328896be4b36
3facc65cc1d32faa5e4f4163152b9472c47aea6a997075705423be42d871c1e4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /tesler2/js/scripts_i.js HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/en/index.php
Cookie: intgrtn_language=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jul 2022 06:15:38 GMT
ETag: W/"62d64c0a-21bfa"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: igor
PX-X-Request-Id: a90fb3426b24a484817a6c379ae22a06
PX-IPTimestamp: 1662046186 1662617515 1662615713
Content-Encoding: gzip

best-offer-no1.com/tesler2/img/bg.jpg

185.142.239.209

200 OK

64 kB

URL HTTP/1.1
best-offer-no1.com/tesler2/img/bg.jpg
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1173, components 3\012- data
Size
64 kB (64049 bytes)
Hash
46c4e86aa0e4c4577ddd8c00be2b3126
3db0f57d0d45e7828f83de415030cef13e071e9f
88e08b71f3787dda1ac4b75c1293ddda9d916d1a862dc6efd8f13339ee513366

HTTP Headers

GET /tesler2/img/bg.jpg HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/css/styles.css
Cookie: intgrtn_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:13 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jul 2022 06:15:38 GMT
ETag: W/"62d64c0a-1046d"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: igor
PX-X-Request-Id: 3476a3164284e54fe62676cf230d9310
PX-IPTimestamp: 1662046186 1662617515 1662615713
Content-Encoding: gzip

best-offer-no1.com/tesler2/img/images-1.jpg

185.142.239.209

200 OK

7.3 kB

URL HTTP/1.1
best-offer-no1.com/tesler2/img/images-1.jpg
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.15.0.81154240 0x5caa32d6", progressive, precision 8, 275x183, components 3\012- data
Size
7.3 kB (7305 bytes)
Hash
0ea31a534a513ea93a73c329a576fb7c
8f3ce9a3e4dc607a754c7465287ecc24ec8effe3
a54fac14e0237d9456afab6e842e8a18db9d9304e72b0d7fb45b46a7d88af188

HTTP Headers

GET /tesler2/img/images-1.jpg HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/css/styles.css
Cookie: intgrtn_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:13 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jul 2022 06:15:38 GMT
ETag: W/"62d64c0a-1cbd"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: igor
PX-X-Request-Id: 5844dae8d242d387e42e7dd17a6a2656
PX-IPTimestamp: 1662046186 1662617515 1662615713
Content-Encoding: gzip

best-offer-no1.com/tesler2/img/images.jpg

185.142.239.209

200 OK

8.7 kB

URL HTTP/1.1
best-offer-no1.com/tesler2/img/images.jpg
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Optimized by JPEGmini 3.15.0.81154240 0x0536c97b", progressive, precision 8, 259x194, components 3\012- data
Size
8.7 kB (8747 bytes)
Hash
e57643aa3ceb8b6804e2b8458782d70a
6695c2d867f5151be2d5833f16f75685556d088b
ee165f69b66466477960b4b27baa14ef05add96fe655d1b777a839a47052919b

HTTP Headers

GET /tesler2/img/images.jpg HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/css/styles.css
Cookie: intgrtn_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:13 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jul 2022 06:15:38 GMT
ETag: W/"62d64c0a-2278"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: igor
PX-X-Request-Id: 81e3df57c74a269de1eb4f6dacae3a05
PX-IPTimestamp: 1662046186 1662617515 1662615713
Content-Encoding: gzip

best-offer-no1.com/tesler2/img/webcam_selfie_thingy_something_by_smashingthenew-d79t6tb.jpg

185.142.239.209

200 OK

18 kB

URL HTTP/1.1
best-offer-no1.com/tesler2/img/webcam_selfie_thingy_something_by_smashingthenew-d79t6tb.jpg
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 500x333, components 3\012- data
Size
18 kB (18256 bytes)
Hash
ba008073e49ef258ed40d01516b71cf2
b6883ea75b5640ba80034902f0155bd82b2cfbd2
7d1e2d42c57b9abd04d51fe8d8966df21b0d8e7242c38870e03b0023c4200dcf

HTTP Headers

GET /tesler2/img/webcam_selfie_thingy_something_by_smashingthenew-d79t6tb.jpg HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/css/styles.css
Cookie: intgrtn_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:13 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jul 2022 06:15:38 GMT
ETag: W/"62d64c0a-47ba"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: igor
PX-X-Request-Id: c628fbfc3aa208aca50911fee03d21e0
PX-IPTimestamp: 1662046186 1662617515 1662615713
Content-Encoding: gzip

fonts.googleapis.com/css2?family=Montserrat:wght@500&display=swap

142.250.74.10

200 OK

14 kB

URL HTTP/2
fonts.googleapis.com/css2?family=Montserrat:wght@500&display=swap
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
14 kB (14507 bytes)
Hash
33417c26445f21fcc8d1682a93fae09c
b584693bddf880e0e4c8632594ad829a3c202184
8b86cf7d8dab00ffc4e1da515fd6601ee6cfff7ccddf67b41c3f4f88c6c1f392

HTTP Headers

GET /css2?family=Montserrat:wght@500&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://best-offer-no1.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 08 Sep 2022 06:15:12 GMT
date: Thu, 08 Sep 2022 06:15:12 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

best-offer-no1.com/tesler2/img/lenovo-yoga-tablet2-133-webcam.jpg

185.142.239.209

200 OK

16 kB

URL HTTP/1.1
best-offer-no1.com/tesler2/img/lenovo-yoga-tablet2-133-webcam.jpg
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 675x380, components 3\012- data
Size
16 kB (16256 bytes)
Hash
8a323efdae3ee4b892c019f7bc22ac4a
b4cb0e2b253b636d19b7c97b4ab934f4c42a7a73
18f45e1927ac077bcfc68a22b6b1a62ba186fa79694b3bcc4205dc97d2161f43

HTTP Headers

GET /tesler2/img/lenovo-yoga-tablet2-133-webcam.jpg HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/css/styles.css
Cookie: intgrtn_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:13 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jul 2022 06:15:38 GMT
ETag: W/"62d64c0a-402c"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: igor
PX-X-Request-Id: 78e9c1641624d5c4e9846d67c163468e
PX-IPTimestamp: 1662046186 1662617515 1662615713
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
da05c4b51a3dabf88135becc19f1af52
2c8e928a750eff713ffba9cacff2ee241b22c236
3a718561532594be11fba74ace11458dc337786dacb48c588777120b6916984f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 06:15:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtZ6Hw5aXo.woff2

142.250.74.163

200 OK

13 kB

URL HTTP/2
fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtZ6Hw5aXo.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 12820, version 1.0\012- data
Size
13 kB (12820 bytes)
Hash
3f2f6d9e64a95a40ea5dedfc91f42a95
9cd9f5a2f86f1d42390141d91619a0aa41a276b7
ed121b1a8fbf30998a4ed0a7c8343abe9091ac4744f1c24b602b5d3f962bdb78

HTTP Headers

GET /s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtZ6Hw5aXo.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://best-offer-no1.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12820
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Sep 2022 06:05:47 GMT
expires: Fri, 08 Sep 2023 06:05:47 GMT
cache-control: public, max-age=31536000
age: 566
last-modified: Mon, 11 Jul 2022 18:56:10 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

best-offer-no1.com/tesler2/img/Takingasneakywebcamselfieatworkforadmin_b2902ebf6f9d2adf5899542ba6d47f42.jpg

185.142.239.209

200 OK

10 kB

URL HTTP/1.1
best-offer-no1.com/tesler2/img/Takingasneakywebcamselfieatworkforadmin_b2902ebf6f9d2adf5899542ba6d47f42.jpg
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 500x281, components 3\012- data
Size
10 kB (10401 bytes)
Hash
971cdec87f299035d42f07056f1ac481
a2f34ade105396ce13625391a53cb8f8f6e23a73
103113f0a617684d09cc6129e0f1c4b40faebb0f8c88862acfd22deb97ae0d6a

HTTP Headers

GET /tesler2/img/Takingasneakywebcamselfieatworkforadmin_b2902ebf6f9d2adf5899542ba6d47f42.jpg HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/css/styles.css
Cookie: intgrtn_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:13 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jul 2022 06:15:38 GMT
ETag: W/"62d64c0a-28d2"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: igor
PX-X-Request-Id: ac9f3eee0d579ac454030c06aa002a69
PX-IPTimestamp: 1662046186 1662617515 1662615713
Content-Encoding: gzip

best-offer-no1.com/tesler2/img/dell-selfie.jpg

185.142.239.209

200 OK

24 kB

URL HTTP/1.1
best-offer-no1.com/tesler2/img/dell-selfie.jpg
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 675x380, components 3\012- data
Size
24 kB (24326 bytes)
Hash
e0d5e5ec71023a545d56318741eb4c9c
47c9a85a22cf7c995f841090b2eb88ec8620884f
b1b8b6bfb9d606985257a64480de6acaf7f2a3924de27943815f59e94e392bae

HTTP Headers

GET /tesler2/img/dell-selfie.jpg HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/css/styles.css
Cookie: intgrtn_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:13 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jul 2022 06:15:38 GMT
ETag: W/"62d64c0a-5f58"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: igor
PX-X-Request-Id: d64cf78b7d1bb753642e1c48fcdeeb9d
PX-IPTimestamp: 1662046186 1662617515 1662615713
Content-Encoding: gzip

best-offer-no1.com/tesler2/img/Security-Security-Checked-icon.png

185.142.239.209

200 OK

2.1 kB

URL HTTP/1.1
best-offer-no1.com/tesler2/img/Security-Security-Checked-icon.png
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
PNG image data, 512 x 512, 1-bit colormap, non-interlaced\012- data
Size
2.1 kB (2133 bytes)
Hash
6d48657b0443496b074a8438c6cfd15e
9b09a1ac29546966781788bef983cd7cb7baa51e
18f443c5a7f4a97383d1f72c92ae7cf5df0f034aaec196d6a1696bca4dd1aa2c

HTTP Headers

GET /tesler2/img/Security-Security-Checked-icon.png HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/css/styles.css
Cookie: intgrtn_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:13 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jul 2022 06:15:38 GMT
ETag: W/"62d64c0a-83c"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: igor
PX-X-Request-Id: b6fcdea00ac3015373396d3007970c64
PX-IPTimestamp: 1662046186 1662617515 1662615713
Content-Encoding: gzip

best-offer-no1.com/tesler2/img/computer-5.png

185.142.239.209

200 OK

1.4 kB

URL HTTP/1.1
best-offer-no1.com/tesler2/img/computer-5.png
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
PNG image data, 512 x 512, 4-bit colormap, non-interlaced\012- data
Size
1.4 kB (1434 bytes)
Hash
8ffde50c78b5ae924331ac161b8446aa
4c9438c61cfb7b3d2d4d3c1daedcc1007a22ce58
fc8b5c0201829a9da997e8f4d903f6384cef78fcd429c14dedbd506610c34cd1

HTTP Headers

GET /tesler2/img/computer-5.png HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/css/styles.css
Cookie: intgrtn_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:13 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jul 2022 06:15:38 GMT
ETag: W/"62d64c0a-697"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: igor
PX-X-Request-Id: 65a456d6057cd5277445b2623245b5c9
PX-IPTimestamp: 1662046186 1662617515 1662615713
Content-Encoding: gzip

best-offer-no1.com/tesler2/img/coins.png

185.142.239.209

200 OK

3.0 kB

URL HTTP/1.1
best-offer-no1.com/tesler2/img/coins.png
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
PNG image data, 512 x 512, 1-bit colormap, non-interlaced\012- data
Size
3.0 kB (3012 bytes)
Hash
9402ce044ecd19505725bba499f5a588
9e8e0de39958b775425e30f6062ed68080fe1868
51f6a792534b3458b594b830689956e0098e7e8bda1c657e26e1ed5bc6fd7405

HTTP Headers

GET /tesler2/img/coins.png HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/css/styles.css
Cookie: intgrtn_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:13 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jul 2022 06:15:38 GMT
ETag: W/"62d64c0a-ba8"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: igor
PX-X-Request-Id: 332aa9494445a5880b9eef656136333f
PX-IPTimestamp: 1662046186 1662617515 1662615713
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
da05c4b51a3dabf88135becc19f1af52
2c8e928a750eff713ffba9cacff2ee241b22c236
3a718561532594be11fba74ace11458dc337786dacb48c588777120b6916984f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Sep 2022 06:15:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

best-offer-no1.com/tesler2/img/skylanders_tech_icon_by_omniferious-d4j6186.png

185.142.239.209

200 OK

2.0 kB

URL HTTP/1.1
best-offer-no1.com/tesler2/img/skylanders_tech_icon_by_omniferious-d4j6186.png
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
PNG image data, 200 x 200, 4-bit colormap, non-interlaced\012- data
Size
2.0 kB (1989 bytes)
Hash
7d7795be381cf3386ec876f38adc66a1
4b8d4c91aa8dc400115d0e72dd35211f0bf05f66
a88261d36032ec16de8dfcd67605d646256371871d7e4c38e943d6bf922d2aea

HTTP Headers

GET /tesler2/img/skylanders_tech_icon_by_omniferious-d4j6186.png HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/css/styles.css
Cookie: intgrtn_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:13 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jul 2022 06:15:38 GMT
ETag: W/"62d64c0a-7ae"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: igor
PX-X-Request-Id: 2dd94141390a3f6b4aa43c88bbb376ce
PX-IPTimestamp: 1662046186 1662617515 1662615713
Content-Encoding: gzip

best-offer-no1.com/tesler2/img/shutterstock_146023874.jpg

185.142.239.209

200 OK

18 kB

URL HTTP/1.1
best-offer-no1.com/tesler2/img/shutterstock_146023874.jpg
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x331, components 3\012- data
Size
18 kB (18133 bytes)
Hash
2cd9af55c3e515601e241f54e3829f3a
e28cb2b8307cae1c04cb5ac34c654331e566d7ac
cd46948e28a21a5cd64ac10fa7ffa3d29e897e3b90fd73348db3443ca2527597

HTTP Headers

GET /tesler2/img/shutterstock_146023874.jpg HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/css/styles.css
Cookie: intgrtn_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:13 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jul 2022 06:15:38 GMT
ETag: W/"62d64c0a-4727"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: igor
PX-X-Request-Id: cb1edcd8ed506d9fd918f089e023fed5
PX-IPTimestamp: 1662046186 1662617515 1662615713
Content-Encoding: gzip

best-offer-no1.com/tesler2/img/102398372-google-nasdaq.1910x1000.jpg

185.142.239.209

200 OK

44 kB

URL HTTP/1.1
best-offer-no1.com/tesler2/img/102398372-google-nasdaq.1910x1000.jpg
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 800x419, components 3\012- data
Size
44 kB (43874 bytes)
Hash
d973323926b57646105ac14ff41060bd
b185fe06b899778495c232d1b9b24d53f60b9be5
af4ae129a79f89262843a1ac95829c1d7e7e207e0554482b22aa4f9374a63053

HTTP Headers

GET /tesler2/img/102398372-google-nasdaq.1910x1000.jpg HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/css/styles.css
Cookie: intgrtn_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:13 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jul 2022 06:15:38 GMT
ETag: W/"62d64c0a-ab96"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: igor
PX-X-Request-Id: f5107cdbf5f5cdf1f3a4c7d1d28d5526
PX-IPTimestamp: 1662046186 1662617515 1662615713
Content-Encoding: gzip

best-offer-no1.com/tesler2/img/800x-1.jpg

185.142.239.209

200 OK

53 kB

URL HTTP/1.1
best-offer-no1.com/tesler2/img/800x-1.jpg
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 800x533, components 3\012- data
Size
53 kB (53269 bytes)
Hash
4545a17fb6dffc118d8effb9b8dea61c
f7e602d6f7a6bb75bdd9672113a74ba15e5264d2
0fde00b68b6abb713d4cea0c7425589e27eb5a5a96c40cec8d708ef20e845a73

HTTP Headers

GET /tesler2/img/800x-1.jpg HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/css/styles.css
Cookie: intgrtn_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:13 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jul 2022 06:15:38 GMT
ETag: W/"62d64c0a-d049"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: igor
PX-X-Request-Id: 44ec6d36066fad6c0b5de4842758d3cb
PX-IPTimestamp: 1662046186 1662617515 1662615713
Content-Encoding: gzip

best-offer-no1.com/intgrtn/api/v1/integration/sdk.js?v=120228862

185.142.239.209

200 OK

41 kB

URL HTTP/1.1
best-offer-no1.com/intgrtn/api/v1/integration/sdk.js?v=120228862
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
ASCII text
Size
41 kB (40994 bytes)
Hash
680a0ea22c3aa6a17809b316afb10131
d714b0ec7d1ec1377c38eb12ed68c08ca18acea5
1d9492ef5cb94615461b45cce8a7fc44408b8158fb67aae6d83764cbcd6ae42b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /intgrtn/api/v1/integration/sdk.js?v=120228862 HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/en/index.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 07 Sep 2022 13:28:20 GMT
Vary: Accept-Encoding
ETag: W/"63189c74-5f3f2"
Expires: Fri, 08 Sep 2023 06:15:13 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
X-Server: igor
PX-X-Request-Id: a5b386f30e2e40a1cb371a668dc69dac
PX-IPTimestamp: 1662046186 1662617515 1662615713
PX-Cache-Status: MISS

best-offer-no1.com/tesler2/img/video-index.jpg

185.142.239.209

200 OK

73 kB

URL HTTP/1.1
best-offer-no1.com/tesler2/img/video-index.jpg
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1280x720, components 3\012- data
Size
73 kB (73216 bytes)
Hash
1d577d8d73e81438af1ef9609b9270c2
0af6ce504c9708704a841169dca2e9891d25f24b
45b1621e9ee42bd5a71b30b362a51af00f96da64452fc3417210879cbf59ded0

HTTP Headers

GET /tesler2/img/video-index.jpg HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/en/index.php
Cookie: intgrtn_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:13 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jul 2022 06:15:38 GMT
ETag: W/"62d64c0a-12037"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: igor
PX-X-Request-Id: b3cd53ccae5c68eeefb001cdb770b0d9
PX-IPTimestamp: 1662046186 1662617515 1662615713
Content-Encoding: gzip

best-offer-no1.com/intgrtn/api/v1/integration/sdk.css?v=2.63.2

185.142.239.209

200 OK

8.2 kB

URL HTTP/1.1
best-offer-no1.com/intgrtn/api/v1/integration/sdk.css?v=2.63.2
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
Unicode text, UTF-8 text
Size
8.2 kB (8238 bytes)
Hash
f8d2693bbce48cb3c19117b0d43e9cc4
5a4ed5df84262978776ee5fd1d2418ebde6f08ba
0ec8d1ead3f977cf5f4421c42570d18ac80796c2ccbc6b855af7c68e3470b922

HTTP Headers

GET /intgrtn/api/v1/integration/sdk.css?v=2.63.2 HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/en/index.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:13 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 12:03:08 GMT
Vary: Accept-Encoding
ETag: W/"62e7c0fc-1344e"
Expires: Tue, 01 Aug 2023 12:25:39 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
X-Server: igor
PX-X-Request-Id: b5511c362e7baf7a3287159ed6a4b71d
PX-IPTimestamp: 1662046186 1662617515 1662615713
PX-Cache-Status: HIT

best-offer-no1.com/tesler2/img/favicon.png

185.142.239.209

200 OK

509 B

URL HTTP/1.1
best-offer-no1.com/tesler2/img/favicon.png
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced\012- data
Size
509 B (509 bytes)
Hash
3187c8264085954f70650cc0b8786f32
a502966780c4682516bd54d717ad194b69018975
9b75bbcb1d36898dabf6a408bb62c986bc02dd72fdfdd797208429115a792b44

HTTP Headers

GET /tesler2/img/favicon.png HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/en/index.php
Cookie: intgrtn_language=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:13 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jul 2022 06:15:38 GMT
ETag: W/"62d64c0a-1e6"
X-Upstream: evlampi-***ko
PX-Cache-Status: STALE
X-Server: igor
PX-X-Request-Id: 47155a9d50d35ef60050e6b887844620
PX-IPTimestamp: 1662046186 1662617515 1662615713
Content-Encoding: gzip

best-offer-no1.com/tesler2/media/video-en.mp4

185.142.239.209

206 Partial Content

18 kB

URL HTTP/1.1
best-offer-no1.com/tesler2/media/video-en.mp4
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
ISO Media, MP4 v2 [ISO 14496-14]\012- data
Size
18 kB (18493 bytes)
Hash
cd83de786f1a48444948d441d6a58319
deaa2dd9cf00d19ddf20edf6f2728368e755cabf
871bd229467c057b1dd9a028420a928bc0af586caf20251baa97965fe06122b5

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /tesler2/media/video-en.mp4 HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/en/index.php
Cookie: intgrtn_language=en
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 206 Partial Content
Server: nginx
Date: Thu, 08 Sep 2022 06:15:13 GMT
Content-Type: video/mp4
Content-Length: 346761177
Connection: keep-alive
Last-Modified: Fri, 06 Aug 2021 12:49:42 GMT
ETag: "610d2fe6-14ab27d9"
X-Upstream: stavri-***ko
PX-Cache-Status: STALE
X-Server: igor
PX-X-Request-Id: 08050a264094b667984a5a45b7e02d73
PX-IPTimestamp: 1662046186 1662617515 1662615713
Content-Range: bytes 0-346761176/346761177

best-offer-no1.com/intgrtn/api/v1/projects/agreements.php?type=4

185.142.239.209

200 OK

1.8 kB

URL HTTP/1.1
best-offer-no1.com/intgrtn/api/v1/projects/agreements.php?type=4
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
JSON data\012- , ASCII text, with very long lines (4165), with no line terminators
Size
1.8 kB (1838 bytes)
Hash
f60b4d4fa641aa39f38cd93886eaaa42
5d3b561bdc643550d05a1e10c335e43180b4ea86
8436a40d1f4ec38a99476322c1ecdd09a95527c82af1a8b663743ab6edea91e9

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /intgrtn/api/v1/projects/agreements.php?type=4 HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Intgrtn-Referer: https://best-offer-no1.com/tesler2/en/index.php
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/en/index.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:14 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, origin, content-type, authorization, Cache-Control, X-Requested-With, Intgrtn-Referer
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server: igor
PX-X-Request-Id: 59f67d5cf20421c9179826317018f262
PX-IPTimestamp: 1662046186 1662617515 1662615713

best-offer-no1.com/intgrtn/api/v1/projects/details.php?&language=en

185.142.239.209

200 OK

6.4 kB

URL HTTP/1.1
best-offer-no1.com/intgrtn/api/v1/projects/details.php?&language=en
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
JSON data\012- , ASCII text, with very long lines (44597), with no line terminators
Size
6.4 kB (6359 bytes)
Hash
e7288276a148d7f548e7970487d4e948
daf32d5d97388e9460a2671578a077b153872ad9
347d16164e872ce7c4e83e38891a255f12de86606f8285d9e6d24822c7d995d7

HTTP Headers

GET /intgrtn/api/v1/projects/details.php?&language=en HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Intgrtn-Referer: https://best-offer-no1.com/tesler2/en/index.php
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/en/index.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:14 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, origin, content-type, authorization, Cache-Control, X-Requested-With, Intgrtn-Referer
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server: igor
PX-X-Request-Id: ed948a370c2becd15895c6845208909d
PX-IPTimestamp: 1662046186 1662617515 1662615713

best-offer-no1.com/intgrtn/api/v1/projects/agreements.php?type=4

185.142.239.209

200 OK

1.8 kB

URL HTTP/1.1
best-offer-no1.com/intgrtn/api/v1/projects/agreements.php?type=4
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
JSON data\012- , ASCII text, with very long lines (4164), with no line terminators
Size
1.8 kB (1836 bytes)
Hash
dcbbb454a94fccab5aee3e6ac7fbdb11
509f024d54ca1346839718b5c105fc8abebdd596
c866217111305d39af799712aa6944f55bbb07d278aaff3076591d296e0663ae

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /intgrtn/api/v1/projects/agreements.php?type=4 HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Intgrtn-Referer: https://best-offer-no1.com/tesler2/en/index.php
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/en/index.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:14 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, origin, content-type, authorization, Cache-Control, X-Requested-With, Intgrtn-Referer
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server: igor
PX-X-Request-Id: 5bb58c13d5a0b93a671fbc719798e755
PX-IPTimestamp: 1662046186 1662617515 1662615713

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4160
Expires: Thu, 08 Sep 2022 07:24:34 GMT
Date: Thu, 08 Sep 2022 06:15:14 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4160
Expires: Thu, 08 Sep 2022 07:24:34 GMT
Date: Thu, 08 Sep 2022 06:15:14 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4160
Expires: Thu, 08 Sep 2022 07:24:34 GMT
Date: Thu, 08 Sep 2022 06:15:14 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4160
Expires: Thu, 08 Sep 2022 07:24:34 GMT
Date: Thu, 08 Sep 2022 06:15:14 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4160
Expires: Thu, 08 Sep 2022 07:24:34 GMT
Date: Thu, 08 Sep 2022 06:15:14 GMT
Connection: keep-alive

best-offer-no1.com/intgrtn/api/v1/events/add.php

185.142.239.209

200 OK

161 B

URL HTTP/1.1
best-offer-no1.com/intgrtn/api/v1/events/add.php
IP
185.142.239.209:0
ASN
#174 COGENT-174

File type
JSON data\012- , ASCII text, with no line terminators
Size
161 B (161 bytes)
Hash
ef541d3b564dee7d46566b2939c50f83
f270049b8489b4442fc9f8d1a36a44ede41b551c
fc86263d353ba77a0f9e21bce9fbc60258b53297227ef4f399b98b8a9be567a1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /intgrtn/api/v1/events/add.php HTTP/1.1
Host: best-offer-no1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Intgrtn-Referer: https://best-offer-no1.com/tesler2/en/index.php
Content-Length: 30
Origin: https://best-offer-no1.com
Connection: keep-alive
Referer: https://best-offer-no1.com/tesler2/en/index.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 08 Sep 2022 06:15:14 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://best-offer-no1.com
Access-Control-Allow-Headers: accept, origin, content-type, authorization, Cache-Control, X-Requested-With, Intgrtn-Referer
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server: igor
PX-X-Request-Id: 3882d93e04b691b071760c1b506c754d
PX-IPTimestamp: 1662046186 1662617515 1662615713

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6069f6c-2029-46b3-9867-5eaeb96d65e7.jpeg

34.120.237.76

200 OK

7.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6069f6c-2029-46b3-9867-5eaeb96d65e7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.9 kB (7885 bytes)
Hash
7ca5b5d4ac26d97b5729a30ecdc688bc
3e633bc6c4ab9adfe84899e5209d73bef1d097eb
2c8275d1819d933f86df9685b76aea030842ba5a341c59ea88ffd2da99a5a3d5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6069f6c-2029-46b3-9867-5eaeb96d65e7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7885
x-amzn-requestid: 305dc6b7-eb3d-40ad-af89-8b60be935637
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9ThE3DIAMFRtA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f49-7c0b58644e26de7f27c5b388;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:38:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Ry2D03udnweYHan_7KhC9IDhT01g9_73G40Fa10BdIX21tgK0Cgjiw==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 21:48:35 GMT
etag: "3e633bc6c4ab9adfe84899e5209d73bef1d097eb"
content-type: image/jpeg
age: 30399
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb5a39739-e855-4625-859f-7e2fed3d2511.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12107 bytes)
Hash
a9ca2de4e61d1aae73da7d13ad3ec727
15cefe1e2be8ad63e40cfe02c2f5f8c59af015ad
911550bc2b8e4c4aad215692361fe494275002f89faa9eae2e2fc2664da1107c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb5a39739-e855-4625-859f-7e2fed3d2511.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12107
x-amzn-requestid: 9ea883d8-b844-49d0-8651-67124d2c0852
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9TgHANIAMF5rQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f49-137ad22c52baa6fb04ae190d;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:38:17 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: P5OHHQ3YLSEkmgy4GUF6SfbGkPlrVxokjSQuZLVstQDT1DpLDtGEvg==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 27f6faf9790b5a2877fb528fa31f7922.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:03:47 GMT
age: 29487
etag: "15cefe1e2be8ad63e40cfe02c2f5f8c59af015ad"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08c16db0-fc0c-4dde-ae07-9586e9adb562.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.3 kB (9255 bytes)
Hash
f691eddbd9502201c90f81568f4f63fc
6ed123d7a797b7eb52a34e87c79aa8562bede4e1
6d2b6ff8acdc63829050d68084997737ac8cbbe52aba6189ab8908f7dcb800b4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08c16db0-fc0c-4dde-ae07-9586e9adb562.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9255
x-amzn-requestid: f4092ba2-d141-44cf-8e0e-a4ee46b397ad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9ThFAeoAMFUPw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f49-4ee1ceb30135f4e1763e98b9;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:38:17 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: A60P-w4aO0T7up7sTYS72sWYlUao4cCXXE7B3QAv5Zy8-zDbIUWCeQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 ece5d4a731ece5ff46c564ab2b946ede.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 21:44:32 GMT
age: 30642
etag: "6ed123d7a797b7eb52a34e87c79aa8562bede4e1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0564fe6-5557-4644-ba02-30e6de571e27.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.9 kB (7923 bytes)
Hash
786824349d0ac6933b5beb4a10ce9cc7
63e6e7d760e736c45ca4778111ea8e61eb13edd6
4aea707f67116f423b68bd19e946b167b48c920693663f2b7b270c86947bffdb

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0564fe6-5557-4644-ba02-30e6de571e27.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7923
x-amzn-requestid: 657663ba-b3e9-4a84-9186-3f13ad230765
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9VsGsQoAMFlSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f57-6fc934984bba83fe1b91056f;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:38:31 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: WSGEVR0aSN0fgOzZ7GRMqgQ7z8UqIJ72nRk4_T2-C7ViLZgDMIEcDw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 79880188a81becf1687ba18c0e064230.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:28:23 GMT
age: 28011
etag: "63e6e7d760e736c45ca4778111ea8e61eb13edd6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5314d83a-c7f9-468e-8b42-535c4fae5d85.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7492 bytes)
Hash
a07d553b6441514870ed7e9e989a29a7
98c145b9326d1e6036fa9089d87a25232dd45b0b
373a586b596016baeb8de98022207c25af24c099c06077edbdfd837cffc31a0e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5314d83a-c7f9-468e-8b42-535c4fae5d85.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7492
x-amzn-requestid: 2c5e9ff3-c7a4-4a8f-96bf-74f0ca5d9137
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9dOHguIAMFjGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f87-70dbe6532b1a241e6dbe729e;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:39:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: 6mfdlMHJozdykr4faiijvUuJPXVrJGU_n0MxJgCrZ-uWWdejGYfiAQ==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 020978022b22df6352245f09cfbc410c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:33:06 GMT
age: 27728
etag: "98c145b9326d1e6036fa9089d87a25232dd45b0b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ee600c8-d25e-4cb3-93cb-f1970d300d9c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8643 bytes)
Hash
c316fd8a538a8c998ef49d399e9b0692
1fbcbd73de88723e5a42ec1ecb131b94deb1c88e
1a34abee1bf6b76733ba2ca97a5c053b67bd6cd48f6953fc53798c77385cd781

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4ee600c8-d25e-4cb3-93cb-f1970d300d9c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8643
x-amzn-requestid: 663e595c-db96-40aa-af51-7628b4c536fc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YDkkoFTvIAMFimw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6317b483-7a2d96f41413f89f1fc3acb4;Sampled=0
x-amzn-remapped-date: Tue, 06 Sep 2022 20:58:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: CZ1qUdeqBSDB3XHDy6QYWptdZ1aFWLSBTYwWwOvec0H0-m921E5s_g==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:05:02 GMT
age: 29412
etag: "1fbcbd73de88723e5a42ec1ecb131b94deb1c88e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (63)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP

ASN

File type