Overview

URL marfina-gah-99b954.ingress-daribow.ewp.live/sgb/cm/cc.php
IP63.250.43.13
ASNNAMECHEAP-NET
Location United States
Report completed2022-10-01 09:08:54 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-09-30 2 marfina-gah-99b954.ingress-daribow.ewp.live/sgb/cm/cc.php Societe Generale
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-10-01 2 marfina-gah-99b954.ingress-daribow.ewp.live/sgb/cm/cc.php Phishing
2022-10-01 2 marfina-gah-99b954.ingress-daribow.ewp.live/sgb/cm/files/img/logo-sg.svg Phishing
2022-10-01 2 marfina-gah-99b954.ingress-daribow.ewp.live/sgb/cm/files/img/logo-sg-muet.svg Phishing
2022-10-01 2 marfina-gah-99b954.ingress-daribow.ewp.live/sgb/cm/files/img/logo-sg-seul.svg Phishing
2022-10-01 2 marfina-gah-99b954.ingress-daribow.ewp.live/sgb/cm/files/fonts/sourcesanspr (...) Phishing
2022-10-01 2 marfina-gah-99b954.ingress-daribow.ewp.live/sgb/cm/files/fonts/sourcesanspr (...) Phishing
2022-10-01 2 marfina-gah-99b954.ingress-daribow.ewp.live/sgb/cm/files/fonts/sourcesanspr (...) Phishing
2022-10-01 2 marfina-gah-99b954.ingress-daribow.ewp.live/sgb/cm/files/fonts/sourcesanspr (...) Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (10)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-10-01 04:10:38 UTC 93.184.220.29
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-10-01 05:28:34 UTC 35.164.56.167
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-10-01 04:22:38 UTC 34.120.237.76
mnemonic passive DNS r3.o.lencr.org (5) 344 2020-12-02 08:52:13 UTC 2022-10-01 04:59:16 UTC 23.36.77.32
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-10-01 05:17:12 UTC 108.156.28.102
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-10-01 05:00:18 UTC 34.117.237.239
mnemonic passive DNS marfina-gah-99b954.ingress-daribow.ewp.live (16) 0 2022-09-30 20:25:03 UTC 2022-10-01 06:43:45 UTC 63.250.43.14 Unknown ranking
mnemonic passive DNS cdnjs.cloudflare.com (1) 235 2020-10-20 10:17:36 UTC 2022-10-01 04:58:32 UTC 104.17.24.14
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-27 20:08:30 UTC 2022-10-01 05:49:58 UTC 18.165.201.17
mnemonic passive DNS ocsp.sectigo.com (1) 487 2018-12-17 11:31:55 UTC 2022-10-01 04:08:14 UTC 172.64.155.188


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 63.250.43.13

Date UQ / IDS / BL URL IP
2022-12-06 07:40:19 +0000
0 - 0 - 8 10ztalk.com/australian-crypto-exchange-swyftx (...) 63.250.43.13
2022-12-05 04:07:24 +0000
0 - 0 - 18 bulqiza.info/ 63.250.43.13
2022-11-10 20:54:06 +0000
0 - 0 - 9 mariyasohail.com/ 63.250.43.13
2022-11-10 09:09:20 +0000
0 - 0 - 5 slokvines-bfd0bd.ingress-daribow.ewp.live/wp- (...) 63.250.43.13
2022-11-09 17:13:23 +0000
0 - 0 - 6 chtvsch-bfd0bd.ingress-daribow.ewp.live/wp-co (...) 63.250.43.13

Last 5 reports on ASN: NAMECHEAP-NET

Date UQ / IDS / BL URL IP
2022-12-09 19:32:09 +0000
0 - 0 - 10 sportssoccer.club/89/9.php 162.213.255.12
2022-12-09 19:10:27 +0000
0 - 0 - 3 annearundelthrives.com/wp-content/uploads/202 (...) 162.0.235.235
2022-12-09 19:03:32 +0000
8 - 0 - 0 netfiberperu.com/one 198.54.114.145
2022-12-09 18:39:00 +0000
0 - 0 - 2 agriturismolagodoro.com/images/free-coins-coi (...) 68.65.123.94
2022-12-09 18:12:02 +0000
0 - 0 - 1 aleairyco.com/OV6_ENCODE.zip 162.0.234.142

Last 5 reports on domain: ewp.live

Date UQ / IDS / BL URL IP
2022-12-09 07:25:35 +0000
5 - 0 - 17 madoriko-c1c54d.ingress-bonde.ewp.live/DF/b97 (...) 63.250.43.2
2022-12-09 07:05:40 +0000
0 - 0 - 15 madoriko-c1c54d.ingress-bonde.ewp.live/DF/b97 (...) 63.250.43.2
2022-12-09 07:05:28 +0000
0 - 0 - 17 madoriko-c1c54d.ingress-bonde.ewp.live/DF/b97 (...) 63.250.43.1
2022-12-09 06:37:55 +0000
4 - 0 - 17 madoriko-c1c54d.ingress-bonde.ewp.live/DF/b97 (...) 63.250.43.1
2022-12-05 11:19:39 +0000
0 - 0 - 17 xvideo-984abb.ingress-erytho.ewp.live/wp-login.php 63.250.43.132

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-12-07 12:43:30 +0000
15 - 0 - 1 monmessagerie.admiring-tereshkova.64-235-58-1 (...) 64.235.58.135
2022-12-07 12:43:27 +0000
19 - 0 - 1 www.monmessagerie.admiring-tereshkova.64-235- (...) 64.235.58.135
2022-11-05 13:54:42 +0000
0 - 0 - 9 galleryofthemind.com/wp-includes/ss/sgsp/sg/cc.php 67.195.197.25
2022-11-05 13:54:22 +0000
0 - 0 - 9 galleryofthemind.com/wp-includes/ss/sgsp/sg/t (...) 67.195.197.25
2022-10-25 20:17:50 +0000
0 - 0 - 11 northmaxfilm.com/supports/SG/tel.php 142.11.209.226


JavaScript

Executed Scripts (6)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (35)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         18.165.201.17
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 01 Oct 2022 09:02:27 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 680c9e756bdd27fcfeee763a87afaa06.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: FwcOYajExoE-UUq07QQgBNCEyHmZrnZ-Is0Pu9F2DZ7oSFit6K49aQ==
Age: 377


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A382476D14B6AE14003333E7ACDFBBD9AE8775D4C1A7D5C31116F33987043CFF"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5187
Expires: Sat, 01 Oct 2022 10:35:11 GMT
Date: Sat, 01 Oct 2022 09:08:44 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         108.156.28.102
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 01 Oct 2022 03:39:03 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 a6a1a17bbe377bf7c4423397c71959da.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: OA85cv8uX7-8B-w26kA-Xc6I64wCrrklWXqwibLj3honVI-SH8bwbw==
age: 20128
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 09:08:44 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 28 Sep 2022 03:33:21 GMT
Expires: Wed, 05 Oct 2022 03:33:20 GMT
Etag: "7da37f1930fd2276d82309b76a3c3250f32e80c4"
Cache-Control: max-age=324875,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75340e311da1b512-OSL

                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sat, 01 Oct 2022 09:08:44 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /sgb/cm/cc.php HTTP/1.1 
Host: marfina-gah-99b954.ingress-daribow.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         63.250.43.14
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
server: nginx
date: Sat, 01 Oct 2022 00:20:27 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
content-encoding: gzip
x-cacheable: YES
age: 31697
x-cache: HIT
accept-ranges: bytes
content-length: 3529
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text
Size:   3529
Md5:    2daf208a5f934565ae2557823a542a88
Sha1:   86195b5cbc8567add031434f7807f7e74fc0e586
Sha256: 1166b6e0d7c4be4c0352a1932cb964737db1cf38f6e8a30ec683726cf6f12fee

Alerts:
  Blocklists:
    - openphish: Societe Generale
    - fortinet: Phishing
                                        
                                            GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://marfina-gah-99b954.ingress-daribow.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.17.24.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Sat, 01 Oct 2022 09:08:44 GMT
content-length: 27433
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-1538f"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1960726
expires: Thu, 21 Sep 2023 09:08:44 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aTz00ey8jekCGRp1k4h%2FilfWFUf8pogjCWwetmfVxJ2Ppo6%2BOgdJXRizgDZFDyZ%2FAuDGWBgDy23EcaxtDjaMoY9e94BqpT6huEsreBAsW5EytOujG2so9HU4FsPC%2Boh8oV9b0MHk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 75340e332f3e0b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   27433
Md5:    77bd61b98f7b67af56639229724f8dd4
Sha1:   f04f07dd8ff53e58c32b738f81b71a014bca441d
Sha256: 8ce54c3b77bf31899b27b29188ff4936b580f2bd2b3222d43dda2851ba272e24
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         18.165.201.17
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Sat, 01 Oct 2022 08:33:21 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Sat, 01 Oct 2022 09:12:20 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 17d60a367e7e38c01f5a3242a9a3e784.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: whlTUp_YwNxKbMe5u8OQxV9QPYrzwtjLsUKqmws6I7Fti7RSFI-Yng==
Age: 2151


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /sgb/cm/files/css/index_20190723161948.min.css HTTP/1.1 
Host: marfina-gah-99b954.ingress-daribow.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://marfina-gah-99b954.ingress-daribow.ewp.live/sgb/cm/cc.php
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         63.250.43.14
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Sat, 01 Oct 2022 00:18:07 GMT
last-modified: Fri, 30 Sep 2022 12:13:09 GMT
vary: Accept-Encoding
etag: W/"6336dd55-41496"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 31836
x-cache: HIT
accept-ranges: bytes
content-length: 34184
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (310), with CRLF line terminators
Size:   34184
Md5:    2a7d52b5c7e2f26f67dd0d624ca21222
Sha1:   28b1e6690d49f10ba961aae516e05a85539fac4f
Sha256: ee377083a5359817ac5191d60a76700b6fd259259a9cf30356302833a8a5bc38
                                        
                                            GET /sgb/cm/files/css/spec56_btn_gsm_all_gcd_20190320190559.min.css HTTP/1.1 
Host: marfina-gah-99b954.ingress-daribow.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://marfina-gah-99b954.ingress-daribow.ewp.live/sgb/cm/cc.php
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         63.250.43.14
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Sat, 01 Oct 2022 00:18:07 GMT
last-modified: Fri, 30 Sep 2022 12:13:09 GMT
vary: Accept-Encoding
etag: W/"6336dd55-39c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 31836
x-cache: HIT
accept-ranges: bytes
content-length: 319
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   319
Md5:    f40ddb3cf4b4ff6d2d4077b47d42867f
Sha1:   cc0bd85164b085b6dc17450107cbeb25dc562270
Sha256: fa63c74bd568e45d82556fd70dbdfb05aa7241af3f61ebe9b8d5c66aae35bf08
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4192
Cache-Control: 'max-age=158059'
Date: Sat, 01 Oct 2022 09:08:45 GMT
Last-Modified: Sat, 01 Oct 2022 07:58:53 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /sgb/cm/files/css/inbenta.css HTTP/1.1 
Host: marfina-gah-99b954.ingress-daribow.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://marfina-gah-99b954.ingress-daribow.ewp.live/sgb/cm/cc.php
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         63.250.43.14
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Sat, 01 Oct 2022 00:18:07 GMT
last-modified: Fri, 30 Sep 2022 12:13:09 GMT
vary: Accept-Encoding
etag: W/"6336dd55-2268a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 31836
x-cache: HIT
accept-ranges: bytes
content-length: 17291
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65307)
Size:   17291
Md5:    0108c436d1f05450f505716110833523
Sha1:   bba51682b04fe9c658c7aeed61e6fe449f1f4725
Sha256: 7bae130c9346fcbd3b70b9d9ba849ba5de9c55ac744f875348b5683915759762
                                        
                                            GET /sgb/cm/files/css/style.css HTTP/1.1 
Host: marfina-gah-99b954.ingress-daribow.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://marfina-gah-99b954.ingress-daribow.ewp.live/sgb/cm/cc.php
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         63.250.43.14
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Sat, 01 Oct 2022 00:18:08 GMT
last-modified: Fri, 30 Sep 2022 12:13:09 GMT
vary: Accept-Encoding
etag: W/"6336dd55-2c10f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 31836
x-cache: HIT
accept-ranges: bytes
content-length: 28257
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1330), with CRLF line terminators
Size:   28257
Md5:    0e445454bcf748a7c9150203642f2901
Sha1:   6ca6e6fc70bdc3224b1ec0564fcfa5e9012db421
Sha256: 4c1cec0e70b8227d3c16c5280f25af6c86891e19167b4bcaf9ba1c45929f01bf
                                        
                                            GET /sgb/cm/files/img/logo-sg.svg HTTP/1.1 
Host: marfina-gah-99b954.ingress-daribow.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://marfina-gah-99b954.ingress-daribow.ewp.live/sgb/cm/cc.php
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         63.250.43.14
HTTP/2 200 OK
content-type: image/svg+xml
                                        
server: nginx
date: Sat, 01 Oct 2022 00:18:08 GMT
last-modified: Fri, 30 Sep 2022 12:13:09 GMT
vary: Accept-Encoding
etag: W/"6336dd55-a6a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 31835
x-cache: HIT
accept-ranges: bytes
content-length: 1265
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2331), with CRLF line terminators
Size:   1265
Md5:    27e9010a6148011c51ba0ec05d90501a
Sha1:   6f013759fa94d0f6063a761789f923767efcd768
Sha256: bd77be7ced7de96a82c53216ad5f3cd5a96bc642ef78ec6d8d01ba95a87d02da

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /sgb/cm/files/img/logo-sg-muet.svg HTTP/1.1 
Host: marfina-gah-99b954.ingress-daribow.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://marfina-gah-99b954.ingress-daribow.ewp.live/sgb/cm/cc.php
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         63.250.43.14
HTTP/2 200 OK
content-type: image/svg+xml
                                        
server: nginx
date: Sat, 01 Oct 2022 00:18:08 GMT
last-modified: Fri, 30 Sep 2022 12:13:09 GMT
vary: Accept-Encoding
etag: W/"6336dd55-192"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 31835
x-cache: HIT
accept-ranges: bytes
content-length: 244
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with CRLF line terminators
Size:   244
Md5:    42a037b610c181e06c95fa0d0c39d617
Sha1:   7cec7afdce9b03d0c5c21253b026ff39a1822327
Sha256: 3b9b4b967c759e81871b1a3ef36736b69a81fc25cb8a70894cf864c35e705aa2

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /sgb/cm/files/img/loader.gif HTTP/1.1 
Host: marfina-gah-99b954.ingress-daribow.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://marfina-gah-99b954.ingress-daribow.ewp.live/sgb/cm/cc.php
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         63.250.43.14
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Sat, 01 Oct 2022 00:20:12 GMT
content-length: 1379
last-modified: Fri, 30 Sep 2022 12:13:09 GMT
etag: "6336dd55-563"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 31712
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 50 x 10\012- data
Size:   1379
Md5:    56e2ee0bb059a8935c7202981a138aec
Sha1:   cd034b57040a779d70f2a5a19ef2833776daa4a3
Sha256: 31bf10d91090efb0932a4560d50ce0ed40e9d961374175331b008be7865142d6
                                        
                                            GET /sgb/cm/files/img/logo-sg-seul.svg HTTP/1.1 
Host: marfina-gah-99b954.ingress-daribow.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://marfina-gah-99b954.ingress-daribow.ewp.live/sgb/cm/cc.php
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         63.250.43.14
HTTP/2 200 OK
content-type: image/svg+xml
                                        
server: nginx
date: Sat, 01 Oct 2022 00:18:08 GMT
last-modified: Fri, 30 Sep 2022 12:13:09 GMT
vary: Accept-Encoding
etag: W/"6336dd55-be2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 31835
x-cache: HIT
accept-ranges: bytes
content-length: 1444
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1433), with CRLF line terminators
Size:   1444
Md5:    bb2aa7ab4f7c5f2d1593653c889c43fc
Sha1:   f21b0eabca14825403e2808ac54db7ee8a376dbe
Sha256: 7f66ca66aa2659cd9cb21aaa8b6a67b11a329728cf5a1360052fd8b790e38059

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /sgb/cm/files/css/print_20190320190559.min.css HTTP/1.1 
Host: marfina-gah-99b954.ingress-daribow.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://marfina-gah-99b954.ingress-daribow.ewp.live/sgb/cm/cc.php
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         63.250.43.14
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Sat, 01 Oct 2022 00:16:14 GMT
last-modified: Fri, 30 Sep 2022 12:13:09 GMT
vary: Accept-Encoding
etag: W/"6336dd55-bfb"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 31950
x-cache: HIT
accept-ranges: bytes
content-length: 874
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3067), with no line terminators
Size:   874
Md5:    21b1caf86568a47fdf5bc7f13f19c4fc
Sha1:   2b7682edd83930d59f1ccbe60b9a80b01b55bfaf
Sha256: 3e008da782bed1dc334296ad9339d68c0a0747859058f9a17b6c63d898dc3c41
                                        
                                            GET /sgb/cm/files/img/trame.png HTTP/1.1 
Host: marfina-gah-99b954.ingress-daribow.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://marfina-gah-99b954.ingress-daribow.ewp.live/sgb/cm/files/css/index_20190723161948.min.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         63.250.43.14
HTTP/2 200 OK
content-type: image/png
                                        
server: nginx
date: Sat, 01 Oct 2022 00:18:08 GMT
content-length: 208
last-modified: Fri, 30 Sep 2022 12:13:09 GMT
etag: "6336dd55-d0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 31836
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced\012- data
Size:   208
Md5:    f9dc6373846a99bfe761d3427d50632d
Sha1:   685843d14882374bcf6b0798ab60bbecc84567a8
Sha256: d41b3311daa52ffdfb112169926c6b68fee615ea6c72abac25fa1dbe799131d5
                                        
                                            GET /sgb/cm/files/fonts/sourcesanspro-regular.eot HTTP/1.1 
Host: marfina-gah-99b954.ingress-daribow.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://marfina-gah-99b954.ingress-daribow.ewp.live/sgb/cm/files/css/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         63.250.43.14
HTTP/2 404 Not Found
content-type: text/html
                                        
server: nginx
date: Sat, 01 Oct 2022 09:08:45 GMT
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   146
Md5:    8eec510e57f5f732fd2cce73df7b73ef
Sha1:   3c0af39ecb3753c5fee3b53d063c7286019eac3b
Sha256: 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /sgb/cm/files/fonts/sourcesanspro-semibold.eot HTTP/1.1 
Host: marfina-gah-99b954.ingress-daribow.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://marfina-gah-99b954.ingress-daribow.ewp.live/sgb/cm/files/css/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         63.250.43.14
HTTP/2 404 Not Found
content-type: text/html
                                        
server: nginx
date: Sat, 01 Oct 2022 09:08:45 GMT
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   146
Md5:    8eec510e57f5f732fd2cce73df7b73ef
Sha1:   3c0af39ecb3753c5fee3b53d063c7286019eac3b
Sha256: 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: g3lWhZaEE6SZiU5BCs6SYA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         35.164.56.167
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 7RhylSovuQ3o4w/UlwgPqNSgYbA=

                                        
                                            GET /sgb/cm/files/fonts/sourcesanspro-regular.woff HTTP/1.1 
Host: marfina-gah-99b954.ingress-daribow.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://marfina-gah-99b954.ingress-daribow.ewp.live/sgb/cm/files/css/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         63.250.43.14
HTTP/2 200 OK
content-type: font/woff
                                        
server: nginx
date: Sat, 01 Oct 2022 00:18:09 GMT
content-length: 75420
last-modified: Fri, 30 Sep 2022 12:13:09 GMT
etag: "6336dd55-1269c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: https://marfina-gah-99b954.ingress-daribow.ewp.live
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 31836
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format, CFF, length 75420, version 0.0\012- data
Size:   75420
Md5:    52f5045b30343cd0e0a5acbd215a50e9
Sha1:   dc37d3ef1b5939ad6a5dfae601ae183c503095f2
Sha256: f679efce1ea9cbed26a573aa8c8db1d01fe51abe4fcc2a77d18ab7bcb03e0bb1

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /sgb/cm/files/fonts/sourcesanspro-semibold.woff HTTP/1.1 
Host: marfina-gah-99b954.ingress-daribow.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://marfina-gah-99b954.ingress-daribow.ewp.live/sgb/cm/files/css/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         63.250.43.14
HTTP/2 200 OK
content-type: font/woff
                                        
server: nginx
date: Sat, 01 Oct 2022 00:18:09 GMT
content-length: 74996
last-modified: Fri, 30 Sep 2022 12:13:09 GMT
etag: "6336dd55-124f4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: https://marfina-gah-99b954.ingress-daribow.ewp.live
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
x-cacheable: YES
age: 31836
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format, CFF, length 74996, version 0.0\012- data
Size:   74996
Md5:    f079be3e96761bf618ea2a5b314eb014
Sha1:   2aad9b3d874cdd21ee8496738af5f5b94c7382a0
Sha256: b2106f33585940e944fac6de500dd767c4592692689c001c45c475476583404e

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /sgb/cm/files/img/favicon.ico HTTP/1.1 
Host: marfina-gah-99b954.ingress-daribow.ewp.live
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://marfina-gah-99b954.ingress-daribow.ewp.live/sgb/cm/cc.php
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         63.250.43.14
HTTP/2 200 OK
content-type: image/x-icon
                                        
server: nginx
date: Sat, 01 Oct 2022 00:16:34 GMT
last-modified: Fri, 30 Sep 2022 12:13:09 GMT
vary: Accept-Encoding
etag: W/"6336dd55-13e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 31930
x-cache: HIT
accept-ranges: bytes
content-length: 116
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon, 16x16, 16 colors\012- data
Size:   116
Md5:    5febc34748cd56acf2aa6d91656e2177
Sha1:   537d67534a3730a970e4dd5ae3254208f498fe2c
Sha256: cd3a435ef78098ec34bcb93bee204b67feca5126316b389b093932b647767523
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3323
Expires: Sat, 01 Oct 2022 10:04:09 GMT
Date: Sat, 01 Oct 2022 09:08:46 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3323
Expires: Sat, 01 Oct 2022 10:04:09 GMT
Date: Sat, 01 Oct 2022 09:08:46 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3323
Expires: Sat, 01 Oct 2022 10:04:09 GMT
Date: Sat, 01 Oct 2022 09:08:46 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "25F075EFFBD8ACDED8F38D69EA17F673DE3E197B635274D4C52411EF577FE8E7"
Last-Modified: Thu, 29 Sep 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3323
Expires: Sat, 01 Oct 2022 10:04:09 GMT
Date: Sat, 01 Oct 2022 09:08:46 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fc3f7b5-4c80-4662-ba8b-7997bdbdb6a3.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8299
x-amzn-requestid: 91eed6b6-632f-472b-93d7-4192425fcdfd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSxLDF0SoAMFWgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376246-17bb04894cc786555d693ec3;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:40:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: pt23XcORl063B99HGVhjQwBrS36T7GBIAQO7StLrEH8PKIc4edxQwQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 21:52:55 GMT
age: 40551
etag: "2df7db53629c7adda2c0a4dfe9c17791b73a75e1"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8299
Md5:    0d31a422078d02bda318c693c05a58dc
Sha1:   2df7db53629c7adda2c0a4dfe9c17791b73a75e1
Sha256: a07fe4e135b52da6dfa9d8a55684f0a3bf5f5ce52c4064c8ab37836a939902a9
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6315
x-amzn-requestid: f0791b53-3c5f-4d94-954d-992a529ebb60
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZPnunF35oAMFYbg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63361ff6-2adb303349153ced73ccecf6;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 22:45:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: F3fk5JnJ9ZFNPan-8DuLb4kuTiYKfniBar3qNlsuqd8a0saW3sEGvQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 04:41:31 GMT
age: 16035
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6315
Md5:    206fb65e75dbadf119512f71e0b78402
Sha1:   58ff0bf8ce7528b303d28bab01a80ad721705569
Sha256: 56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc003298b-5703-480c-8a4c-fffa9abe5028.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8091
x-amzn-requestid: 78ccaa77-230e-4aa1-a409-7b2a444df9ea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSxLDF_OIAMFpdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376246-0384396f2ed848bc1c17e1b7;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:40:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: G75a-PITD4Wmlxxk_rrpRWNytSGNZlrL_JeoR4A_w6vshDkmRlouPw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 21:52:58 GMT
age: 40548
etag: "0cd9a66508c343b43b095ac7f550919ec35097d3"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8091
Md5:    9466667cfaaedbb374259e8fb8dd63e3
Sha1:   0cd9a66508c343b43b095ac7f550919ec35097d3
Sha256: bb70996bea518ba4ddc2c269e9a7c9bea3a9c91fed124a29570828b89250764c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46fd1600-2a91-4b2c-8b8b-5f8bdd64364a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3885
x-amzn-requestid: 6e42fb31-7c36-4551-b124-b4a31807a223
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZDlUaFjXIAMFbrg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63314f4f-54e426f20cdec55272e3b9ec;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 07:05:51 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: QEzjyCz02zrS4ZKJfaSPDI95gZJCMS8LrusxCQtsx1PjSkEYQwG0Ww==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 23:55:27 GMT
age: 33199
etag: "0ff6e67904c9e00a4e3dda9e5ef2007ec7426018"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3885
Md5:    0de8b7bbf1fbb1da9d346d6995a7b7a4
Sha1:   0ff6e67904c9e00a4e3dda9e5ef2007ec7426018
Sha256: 9c1e15fd02fb1129821410b33b60b3fede2338f7971bfd93b1547d12255d840b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b0d9d19-67ea-434c-8233-4ac3ec9e78e7.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6959
x-amzn-requestid: eaf91f33-2fe3-4ed5-b89c-6199c2f17651
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSxLCF6toAMFSDg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376246-3b8c7f290ffda97b2d179433;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:40:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qAOX_0r1sA_Bzn-UjQXmLObAYDyjiTU45aNSOPFt8ucUOyKfrw5ieg==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 21:52:59 GMT
age: 40547
etag: "c09ee0f2be578f0067b2ed0237d565a04438147e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6959
Md5:    21e55a6ca7350ed834993a486e138de1
Sha1:   c09ee0f2be578f0067b2ed0237d565a04438147e
Sha256: 124ca8ae6e3f7c7bb28f0d47fa693753884261ed61896eccf7bc13f249fc8960
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ae73d97-d8e4-4f93-bf30-c175fc72b008.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10201
x-amzn-requestid: 62562627-78a8-4c17-bf6c-b2c986b9ee8f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSxLCFH3IAMFoFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376246-69637d745165485171ca73b9;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:40:22 GMT
x-amz-cf-pop: SEA73-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 9wh9cCXRRlyQy8kXzSCNzMQSmac9iwgkRBrgyTtaMr6m2vXPRxVogg==
via: 1.1 6a63e853422f3197776fb098fab5a416.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 21:55:26 GMT
etag: "49798c4a15545a49f3870b2a16af78dbf8e168cc"
age: 40400
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10201
Md5:    4be456dbe857580c7b4c7fca3936e04e
Sha1:   49798c4a15545a49f3870b2a16af78dbf8e168cc
Sha256: 23e42987d5e9939424d5f4e4fe0c38faf20a221732097927dd4a656199d9d315