firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 05 Sep 2022 17:01:59 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 8IU7BItnndnbwo9YbdEkfVNFm5Nh6sw-obkgQquErEu8i0iK8b88mA==
Age: 1866
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d931e0142ef5ffe9cdb4c4c6bfcb9bc9
d9c4caf525e8926b042a14f38d374cc4033ed768
f610984fb0a75b3a31424faa860cbc8172c7f21804df1dc14fbb685b7c456f29
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F610984FB0A75B3A31424FAA860CBC8172C7F21804DF1DC14FBB685B7C456F29"
Last-Modified: Sat, 03 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2886
Expires: Mon, 05 Sep 2022 18:21:11 GMT
Date: Mon, 05 Sep 2022 17:33:05 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 05 Sep 2022 01:15:19 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 2jgAMW6vfFjuwTs6oLVb6T5EWvclSRYQx67KyOV5EaZCtESzwyzMQg==
age: 58668
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 17:33:05 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 2abf06138ca8f83590225dac1ba6548d
94d7f978c5d481a22bbb2b0d6d34ea06b0d88867
f22dcbbc037cbc15d683e2f36f98a5f17a5c778deb087a14f2f8e79b4e8f7a98
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Sep 2022 17:33:06 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2022 11:56:48 GMT
Expires: Mon, 12 Sep 2022 11:56:47 GMT
Etag: "94d7f978c5d481a22bbb2b0d6d34ea06b0d88867"
Cache-Control: max-age=584020,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7460b54089d2b521-OSL
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Mon, 05 Sep 2022 16:38:16 GMT
Cache-Control: max-age=3600
Expires: Mon, 05 Sep 2022 17:23:44 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: KCazTax6t3uyP2M2drV-yS0MOtqwTExNo3c9ciA6ndJOEi9GSJzEig==
Age: 3290
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
63.250.43.136200 OK 31 kB URL HTTP/2 globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
IP 63.250.43.136:0
File type PHP script text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (23535)
Hash 72efbecc3f71578e02f283c11699efd2
5c1fb94fdb0de8517b41189f320232058b756758
bf309b3076d0d17be526dce2f06b3624f405f7539aaaf66486c170ff9287d082
Analyzer Verdict Alert openphish DHL Airways, Inc.
fortinet Phishing
GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:37:40 GMT
content-type: text/html
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
vary: Accept-Encoding
etag: W/"6315df63-3fe69"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
content-encoding: gzip
x-cacheable: YES
age: 21326
x-cache: HIT
accept-ranges: bytes
content-length: 31071
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b57a9dd04797bf34612c80361f1dffb3
56573166d8b9cd9b8dae19fd905e4f3293af306b
b03552109f1e7d1e482aa14614ffb1e38fb53ae4951152aab307b927674dad98
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5863
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 05 Sep 2022 17:33:06 GMT
Last-Modified: Mon, 05 Sep 2022 15:55:23 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
63.250.43.136304 Not Modified 0 B URL HTTP/2 globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
IP 63.250.43.136:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish DHL Airways, Inc.
fortinet Phishing
GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
If-Modified-Since: Mon, 05 Sep 2022 11:37:07 GMT
If-None-Match: W/"6315df63-3fe69"
TE: trailers
HTTP/2 304 Not Modified
server: nginx
date: Mon, 05 Sep 2022 11:37:40 GMT
content-type: text/html
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
vary: Accept-Encoding
etag: W/"6315df63-3fe69"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
content-encoding: gzip
x-cacheable: YES
age: 21326
x-cache: HIT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js
23.38.200.237200 OK 12 kB URL HTTP/2 assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js
IP 23.38.200.237:0
File type ASCII text, with very long lines (32767)
Hash 045079643269515f6ffbe053eba2050e
9546dd8b24e1bd7013c02841004f2caf24386ecf
b68968314ff9e0ecc57a2874d496c07233be5fba22dadcc81da0a3a8dd289112
GET /extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "85722a02b6a7feb74d08ac7875516bee:1642630706.903013"
last-modified: Wed, 19 Jan 2022 22:18:26 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 12243
expires: Mon, 05 Sep 2022 18:33:06 GMT
date: Mon, 05 Sep 2022 17:33:06 GMT
cache-control: no-cache
access-control-allow-origin: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
timing-allow-origin: *
X-Firefox-Spdy: h2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/otSDKStub.js.t%C3%A9l%C3%A9chargement
63.250.43.136200 OK 22 kB URL HTTP/2 globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/otSDKStub.js.t%C3%A9l%C3%A9chargement
IP 63.250.43.136:0
File type ASCII text, with very long lines (21656)
Hash feb0bfcbff24183c313aed535b9547e0
4c1124366ec93025ca031eafd3413d9c0b63415b
a2c340dd3914586acfd9e644e15964cb976c43d5d05dd4db674cf70271cac1ed
Analyzer Verdict Alert fortinet Phishing
GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/otSDKStub.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:37:40 GMT
content-type: application/octet-stream
content-length: 21657
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
etag: "6315df63-5499"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
x-cacheable: YES
age: 21326
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
push.services.mozilla.com/
44.240.140.78101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.240.140.78:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 6gwXCPidpCEmvH/uVU4ZlA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: wK1d/iCEDGvS00zNsVPaUgnSwNA=
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/clientlibs-head.min.783de552212b14576d1cd21a45f04b08.css
63.250.43.136200 OK 64 kB URL HTTP/2 globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/clientlibs-head.min.783de552212b14576d1cd21a45f04b08.css
IP 63.250.43.136:0
File type ASCII text, with very long lines (1073)
Hash b789b66072966d4e2bf3a08672cb7642
471665d13b325d1cc6e0fbbb942e7c12f76f1b7e
ff31c0119b662b5a86d4b2eb946540720b776896dbe1957458bfbac33afb7a18
GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/clientlibs-head.min.783de552212b14576d1cd21a45f04b08.css HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:39:40 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
vary: Accept-Encoding
etag: W/"6315df63-88e83"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 21206
x-cache: HIT
accept-ranges: bytes
content-length: 63451
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/translateelement.css
63.250.43.136200 OK 3.7 kB URL HTTP/2 globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/translateelement.css
IP 63.250.43.136:0
File type ASCII text, with very long lines (18670)
Hash 3d3127a7ab9410ff525f50ba7c06ed99
c241bd61f31f77955718b3ce17e29ace70f7d872
634410d55e741e42df8153f697c7b19e29a5471f4086834c4cff519bcac82a1b
GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/translateelement.css HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:39:40 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
vary: Accept-Encoding
etag: W/"6315df63-4924"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 21206
x-cache: HIT
accept-ranges: bytes
content-length: 3655
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/erkennen.css
63.250.43.136200 OK 5.6 kB URL HTTP/2 globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/erkennen.css
IP 63.250.43.136:0
File type ASCII text, with very long lines (2457)
Hash 26558f04a6c7e9053e0da71e58cda103
9f807600b7addb860461fa00d203f31068396803
53f0d5d976b921a8224c5a57403ab10df9f32f19461dc02dfffccd724b30f03f
GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/erkennen.css HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:39:40 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
vary: Accept-Encoding
etag: W/"6315df63-53f8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 21206
x-cache: HIT
accept-ranges: bytes
content-length: 5631
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/RC1e5a8e7e3c8e4abba00ff126d1a22afe-source.min.js.t%C3%A9l%C3%A9chargement
63.250.43.136200 OK 424 B URL HTTP/2 globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/RC1e5a8e7e3c8e4abba00ff126d1a22afe-source.min.js.t%C3%A9l%C3%A9chargement
IP 63.250.43.136:0
Hash fdce384554b54fc84cf5a6e63c5400b5
19ad5cdca72ca135dc4570263fb108a777c05d9f
69737963f9075b7507ac38ef01bb14fe4d31346c2e3c6ed5d9113227d06c2ffc
Analyzer Verdict Alert fortinet Phishing
GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/RC1e5a8e7e3c8e4abba00ff126d1a22afe-source.min.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:37:40 GMT
content-type: application/octet-stream
content-length: 424
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
etag: "6315df63-1a8"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
x-cacheable: YES
age: 21326
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/priv-app.min.css
63.250.43.136200 OK 14 kB URL HTTP/2 globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/priv-app.min.css
IP 63.250.43.136:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash c18a74da7bfbd64228d0e40b3663acbb
8b264088dee610b86540d7c48302d16b9af2f264
ef14fb994147c63dade55223777545386ed5e1c893da050b4451bf6589042e8d
GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/priv-app.min.css HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:39:40 GMT
content-type: text/css
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
vary: Accept-Encoding
etag: W/"6315df63-1c206"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 21206
x-cache: HIT
accept-ranges: bytes
content-length: 13543
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js
23.38.200.237304 Not Modified 0 B URL HTTP/2 assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js
IP 23.38.200.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Wed, 19 Jan 2022 22:18:26 GMT
If-None-Match: "85722a02b6a7feb74d08ac7875516bee:1642630706.903013"
TE: trailers
HTTP/2 304 Not Modified
content-type: application/x-javascript
last-modified: Wed, 19 Jan 2022 22:18:26 GMT
etag: "85722a02b6a7feb74d08ac7875516bee:1642630706.903013"
expires: Mon, 05 Sep 2022 18:33:07 GMT
date: Mon, 05 Sep 2022 17:33:07 GMT
cache-control: no-cache
access-control-allow-origin: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js
23.38.200.237304 Not Modified 0 B URL HTTP/2 assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js
IP 23.38.200.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Wed, 19 Jan 2022 22:18:26 GMT
If-None-Match: "85722a02b6a7feb74d08ac7875516bee:1642630706.903013"
TE: trailers
HTTP/2 304 Not Modified
content-type: application/x-javascript
last-modified: Wed, 19 Jan 2022 22:18:26 GMT
etag: "85722a02b6a7feb74d08ac7875516bee:1642630706.903013"
expires: Mon, 05 Sep 2022 18:33:07 GMT
date: Mon, 05 Sep 2022 17:33:07 GMT
cache-control: no-cache
access-control-allow-origin: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js
23.38.200.237304 Not Modified 0 B URL HTTP/2 assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js
IP 23.38.200.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Wed, 19 Jan 2022 22:18:26 GMT
If-None-Match: "85722a02b6a7feb74d08ac7875516bee:1642630706.903013"
TE: trailers
HTTP/2 304 Not Modified
content-type: application/x-javascript
last-modified: Wed, 19 Jan 2022 22:18:26 GMT
etag: "85722a02b6a7feb74d08ac7875516bee:1642630706.903013"
expires: Mon, 05 Sep 2022 18:33:07 GMT
date: Mon, 05 Sep 2022 17:33:07 GMT
cache-control: no-cache
access-control-allow-origin: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js
23.38.200.237304 Not Modified 0 B URL HTTP/2 assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js
IP 23.38.200.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Wed, 19 Jan 2022 22:18:26 GMT
If-None-Match: "85722a02b6a7feb74d08ac7875516bee:1642630706.903013"
TE: trailers
HTTP/2 304 Not Modified
content-type: application/x-javascript
last-modified: Wed, 19 Jan 2022 22:18:26 GMT
etag: "85722a02b6a7feb74d08ac7875516bee:1642630706.903013"
expires: Mon, 05 Sep 2022 18:33:07 GMT
date: Mon, 05 Sep 2022 17:33:07 GMT
cache-control: no-cache
access-control-allow-origin: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
timing-allow-origin: *
X-Firefox-Spdy: h2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/RC9d884bbac35a4d7eacadd961a6b0fcd1-source.min.js.t%C3%A9l%C3%A9chargement
63.250.43.136200 OK 1.2 kB URL HTTP/2 globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/RC9d884bbac35a4d7eacadd961a6b0fcd1-source.min.js.t%C3%A9l%C3%A9chargement
IP 63.250.43.136:0
File type ASCII text, with very long lines (1069)
Hash c7e37321f2007e9d4fa2ced810a759fe
b746a175e31aecae3e43d732e843e659d504f69a
eeccbba85ac9c53063db157f07849f8c9cbd34cab10468c849a96e1ca6aca4f7
Analyzer Verdict Alert fortinet Phishing
GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/RC9d884bbac35a4d7eacadd961a6b0fcd1-source.min.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:37:40 GMT
content-type: application/octet-stream
content-length: 1216
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
etag: "6315df63-4c0"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
x-cacheable: YES
age: 21326
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/rating-play-store.svg
63.250.43.136200 OK 352 B URL HTTP/2 globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/rating-play-store.svg
IP 63.250.43.136:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (512)
Hash a985b92e3e641067165f2eb78ea718ba
7a729c1e3783f9c1a5c7749e4d4c37a9425e6825
81f4d7446d13d36b1e800ea4a27b6bd7c416e8d9f3f1c71992bca10029cee732
Analyzer Verdict Alert fortinet Phishing
GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/rating-play-store.svg HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:39:53 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
vary: Accept-Encoding
etag: W/"6315df63-388"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 21193
x-cache: HIT
accept-ranges: bytes
content-length: 352
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/dhl-official.svg
63.250.43.136200 OK 729 B URL HTTP/2 globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/dhl-official.svg
IP 63.250.43.136:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document, ASCII text, with very long lines (2040), with no line terminators
Hash 9cccd6be17d0f07106cb82bbf2f4e5d5
36edea421a0998700cb5e477c9d799db82f4b58c
47e4312df8c95c39415069608eea358cfcb6037c1ca20621b86fb39b5a906b76
Analyzer Verdict Alert urlquery Phishing - DHL
fortinet Phishing
GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/dhl-official.svg HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:39:53 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
vary: Accept-Encoding
etag: W/"6315df63-7f8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 21193
x-cache: HIT
accept-ranges: bytes
content-length: 729
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/dhl-group.svg
63.250.43.136200 OK 3.2 kB URL HTTP/2 globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/dhl-group.svg
IP 63.250.43.136:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (724)
Hash 6caf160a09ea5de713e872ff5faf67a3
7b0e6b7fb3f394f3335e64992c46ee4c7baa515b
73a6af918932de87dd2eeb7672c37fcba95b5d2bc56d6852083b1c38a0410e8e
Analyzer Verdict Alert fortinet Phishing
GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/dhl-group.svg HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:39:53 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
vary: Accept-Encoding
etag: W/"6315df63-220b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 21193
x-cache: HIT
accept-ranges: bytes
content-length: 3240
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/RC1e5a8e7e3c8e4abba00ff126d1a22afe-source.min.js.t%C3%A9l%C3%A9chargement
63.250.43.136200 OK 424 B URL HTTP/2 globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/RC1e5a8e7e3c8e4abba00ff126d1a22afe-source.min.js.t%C3%A9l%C3%A9chargement
IP 63.250.43.136:0
Hash fdce384554b54fc84cf5a6e63c5400b5
19ad5cdca72ca135dc4570263fb108a777c05d9f
69737963f9075b7507ac38ef01bb14fe4d31346c2e3c6ed5d9113227d06c2ffc
Analyzer Verdict Alert fortinet Phishing
GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/RC1e5a8e7e3c8e4abba00ff126d1a22afe-source.min.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:37:40 GMT
content-type: application/octet-stream
content-length: 424
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
etag: "6315df63-1a8"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
x-cacheable: YES
age: 21327
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/etc.clientlibs/redesign/clientlibs/static/resources/icons/sprite.svg
63.250.43.136404 Not Found 146 B URL HTTP/2 globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/etc.clientlibs/redesign/clientlibs/static/resources/icons/sprite.svg
IP 63.250.43.136:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert fortinet Phishing
GET /etc.clientlibs/redesign/clientlibs/static/resources/icons/sprite.svg HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Mon, 05 Sep 2022 17:33:07 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-rg.woff2
63.250.43.136404 Not Found 146 B URL HTTP/2 globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-rg.woff2
IP 63.250.43.136:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert fortinet Phishing
GET /N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-rg.woff2 HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/clientlibs-head.min.783de552212b14576d1cd21a45f04b08.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Mon, 05 Sep 2022 17:33:07 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-bd.woff2
63.250.43.136404 Not Found 146 B URL HTTP/2 globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-bd.woff2
IP 63.250.43.136:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert fortinet Phishing
GET /N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-bd.woff2 HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/clientlibs-head.min.783de552212b14576d1cd21a45f04b08.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Mon, 05 Sep 2022 17:33:07 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/launch-57e76d3709d1.min.js.t%C3%A9l%C3%A9chargement
63.250.43.136200 OK 18 kB URL HTTP/2 globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/launch-57e76d3709d1.min.js.t%C3%A9l%C3%A9chargement
IP 63.250.43.136:0
File type ASCII text, with very long lines (17475), with CRLF, LF line terminators
Hash 0f8a6df5407d7363932947cffc56bce8
d633e7e3065c1333f1eef401734d8d46e5384b1c
dc52727f47dfa9650068ffc0f2bf1263b029b7a725b3196f756592c88b5f2b71
Analyzer Verdict Alert fortinet Phishing
GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/launch-57e76d3709d1.min.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:37:40 GMT
content-type: application/octet-stream
content-length: 382027
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
etag: "6315df63-5d44b"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
x-cacheable: YES
age: 21326
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2432
Expires: Mon, 05 Sep 2022 18:13:40 GMT
Date: Mon, 05 Sep 2022 17:33:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2432
Expires: Mon, 05 Sep 2022 18:13:40 GMT
Date: Mon, 05 Sep 2022 17:33:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2432
Expires: Mon, 05 Sep 2022 18:13:40 GMT
Date: Mon, 05 Sep 2022 17:33:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2432
Expires: Mon, 05 Sep 2022 18:13:40 GMT
Date: Mon, 05 Sep 2022 17:33:08 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13d7f0db-89d6-4166-b182-85e35e518df9.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13d7f0db-89d6-4166-b182-85e35e518df9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 30bf854fd3e27e2313a3d26fc43b9990
032acf1bfb0c8e2cbce8f2ff4d2964424b044951
7641be64dd25487edf4f845d1fbb0b07daa80fa8fb58863dd09081d9d169bd13
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13d7f0db-89d6-4166-b182-85e35e518df9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8469
x-amzn-requestid: de0e8998-4a52-4651-bcd6-3068c50193b6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X9Ey2Eq4oAMFZlQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63151b45-15da44d87bf486cb1738fe18;Sampled=0
x-amzn-remapped-date: Sun, 04 Sep 2022 21:40:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: nqxzicnkQPrjStpPaMIZAukyjtUBQaXfuxWzIs77YGDyJmnirlMsxw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 21:54:51 GMT
age: 70697
etag: "032acf1bfb0c8e2cbce8f2ff4d2964424b044951"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99b438b1-ec2f-4d02-9da4-cca3c8bdf61b.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99b438b1-ec2f-4d02-9da4-cca3c8bdf61b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7877df05329f39350f4907a067f5840e
21f33eca6863c382c216c16799d1bea83e40fbd9
94b943383bbd05d11ac0f9c3672e315c9cfaa5cb2299c3779195f08491969fa8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F99b438b1-ec2f-4d02-9da4-cca3c8bdf61b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4260
x-amzn-requestid: 024510ab-0cb7-421e-805b-fa54501d1e99
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XpjFQGPVIAMFytQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630d4bbb-4492cd20474c37337f8a5521;Sampled=0
x-amzn-remapped-date: Mon, 29 Aug 2022 23:28:59 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Wk8myA4exuK32he7TlFoJtvtqHb0WcDhvSuo6-aN0dMcxIr7cDkU5Q==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 21:48:24 GMT
age: 71084
etag: "21f33eca6863c382c216c16799d1bea83e40fbd9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ad09c5e-a115-4ff7-9742-809e93046365.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ad09c5e-a115-4ff7-9742-809e93046365.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c81f3df885bdee8cac46ea9495e6b63b
fc766bca874a352a4acb569577d4cf6527f4f074
e21473f88c613ca33ba6bbe1e0cab338274a06744cdcb088f14873c972445b36
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ad09c5e-a115-4ff7-9742-809e93046365.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4426
x-amzn-requestid: b5b68557-e46d-41cd-9b11-d996aabc0de7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzfYTHHFIAMFjFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631145ce-1d3504367cf6ef724a345564;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 23:52:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: GSRJIWisH465dPqbKyPj1iZk1jAu3RGrgwj1CX3X8A397zv9Nt0cHA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 21:47:54 GMT
age: 71114
etag: "fc766bca874a352a4acb569577d4cf6527f4f074"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8eb6cd09-3bf5-48ad-bcab-4b0b05db8dcf.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8eb6cd09-3bf5-48ad-bcab-4b0b05db8dcf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5231760bb81282416f2bd27a4261099e
e3e743b349fd5cb399d4cef4a0877dcc8e2f44f9
e0762821086503aef75013b60a4e340d6fbf9b1006fc7f8b4e079440afce8c67
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8eb6cd09-3bf5-48ad-bcab-4b0b05db8dcf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10770
x-amzn-requestid: c6d80cff-8d44-4589-bcf1-1f5a0ab199b8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X9Ey3GH4IAMF6KQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63151b45-2628cc83263aeeb14ce444ef;Sampled=0
x-amzn-remapped-date: Sun, 04 Sep 2022 21:40:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: eEuQFQAkBAHlIYBRrvaJ1qjT09ezTNaL67wa77h1wS8fHc5oWi91aQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 21:45:28 GMT
age: 71260
etag: "e3e743b349fd5cb399d4cef4a0877dcc8e2f44f9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69b1e092-41e6-4f1e-b330-193f7dd11afc.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69b1e092-41e6-4f1e-b330-193f7dd11afc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 290f6551c5ac539ea60810b135750f17
3633391a8dd87ef10fcb0d04d7b309738affc4a7
d94d133faaf232cf15b5c3f38f5b45d87d70bce0668d607b5c66a8d3f836540f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69b1e092-41e6-4f1e-b330-193f7dd11afc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7830
x-amzn-requestid: c56af3b5-2c48-4243-b220-d56a9be47990
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X9Ey3H4JoAMFiMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63151b45-23ec24d867e3e5906fffa1a6;Sampled=0
x-amzn-remapped-date: Sun, 04 Sep 2022 21:40:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: fpKQlxOtyRwaZk2FUf11J62jlqcAvXgOQT-ipFQm6qW-dMHyXaEnNg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 21:49:31 GMT
age: 71017
etag: "3633391a8dd87ef10fcb0d04d7b309738affc4a7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F074d7790-a0c5-48fe-9814-807d02b9ea17.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F074d7790-a0c5-48fe-9814-807d02b9ea17.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2c0d77a2b715f8f2547f11cc5674432b
51ca3fc7e7048f035f79c4e425197bc618671b8c
34cad56ca82b17b5df4c010eecb2c7ea348faec15d33fa4b294c0ed46e2c5de8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F074d7790-a0c5-48fe-9814-807d02b9ea17.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8331
x-amzn-requestid: 53b40605-8cb6-4c36-931f-67be541289e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wigGtToAMFscw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c7a9-645ce10e6bd850f84fcbf256;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:31:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: DJAQDwsUdDSWWA1iy08hyF0GftEQsVvFQC1Z2HUOD-moV7fKy1IMbg==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 22:09:19 GMT
age: 69829
etag: "51ca3fc7e7048f035f79c4e425197bc618671b8c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-rg.woff
63.250.43.136404 Not Found 146 B URL HTTP/2 globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-rg.woff
IP 63.250.43.136:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert fortinet Phishing
GET /N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-rg.woff HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/clientlibs-head.min.783de552212b14576d1cd21a45f04b08.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Mon, 05 Sep 2022 17:33:07 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-bd.woff
63.250.43.136404 Not Found 146 B URL HTTP/2 globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-bd.woff
IP 63.250.43.136:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert fortinet Phishing
GET /N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-bd.woff HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/clientlibs-head.min.783de552212b14576d1cd21a45f04b08.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Mon, 05 Sep 2022 17:33:07 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-cdblk.woff
63.250.43.136404 Not Found 146 B URL HTTP/2 globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-cdblk.woff
IP 63.250.43.136:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert fortinet Phishing
GET /N%C2%B0GF0027/26757DE/track/etc.clientlibs/redesign/clientlibs/static/resources/fonts/delivery-cdblk.woff HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/clientlibs-head.min.783de552212b14576d1cd21a45f04b08.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Mon, 05 Sep 2022 17:33:07 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
www.dhl.de/etc.clientlibs/redesign/clientlibs/static/resources/favicons/android-chrome-192x192.png
23.14.14.78200 OK 1.1 kB URL HTTP/2 www.dhl.de/etc.clientlibs/redesign/clientlibs/static/resources/favicons/android-chrome-192x192.png
IP 23.14.14.78:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 192x192, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f40dea218a7cd4ed03b5daadb04b7d36
548c19b793a4af9adc647206a9e5a34866067e73
97d10bb1dd52bf50f217b414913db126771d4d2cb96439054891d0b0e08667ac
GET /etc.clientlibs/redesign/clientlibs/static/resources/favicons/android-chrome-192x192.png HTTP/1.1
Host: www.dhl.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 02 Sep 2022 14:04:05 GMT
server: Akamai Image Manager
x-serial: 1409
x-check-cacheable: YES
content-length: 1130
content-type: image/webp
cache-control: private, no-transform, max-age=43200
expires: Tue, 06 Sep 2022 05:33:08 GMT
date: Mon, 05 Sep 2022 17:33:08 GMT
set-cookie: akaalb_wwwdhldealb=~op=www_dhl_de_alb:wwwdhlde|~rv=67~m=wwwdhlde:0|~os=06f548fb0da0a4ee62020bebc018f01f~id=ef6cd683beb0a5a0e8c8e4fcca7203a4; path=/; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
www.dhl.de/etc.clientlibs/redesign/clientlibs/static/resources/favicons/favicon-16x16.png
23.14.14.78200 OK 128 B URL HTTP/2 www.dhl.de/etc.clientlibs/redesign/clientlibs/static/resources/favicons/favicon-16x16.png
IP 23.14.14.78:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 16x16, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 08ccdeda510b580a3756d7b8c6cbd09a
30bb5c6b60d96da7a33f585b8498993a796381dd
f7ce4c35e81a5cd1ea2fa5c2d0d4fa47735f33d88812bb5af0b9c8e0d8f2355d
GET /etc.clientlibs/redesign/clientlibs/static/resources/favicons/favicon-16x16.png HTTP/1.1
Host: www.dhl.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Fri, 02 Sep 2022 14:04:07 GMT
server: Akamai Image Manager
content-length: 128
content-type: image/webp
cache-control: private, no-transform, max-age=43200
expires: Tue, 06 Sep 2022 05:33:08 GMT
date: Mon, 05 Sep 2022 17:33:08 GMT
set-cookie: akaalb_wwwdhldealb=~op=www_dhl_de_alb:wwwdhlde|~rv=91~m=wwwdhlde:0|~os=06f548fb0da0a4ee62020bebc018f01f~id=ef5ad469e755cbd7242902389644e54d; path=/; HttpOnly; Secure; SameSite=None
X-Firefox-Spdy: h2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/AppMeasurement.min.js.t%C3%A9l%C3%A9chargement
63.250.43.136200 OK 0 B URL HTTP/2 globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/AppMeasurement.min.js.t%C3%A9l%C3%A9chargement
IP 63.250.43.136:0
Analyzer Verdict Alert fortinet Phishing
GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/AppMeasurement.min.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:37:40 GMT
content-type: application/octet-stream
content-length: 33797
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
etag: "6315df63-8405"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
x-cacheable: YES
age: 21326
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/otBannerSdk.js.t%C3%A9l%C3%A9chargement
63.250.43.136200 OK 0 B URL HTTP/2 globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/otBannerSdk.js.t%C3%A9l%C3%A9chargement
IP 63.250.43.136:0
Analyzer Verdict Alert fortinet Phishing
GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/otBannerSdk.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:37:40 GMT
content-type: application/octet-stream
content-length: 345623
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
etag: "6315df63-54617"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
x-cacheable: YES
age: 21326
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/otBannerSdk.js.t%C3%A9l%C3%A9chargement
63.250.43.136200 OK 0 B URL HTTP/2 globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/otBannerSdk.js.t%C3%A9l%C3%A9chargement
IP 63.250.43.136:0
Analyzer Verdict Alert fortinet Phishing
GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/otBannerSdk.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:37:40 GMT
content-type: application/octet-stream
content-length: 345623
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
etag: "6315df63-54617"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
x-cacheable: YES
age: 21327
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/clientlibs-head.min.fb0e18bb35d6bd0435c75b800052a84f.js.t%C3%A9l%C3%A9chargement
63.250.43.136200 OK 0 B URL HTTP/2 globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/clientlibs-head.min.fb0e18bb35d6bd0435c75b800052a84f.js.t%C3%A9l%C3%A9chargement
IP 63.250.43.136:0
Analyzer Verdict Alert fortinet Phishing
GET /N%C2%B0GF0027/26757DE/track/LoginServices/main/payment_files/clientlibs-head.min.fb0e18bb35d6bd0435c75b800052a84f.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://globlostarcossedrickaatlaftoooon-baca12.ingress-florina.ewp.live/N%C2%B0GF0027/26757DE/track/LoginServices/main/payment.html
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Sep 2022 11:37:40 GMT
content-type: application/octet-stream
content-length: 123014
last-modified: Mon, 05 Sep 2022 11:37:07 GMT
etag: "6315df63-1e086"
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
x-cacheable: YES
age: 21326
x-cache: HIT
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2