Report - www.lmlenzitrasporti.com/page1/rola/posten/

Report Overview

Submitted URL
www.lmlenzitrasporti.com/page1/rola/posten/
IP
89.46.110.68
ASN
#31034 Aruba S.p.A.
Submitted
2023-02-17 13:55:00
Access
Website Title
Final URL
Tags
posten logistics phishing
urlquery detections
Phishing - Posten Norge

Detections

urlquery
36
Network Intrusion Detection
0
Threat Detection Systems
26

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	337 B	1.4 kB	35.241.9.150
z.moatads.com	374	2014-02-11T17:19:47Z	2023-03-13T05:10:11Z	398 B	1.4 kB	2.18.173.140
ocsp.globalsign.com	2075	2012-07-20T19:46:16Z	2023-03-13T05:09:19Z	368 B	1.9 kB	104.18.20.226
8260928.fls.doubleclick.net	unknown	2017-12-01T13:39:49Z	2023-03-13T08:39:24Z	2.9 kB	4.1 kB	142.250.74.70
googleads.g.doubleclick.net	42	2021-02-20T16:43:32Z	2023-03-13T08:39:16Z	739 B	757 B	216.58.207.194
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	6.5 kB	13 kB	142.250.74.131
translate.googleapis.com	1005	2012-05-31T09:21:21Z	2023-03-13T08:44:18Z	423 B	4.5 kB	142.250.74.42
static.ads-twitter.com	614	2018-06-24T00:08:39Z	2023-03-13T05:25:18Z	1.1 kB	17 kB	151.101.84.157
snap.licdn.com	1044	2014-10-06T10:43:45Z	2023-03-13T05:12:55Z	389 B	5.1 kB	95.101.11.57
adservice.google.no	96969	2018-06-20T01:38:38Z	2023-03-13T05:09:46Z	3.1 kB	2.9 kB	142.250.74.162
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-13T08:14:31Z	404 B	630 B	142.250.74.138
www.lmlenzitrasporti.com	unknown	2017-04-19T19:52:40Z	2023-02-18T16:35:06Z	6.4 kB	206 kB	89.46.110.68
posten.boost.ai	unknown	2018-11-15T11:19:37Z	2023-03-13T08:35:08Z	381 B	842 B	63.32.138.97
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.9 kB	34.160.144.191
tienda.correos.es	unknown	2018-12-13T09:45:01Z	2023-03-10T15:56:45Z	794 B	2.1 kB	94.23.87.92
cdn.jsdelivr.net	439	2012-09-30T02:15:09Z	2023-03-13T06:17:54Z	1.6 kB	88 kB	151.101.1.229
siteimproveanalytics.com	3559	2014-12-11T11:13:11Z	2023-03-13T08:57:44Z	312 B	27 kB	172.64.197.24
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
www.googleadservices.com	107	2012-06-26T16:53:06Z	2023-03-13T08:26:04Z	394 B	16 kB	142.250.74.34
in.taskanalytics.com	unknown	2016-02-05T07:44:24Z	2023-03-12T20:15:09Z	3.7 kB	3.5 kB	108.128.72.146
www.google-analytics.com	40	2012-10-03T03:04:21Z	2023-03-13T07:36:03Z	768 B	22 kB	216.239.38.178
www.gstatic.com	unknown	2016-07-26T11:37:06Z	2023-03-13T07:57:11Z	851 B	4.1 kB	216.58.211.3
acdn.adnxs.com	573	2015-11-11T14:40:40Z	2023-03-13T07:55:59Z	292 B	3.9 kB	151.101.65.108
ib.adnxs.com	241	2012-05-20T21:01:49Z	2023-03-13T05:28:06Z	1.7 kB	1.0 kB	37.252.172.123
s4.histats.com	12782	2012-05-21T19:14:14Z	2023-03-13T05:19:20Z	597 B	182 B	149.56.240.131
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.4 kB	6.2 kB	23.33.119.27
ocsp.sca1b.amazontrust.com	1015	2017-03-03T16:20:51Z	2019-03-27T05:05:54Z	350 B	1.0 kB	54.230.245.110
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	682 B	1.6 kB	93.184.220.29
encrypted-tbn0.gstatic.com	unknown	2013-05-31T04:32:18Z	2023-03-13T06:08:26Z	462 B	7.1 kB	142.250.74.78
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	56 kB	34.120.237.76
cdn.mycomandia.com	unknown	2017-02-08T17:30:34Z	2023-03-10T15:56:45Z	3.2 kB	86 kB	176.31.232.62
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-13T08:28:24Z	1.6 kB	77 kB	142.250.74.168
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	52.36.23.49
adservice.google.com	76	2021-02-20T17:10:48Z	2023-03-13T08:49:52Z	766 B	837 B	142.250.74.130
b.scorecardresearch.com	3959	2012-06-26T16:32:10Z	2023-03-12T22:35:00Z	295 B	2.4 kB	54.230.111.7
connect.facebook.net	139	2012-05-22T04:51:28Z	2023-03-13T05:09:29Z	681 B	30 kB	31.13.72.12
script.hotjar.com	887	2020-11-05T17:23:46Z	2023-03-13T07:54:54Z	392 B	90 kB	54.230.111.44
vars.hotjar.com	1014	2020-11-05T11:13:14Z	2023-03-12T19:56:22Z	574 B	788 B	108.157.214.129
static.hotjar.com	641	2014-11-01T06:14:27Z	2023-03-13T05:12:51Z	384 B	629 B	54.230.111.39
www.google.com	7	2015-05-10T13:11:19Z	2023-03-13T06:40:43Z	712 B	1.2 kB	216.58.211.4
ocsp.r2m01.amazontrust.com	unknown	2022-10-12T22:43:53Z	2023-03-13T08:10:39Z	350 B	944 B	54.230.80.227
www.google.no	25607	2016-04-05T21:50:59Z	2023-03-13T06:26:15Z	724 B	758 B	142.250.74.35
6015663.global.siteimproveanalytics.io	unknown	2019-07-01T12:06:58Z	2023-03-12T20:02:27Z	646 B	615 B	3.122.28.13
px.ads.linkedin.com	522	2018-06-15T13:29:56Z	2023-03-13T07:16:10Z	509 B	748 B	13.107.42.14
www.facebook.com	99	2012-05-21T02:23:41Z	2021-02-04T00:31:35Z	637 B	349 B	157.240.200.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-01-15	medium	www.lmlenzitrasporti.com/page1/rola/posten/	Posten Norge

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-17	medium	www.lmlenzitrasporti.com/page1/rola/posten/	Phishing
2023-02-17	medium	www.lmlenzitrasporti.com/page1/rola/posten/file/f.txt	Phishing
2023-02-17	medium	www.lmlenzitrasporti.com/_/asset/no.posten.website:1594301215/js/bundle.js	Phishing
2023-02-17	medium	www.lmlenzitrasporti.com/page1/rola/posten/file/1.txt	Phishing
2023-02-17	medium	www.lmlenzitrasporti.com/page1/rola/posten/file/1(1).txt	Phishing
2023-02-17	medium	www.lmlenzitrasporti.com/page1/rola/posten/file/moatframe.js.t%C3%A9l%C3%A9chargement	Phishing
2023-02-17	medium	www.lmlenzitrasporti.com/_/asset/no.posten.website:1594301215/js/chatbot.js	Phishing
2023-02-17	medium	www.lmlenzitrasporti.com/page1/rola/posten/file/js	Phishing
2023-02-17	medium	www.lmlenzitrasporti.com/page1/rola/posten/file/moatframe.js.t%C3%A9l%C3%A9chargement	Phishing
2023-02-17	medium	www.lmlenzitrasporti.com/page1/rola/posten/file/moatframe.js.t%C3%A9l%C3%A9chargement	Phishing
2023-02-17	medium	www.lmlenzitrasporti.com/_/asset/no.posten.website:1594301215/js/bundle.js	Phishing
2023-02-17	medium	www.lmlenzitrasporti.com/_/asset/no.posten.website:1594301215/js/chatbot.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (36)

	URL	Size	First Seen	Last Seen
	www.googletagmanager.com/gtm.js?id=GTM-M83DX4	224 kB	2023-03-14	2023-03-14
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-M83DX4 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 02:13:19 Last Seen2023-03-14 02:13:19 Times Seen1 Hash 660ae15428f653825cc3c765c96c409a e57be08bf370ecf74e33e1206996803ccc37190b 11f4299dea109b421c1dcd21cd464275c0467bf4ef66c5f8909879c9cc4f95a1 Loading...

	posten.boost.ai/chatPanel/chatPanel.js	764 kB	2023-03-13	2023-04-18
Pretty URL posten.boost.ai/chatPanel/chatPanel.js IP 63.32.138.97 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:35:55 Last Seen2023-04-18 13:54:36 Times Seen3 Hash e17167ce8ac367bf66344ed34ffc77d5 5f360ac1d8a62dad7fd4eaefc3cc2e2e66f0513b d18681cdf434fdd7cad7850bc98cbda28d7bbe9ff29b51dc164619ef1608949a Loading...

	cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/icons.min.js	485 B	2023-03-07	2024-02-10
Pretty URL cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/icons.min.js IP 151.101.1.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:33:11 Last Seen2024-02-10 15:41:35 Times Seen31 Hash d1c15763ff2e6116a9a24bed1e3e5e45 5806ce4ce54205a0de89e45e2602ef9ff5ca8e9e f660ca0badb23ddca91dd3b86c7a538d64c5acab3327a981942f792484ef631f Loading...

	www.lmlenzitrasporti.com/page1/rola/posten/	323 B	2023-03-07	2024-02-10
Pretty URL www.lmlenzitrasporti.com/page1/rola/posten/ IP 89.46.110.68 ASN #31034 Aruba S.p.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:33:11 Last Seen2024-02-10 15:41:34 Times Seen12 Hash c50e511eeaa71ac73fa8c00e28615b88 9317098f9e34e984c8351d7cba137629866b6e0f 1980c6e6d0bb39a0c1db0c4afe331ff50270c0cbe80876098b961fedacad95b3 Loading...

	b.scorecardresearch.com/beacon.js	3.9 kB	2023-03-07	2024-01-14
Pretty URL b.scorecardresearch.com/beacon.js IP 54.230.111.7 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:19 Last Seen2024-01-14 12:48:16 Times Seen58 Hash eaf85c1c6758e84acfe134efd70e9373 5caec39b3ce7c2ec9912aff8ae6fa05aa9fb757e ee54b51af15f1f68f707da981f3c135c249a25e9293871e1e0cbd2c24c7b6117 Loading...

	www.lmlenzitrasporti.com/page1/rola/posten/file/f.txt	30 kB	2023-03-10	2024-02-10
Pretty URL www.lmlenzitrasporti.com/page1/rola/posten/file/f.txt IP 89.46.110.68 ASN #31034 Aruba S.p.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 08:45:48 Last Seen2024-02-10 15:41:36 Times Seen13 Hash de7af9d1087edf65499fa8ce40a3c986 1596691629bae9f57063992bdf1af732d447559a 324573528cdc2d00cee54159016323477090223630c684b4cc46b9e437cb13c8 Loading...

	s4.histats.com/stats/0.php?4203309&@f16&@g1&@h1&@i1&@j1676642090574&@k0&@l1&@mPosten.no&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:49682866&@b3:1676642091&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&@w	50 B	2023-03-11	2023-03-14
Pretty URL s4.histats.com/stats/0.php?4203309&@f16&@g1&@h1&@i1&@j1676642090574&@k0&@l1&@mPosten.no&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:49682866&@b3:1676642091&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&@w IP 149.56.240.131 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 10:44:27 Last Seen2023-03-14 05:10:15 Times Seen1 Hash 9cd6ede28cfc6e5ac6d6a8f5da778bf1 00eea7749a59d2d9de93de5277e166649840357e deb98550d0786ba57242229448ac976dfc908fca9fca55a0a207481d41334da7 Loading...

	connect.facebook.net/signals/config/843920095719058?v=2.9.96&r=stable	386 kB	2023-03-14	2023-04-18
Pretty URL connect.facebook.net/signals/config/843920095719058?v=2.9.96&r=stable IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 02:13:19 Last Seen2023-04-18 13:54:37 Times Seen5 Hash baaea03cb9cc27e0514a53a774bf85a5 5287186d5bc591589f12b0df17e0be57466706bb a3f65402d21a8c6db9f099f4207ac9ea6116819bf52bb2ae4e49e113bc9a95dd Loading...

	www.lmlenzitrasporti.com/page1/rola/posten/	395 B	2023-03-07	2024-02-10
Pretty URL www.lmlenzitrasporti.com/page1/rola/posten/ IP 89.46.110.68 ASN #31034 Aruba S.p.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:33:11 Last Seen2024-02-10 15:41:34 Times Seen10 Hash c5d733f815a28785992cefae3fa1d60f 8122aff7bbcb2a1956c03398d99e10e664ec71e0 730dac7ab9f3041646ba8e024bdd12e626dfa26a5ec64f651871e46492c8364e Loading...

	www.lmlenzitrasporti.com/page1/rola/posten/	424 B	2023-03-10	2024-02-10
Pretty URL www.lmlenzitrasporti.com/page1/rola/posten/ IP 89.46.110.68 ASN #31034 Aruba S.p.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 08:45:48 Last Seen2024-02-10 15:41:34 Times Seen15 Hash d9460ce5ca9bdee68e99f6c3b7efa6ab fbdfc1af4d841cddfefc182716768d31923d8c5d 6a92012432fcb021cc48a9daf8c727415b526284bbb1ad6351064ecfcabd3cda Loading...

	www.lmlenzitrasporti.com/page1/rola/posten/	349 B	2023-03-07	2023-12-19
Pretty URL www.lmlenzitrasporti.com/page1/rola/posten/ IP 89.46.110.68 ASN #31034 Aruba S.p.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:33:11 Last Seen2023-12-19 03:50:04 Times Seen4 Hash 6465f9741b3b1d267cae0273cdaaf3b9 67face847fbc1110c4d2cb034210b6bd7889c3ca f1e391b47cb63e79dcff31b4eaeb01f1cbdcdf86800be1c980c50aa0819c6313 Loading...

	snap.licdn.com/li.lms-analytics/insight.min.js	13 kB	2023-03-12	2024-03-30
Pretty URL snap.licdn.com/li.lms-analytics/insight.min.js IP 95.101.11.57 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 18:01:01 Last Seen2024-03-30 11:38:49 Times Seen5925 Hash b846c9d158853dd4aa95d3d7407ed8bb 2cf0eb02a22e8bd80d19a50a84593420d777d5db f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f Loading...

	connect.facebook.net/en_US/fbevents.js	109 kB	2023-03-14	2023-10-19
Pretty URL connect.facebook.net/en_US/fbevents.js IP 31.13.72.12 ASN #32934 FACEBOOK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 00:30:04 Last Seen2023-10-19 02:58:15 Times Seen11 Hash 467eb094cd171743fc97afdaa813ee31 e3c70cc60cc406293f2eefbadeebc1791942632f dca9b6afcb6c37d6a32456973fe5f2986a348a70d11774e102de6fc420992a19 Loading...

	www.lmlenzitrasporti.com/page1/rola/posten/file/js	86 kB	2023-03-10	2024-02-10
Pretty URL www.lmlenzitrasporti.com/page1/rola/posten/file/js IP 89.46.110.68 ASN #31034 Aruba S.p.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 08:45:48 Last Seen2024-02-10 15:41:36 Times Seen13 Hash 3bc2dba628f72e4cb686cabe461d5817 2e462c205994b0b805bdb67c5270493d4767bbfc a0244e6ec83e84391c2f82f729629fb848a1d480816753b46e0ab1eed258e516 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-12	2024-04-15
Pretty URL www.google-analytics.com/analytics.js IP 216.239.38.178 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:46:21 Last Seen2024-04-15 18:54:35 Times Seen35101 Hash 54e51056211dda674100cc5b323a58ad 26dc5034cb6c7f3bbe061edd37c7fc6006cb835b 5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de Loading...

	static.ads-twitter.com/uwt.js	58 kB	2023-03-08	2024-04-16
Pretty URL static.ads-twitter.com/uwt.js IP 151.101.84.157 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:46 Last Seen2024-04-16 19:18:01 Times Seen4327 Hash 32ad004436155ec972bc50e6238b5b67 9b2cdb645c2fa5b98a9d05dcdca521fed4a17b7b cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee Loading...

	www.lmlenzitrasporti.com/page1/rola/posten/	416 B	2023-03-07	2024-02-10
Pretty URL www.lmlenzitrasporti.com/page1/rola/posten/ IP 89.46.110.68 ASN #31034 Aruba S.p.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:33:11 Last Seen2024-02-10 15:41:34 Times Seen10 Hash 86e5f08705d17f53f803a1a255ada213 0e9770da8d5473f50cf3b25afb6d482b53583f25 05e43a4d8cf191ebd68225b1c4140e8f18cd4004e18a83d7b2f32c8fe3f00e08 Loading...

	www.lmlenzitrasporti.com/page1/rola/posten/	388 B	2023-03-07	2024-02-10
Pretty URL www.lmlenzitrasporti.com/page1/rola/posten/ IP 89.46.110.68 ASN #31034 Aruba S.p.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:33:11 Last Seen2024-02-10 15:41:34 Times Seen10 Hash 5dff850e6b367601ba25831d730aef28 fc0b38495d75ca512063fae5ab20c5f449e8de7c a86be6d3ee819a76df13fb3f24d98fcab7e90730a3883f09ade59ccc063ca21f Loading...

	www.lmlenzitrasporti.com/page1/rola/posten/file/1(1).txt	1.5 kB	2023-03-07	2024-02-10
Pretty URL www.lmlenzitrasporti.com/page1/rola/posten/file/1(1).txt IP 89.46.110.68 ASN #31034 Aruba S.p.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:33:11 Last Seen2024-02-10 15:41:36 Times Seen37 Hash f63ac3d276b7077a987675d6006a39dd a226c5e9acbafd79dab86c1018c274a879cdb5a1 ea0ff8a36f44af31d5379e7c0a28551018e697d4d424f9f31cdd37ed8891616d Loading...

	www.lmlenzitrasporti.com/page1/rola/posten/	349 B	2023-03-07	2023-12-19
Pretty URL www.lmlenzitrasporti.com/page1/rola/posten/ IP 89.46.110.68 ASN #31034 Aruba S.p.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:33:11 Last Seen2023-12-19 03:50:04 Times Seen4 Hash 4bb3a2c40cca89845dbdacbfa0bfdcfa 61244453ec6976eeda02cd8c45045dbd4c77da17 093c1594dce6c71fb46527c29c2a76b05219ea1ff0e757b9261030bd1dd0a810 Loading...

	www.lmlenzitrasporti.com/page1/rola/posten/	26 B	2023-03-07	2024-04-18
Pretty URL www.lmlenzitrasporti.com/page1/rola/posten/ IP 89.46.110.68 ASN #31034 Aruba S.p.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:05:05 Last Seen2024-04-18 12:33:01 Times Seen664 Hash eb7a24ef1bd1aec83ac360dcc088ba45 ec5f90396a524b12f0c07a53394a1b1b45d6b95c 2cc26ff044a57e2085fbda562947b3f955f2bd9758ad3f9f710dc4a6ce173f24 Loading...

	www.google.com/pagead/1p-conversion/undefined/?random=1676642090014&cv=11&fst=1676642090014&bg=ffffff&guid=ON&async=1&gtm=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=492847991.1676642090&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4	43 B	2023-03-07	2024-04-08
Pretty URL www.google.com/pagead/1p-conversion/undefined/?random=1676642090014&cv=11&fst=1676642090014&bg=ffffff&guid=ON&async=1&gtm=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=492847991.1676642090&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4 IP 216.58.211.4 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:30 Last Seen2024-04-08 20:17:10 Times Seen63935 Hash ad8b6f08655797587cdec719a94efe59 182adf5a140796f81e930649d05654dbf22fd5b7 77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6 Loading...

	cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/main.js	164 kB	2023-03-12	2023-05-12
Pretty URL cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/main.js IP 151.101.1.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:48:33 Last Seen2023-05-12 08:33:56 Times Seen5 Hash 232b8e8581d6cea7c5488c0f8e4c1c7f fcdd49c7b634233407c888f0ee24f2c8ed0bd4f6 689c36794743f7cabe3976fd0c9716de92eb4a8480595b98b75ffa2bd969255b Loading...

	s10.histats.com/js15_as.js	11 kB	2023-03-07	2024-03-25
Pretty URL s10.histats.com/js15_as.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-03-25 09:24:29 Times Seen1978 Hash e959fbdd13def4b9a9d0a5fc9a7de4d4 1e39712307e3673b40c0bdb8c7d3e86a3e8b60a0 2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede Loading...

	z.moatads.com/addthismoatframe568911941483/moatframe.js	1.7 kB	2023-03-07	2023-11-01
Pretty URL z.moatads.com/addthismoatframe568911941483/moatframe.js IP 2.18.173.140 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:57 Last Seen2023-11-01 14:42:28 Times Seen4278 Hash dd1a19cb8d13e4571d2b293c0a0d2ccf 18070dd5c894930a8aef7117bf8d49bd4922a723 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd Loading...

	www.googletagmanager.com/gtag/js?id=DC-9852050&l=dataLayer&cx=c	114 kB	2023-03-14	2023-03-14
Pretty URL www.googletagmanager.com/gtag/js?id=DC-9852050&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 02:13:19 Last Seen2023-03-14 02:13:19 Times Seen1 Hash 56a0adb632f7d73ab1d1d98a74a78a88 26d0aee671f078a90d5bb61d783f30c16e97410a fc38eafcd24597897b83a8a1ac58be825799266f53aabf4dfe6d9c39b974110e Loading...

	unknown	0 B	2023-03-07	2024-04-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-18 13:32:34 Times Seen36940787 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.google-analytics.com/plugins/ua/linkid.js	1.6 kB	2023-03-07	2024-04-15
Pretty URL www.google-analytics.com/plugins/ua/linkid.js IP 216.239.38.178 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-15 19:01:06 Times Seen1974 Hash 0cc3a63fe10060af4a349e5df666eefe 3e8d3925b550345123f2cab26568221fd4154f9c 92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54 Loading...

	www.googleadservices.com/pagead/conversion_async.js	42 kB	2023-03-13	2023-03-14
Pretty URL www.googleadservices.com/pagead/conversion_async.js IP 142.250.74.34 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:41:31 Last Seen2023-03-14 07:58:23 Times Seen1 Hash d3e2a489afafaffa70824acb767c43c8 e69e4fd49936d906db66aa2070ead053f0fd2d49 29566211c0742a044398ba7ae7fe728cd72c94c9ac0e1a114424ae21daf74a22 Loading...

	acdn.adnxs.com/dmp/up/pixie.js	9.1 kB	2023-03-07	2024-01-23
Pretty URL acdn.adnxs.com/dmp/up/pixie.js IP 151.101.65.108 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:42 Last Seen2024-01-23 08:30:01 Times Seen221 Hash e286c68ac0ac089b297abd8a3d9832a7 08a5e998ea0b980201d11b0282861c4efaeea396 f033d6a9b4acc24957ac5ca92d278b9aca16ec1b264658ae3267b1efa6ef4a5e Loading...

	www.lmlenzitrasporti.com/page1/rola/posten/file/1.txt	263 B	2023-03-07	2024-02-10
Pretty URL www.lmlenzitrasporti.com/page1/rola/posten/file/1.txt IP 89.46.110.68 ASN #31034 Aruba S.p.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:33:11 Last Seen2024-02-10 15:41:36 Times Seen36 Hash 628aab205fc5a86c455467f9ebcf5e9c 90d8bf119e9c1c3b36d12b96669093bf31575625 c941476875f1024e95df21890a7eb5eddc4acd304a54a8c3b0b033f3356bdaf1 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 6c2b481ed8522d2217940e1553317555	873 B	2023-03-07	2023-03-14
Pretty Observations First Seen2023-03-07 14:33:11 Last Seen2023-03-14 02:13:36 Times Seen1 Hash 6c2b481ed8522d2217940e1553317555 0b9b34a1f90e545f70f32cd6d3dc86fb4e72d144 afdb6c824fa50b49f1ad290a4c94fd53f39f598902460805804cc0c1775e6720 Loading...

	#2 Eval - 1429e32594860bab89900f5932d918c3	132 B	2023-03-07	2023-03-14
Pretty Observations First Seen2023-03-07 14:33:11 Last Seen2023-03-14 02:13:36 Times Seen1 Hash 1429e32594860bab89900f5932d918c3 21624360ff680994575b5713a678fa68ca5109b9 cefd82456250e4101fa38516ce1c37e1414218788d6106605297abce42788e69 Loading...

	#3 Eval - fb5cb7b246e69034e02cb9a126ea18af	38 B	2023-03-07	2024-04-18
Pretty Observations First Seen2023-03-07 12:06:54 Last Seen2024-04-18 11:24:09 Times Seen728 Hash fb5cb7b246e69034e02cb9a126ea18af 59691e84cdc7797ab899b6828d78fe0e59015c64 21e1463f2dbdf773d27eb5b59524062b4aedb68414d396e65bb440516cdeae44 Loading...

	#4 Eval - fd474c68b715a71665cb3de47e348c28	873 B	2023-03-07	2023-03-14
Pretty Observations First Seen2023-03-07 14:33:11 Last Seen2023-03-14 02:13:36 Times Seen1 Hash fd474c68b715a71665cb3de47e348c28 a3a8ea817f62ddbf860adeb42223c75a02bc97c3 ed04fe40f9d557c156a53678bc2ebda259efb1c1b4c42215b1cd57a590ab3db2 Loading...

	#5 Eval - 959103c20b8c7e7c16d3470987d47023	87 B	2023-03-07	2023-03-14
Pretty Observations First Seen2023-03-07 14:33:11 Last Seen2023-03-14 02:13:36 Times Seen1 Hash 959103c20b8c7e7c16d3470987d47023 5d1746f4d0296b85788e4a8a3f2043bd0586dd28 57417104a96d1a427e8d15e07d2d7ee0cf0cc28b9c5c4b6cc5b69d94b15d3175 Loading...

HTTP Transactions (129)

URL IP Response Size

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
584dc97b4a725bab46f43b0c52ea2f21
4c7d5484aca5c64746185fa7a1e6103672fd6beb
726714a5ebdaa8dda3c669eedad6503ffd2a822cfd0bbdf5eb8a1d8ad43ad5bd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "726714A5EBDAA8DDA3C669EEDAD6503FFD2A822CFD0BBDF5EB8A1D8AD43AD5BD"
Last-Modified: Wed, 15 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9023
Expires: Fri, 17 Feb 2023 16:25:12 GMT
Date: Fri, 17 Feb 2023 13:54:49 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e2774fdb28d9f6ef0658eb7286166e3f
9240e40dcd6422d6b92b9f9b54c79e7629f28828
e59f037bbb477951b8d775acb4d62c243d19d6b0022787348bae224092690d53

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E59F037BBB477951B8D775ACB4D62C243D19D6B0022787348BAE224092690D53"
Last-Modified: Thu, 16 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3497
Expires: Fri, 17 Feb 2023 14:53:06 GMT
Date: Fri, 17 Feb 2023 13:54:49 GMT
Connection: keep-alive

www.lmlenzitrasporti.com/page1/rola/posten/

89.46.110.68

200 OK

93 kB

URL HTTP/1.1
www.lmlenzitrasporti.com/page1/rola/posten/
IP
89.46.110.68:0
ASN
#31034 Aruba S.p.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (13785)
Size
93 kB (92749 bytes)
Hash
11338d9e1a155a5258ba08ef6f996e2e
3087150eca6dd07ab619280639edcdb48bff0806
692b4001e30b1528aab61883c40c79b4cfbc7664dad1d50730317361a2df43c6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge
openphish	Posten Norge
fortinet	Phishing

HTTP Headers

GET /page1/rola/posten/ HTTP/1.1
Host: www.lmlenzitrasporti.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: aruba-proxy
Date: Fri, 17 Feb 2023 13:54:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 01 Mar 2021 06:26:11 GMT
X-ServerName: ipvsproxy233.ad.aruba.it
Content-Encoding: gzip

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 17 Feb 2023 13:37:38 GMT
content-type: application/json
age: 1031
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e4879878d8594ad779e96e43ceadae35
e81c37ddd67123e47ea15707896b807a306d8d7e
c50069d7380586c743cddc2678baab9bb04400c70c28c3102650264ef806319c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C50069D7380586C743CDDC2678BAAB9BB04400C70C28C3102650264EF806319C"
Last-Modified: Wed, 15 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3583
Expires: Fri, 17 Feb 2023 14:54:32 GMT
Date: Fri, 17 Feb 2023 13:54:49 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: kkaItQPsGk+iSTRSQPLAA7i3WyvR2cMkmebrrlEPvQOM0EozUimHp/MU+ahKGcMFxXpZ5JCrxcU=
x-amz-request-id: EWN07EPWMNB3JZZ5
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
via: 1.1 google
date: Fri, 17 Feb 2023 13:49:53 GMT
age: 296
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
content-length: 5348
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 17 Feb 2023 13:54:49 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

z.moatads.com/addthismoatframe568911941483/moatframe.js

2.18.173.140

200 OK

948 B

URL HTTP/2
z.moatads.com/addthismoatframe568911941483/moatframe.js
IP
2.18.173.140:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (523)
Size
948 B (948 bytes)
Hash
f14b4e1f799b14f798a195f43cf58376
b6fd3b3d407fb4c0a00fb8a31862235e2a6e0a86
92ed3e9fda5fa4d738ff4d9023846b56633617363dda6a750cacb4fba53241ac

HTTP Headers

GET /addthismoatframe568911941483/moatframe.js HTTP/1.1
Host: z.moatads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: TYrAmp44ddThNKrHeBmfOrJOox8ItZdAJeP4Uj7Uut6T7Jvp1PpX/XFzXT0gU1oJH/SwK8Irisw=
x-amz-request-id: 598E0BAF9E725A50
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
etag: "f14b4e1f799b14f798a195f43cf58376"
content-encoding: gzip
accept-ranges: bytes
content-type: application/x-javascript
content-length: 948
server: AmazonS3
vary: Accept-Encoding
unused62: 8096267
cache-control: max-age=59407
date: Fri, 17 Feb 2023 13:54:49 GMT
X-Firefox-Spdy: h2

www.lmlenzitrasporti.com/page1/rola/posten/file/new-style.css

89.46.110.68

200 OK

9.4 kB

URL HTTP/1.1
www.lmlenzitrasporti.com/page1/rola/posten/file/new-style.css
IP
89.46.110.68:0
ASN
#31034 Aruba S.p.A.

File type
ASCII text, with very long lines (306), with CRLF line terminators
Size
9.4 kB (9377 bytes)
Hash
92c165e15a2275866ee7cfc278fffde1
98916171f3518b19fcafe4875562e5a353ddd54b
26500fcb123f8d7047a19264d0c82f59049a662c93068c2a91e3428e68382869

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /page1/rola/posten/file/new-style.css HTTP/1.1
Host: www.lmlenzitrasporti.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/page1/rola/posten/

HTTP/1.1 200 OK
Server: aruba-proxy
Date: Fri, 17 Feb 2023 13:54:49 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 01 Mar 2021 06:20:12 GMT
X-ServerName: ipvsproxy233.ad.aruba.it
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2479adc544d5ddacfa7ef52d41903025
b682994b05d0c55bcac304b23af0e91972ea107b
1cecaeec65d53f424a9a558110e7fa4dc8fc7fd17d76b5a5d41d48324d510a6c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:54:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

tienda.correos.es/css/common-dynamic.css

94.23.87.92

200 OK

717 B

URL HTTP/1.1
tienda.correos.es/css/common-dynamic.css
IP
94.23.87.92:0
ASN
#16276 OVH SAS

File type
ASCII text, with CRLF line terminators
Size
717 B (717 bytes)
Hash
45bca144e962bb998d9d807e54e521c3
63beb9c869ed56068010f501fde069d8e02164d7
31dda737e3779db2e9efd81ab860e724f61738acce5b10558cb6c56c76daf544

HTTP Headers

GET /css/common-dynamic.css HTTP/1.1
Host: tienda.correos.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: server
Date: Fri, 17 Feb 2023 13:54:49 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Backend: 1
Content-Encoding: gzip
X-IPLB-Request-ID: 5B5A2A9A:95B9_5E17575C:01BB_63EF8729_4B8B7:1B82C
X-IPLB-Instance: 35327
Set-Cookie: SERVERID139651=c80001a3|Y++HL|Y++HL; path=/; HttpOnly
Cache-control: private

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2479adc544d5ddacfa7ef52d41903025
b682994b05d0c55bcac304b23af0e91972ea107b
1cecaeec65d53f424a9a558110e7fa4dc8fc7fd17d76b5a5d41d48324d510a6c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:54:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdn.mycomandia.com/static/shop/common/fonts/flaticon/flaticon.css?v=2019.12.17

176.31.232.62

200 OK

1.2 kB

URL HTTP/2
cdn.mycomandia.com/static/shop/common/fonts/flaticon/flaticon.css?v=2019.12.17
IP
176.31.232.62:0
ASN
#16276 OVH SAS

File type
ASCII text
Size
1.2 kB (1210 bytes)
Hash
e8b5e4d5eb0df11eb339ba959520b978
24777a5efa576aec4026ff30bcf4fd6ecd81b003
2650ffdcb2bf4147d062825fee353bd86e80c1f1c22c0b29ea856fdd3213e0a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /static/shop/common/fonts/flaticon/flaticon.css?v=2019.12.17 HTTP/1.1
Host: cdn.mycomandia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 17 Feb 2023 13:54:49 GMT
content-type: text/css
content-length: 1210
last-modified: Tue, 27 Aug 2019 11:07:48 GMT
etag: "5d650f04-4ba"
server: rebelio-n1
expires: Sat, 17 Feb 2024 13:54:49 GMT
cache-control: max-age=31536000
backend: 1
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.mycomandia.com/static/shop/common/css/validationEngine.jquery.css?v=2019.12.17

176.31.232.62

200 OK

3.3 kB

URL HTTP/2
cdn.mycomandia.com/static/shop/common/css/validationEngine.jquery.css?v=2019.12.17
IP
176.31.232.62:0
ASN
#16276 OVH SAS

File type
ASCII text, with CRLF line terminators
Size
3.3 kB (3334 bytes)
Hash
a8935f51f8ca663bf3a18d4b1da31bf7
6f2e6f9c21ced7020e6d8c73c2e8ad71d797aa9d
cd363d0f8425d6b271c14ee5d6a8d693c3aa1323b64979b69c69d26661927303

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /static/shop/common/css/validationEngine.jquery.css?v=2019.12.17 HTTP/1.1
Host: cdn.mycomandia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 17 Feb 2023 13:54:49 GMT
content-type: text/css
content-length: 3334
last-modified: Thu, 18 Oct 2018 11:43:12 GMT
etag: "5bc871d0-d06"
server: rebelio-n1
expires: Sat, 17 Feb 2024 13:54:49 GMT
cache-control: max-age=31536000
backend: 1
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

tienda.correos.es/css/common-dynamic.css

94.23.87.92

200 OK

717 B

URL HTTP/1.1
tienda.correos.es/css/common-dynamic.css
IP
94.23.87.92:0
ASN
#16276 OVH SAS

File type
ASCII text, with CRLF line terminators
Size
717 B (717 bytes)
Hash
45bca144e962bb998d9d807e54e521c3
63beb9c869ed56068010f501fde069d8e02164d7
31dda737e3779db2e9efd81ab860e724f61738acce5b10558cb6c56c76daf544

HTTP Headers

GET /css/common-dynamic.css HTTP/1.1
Host: tienda.correos.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: server
Date: Fri, 17 Feb 2023 13:54:50 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Backend: 1
Content-Encoding: gzip
X-IPLB-Request-ID: 5B5A2A9A:95B9_5E17575C:01BB_63EF8729_4B8B8:1B82C
X-IPLB-Instance: 35327
Set-Cookie: SERVERID139651=c80001a3|Y++HL|Y++HL; path=/; HttpOnly
Cache-control: private

cdn.mycomandia.com/static/logos/correos-paq-72-mini.png

176.31.232.62

200 OK

2.4 kB

URL HTTP/2
cdn.mycomandia.com/static/logos/correos-paq-72-mini.png
IP
176.31.232.62:0
ASN
#16276 OVH SAS

File type
PNG image data, 175 x 30, 8-bit/color RGBA, interlaced\012- data
Size
2.4 kB (2373 bytes)
Hash
ad8f5552abb3d774a9c23cf3b0c9272b
4fc71ddac34c0b7438effc6883956ba2149a6a0c
984461e2d55896f29bb79d75b8ab42c1f8c4111bd2fb0c5f03dbc50d1b24b894

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /static/logos/correos-paq-72-mini.png HTTP/1.1
Host: cdn.mycomandia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 17 Feb 2023 13:54:50 GMT
content-type: image/png
content-length: 2373
last-modified: Mon, 10 May 2021 14:53:58 GMT
etag: "60994906-945"
server: rebelio-n1
expires: Sat, 17 Feb 2024 13:54:50 GMT
cache-control: max-age=31536000
backend: 1
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.mycomandia.com/static/logos/correos-paq72.png

176.31.232.62

200 OK

2.0 kB

URL HTTP/2
cdn.mycomandia.com/static/logos/correos-paq72.png
IP
176.31.232.62:0
ASN
#16276 OVH SAS

File type
PNG image data, 128 x 40, 8-bit/color RGBA, non-interlaced\012- data
Size
2.0 kB (1976 bytes)
Hash
567c7f32c85fe6ca5625f95403eb05e9
ef5da723f8b205d4f75bcb2b63b6e948fa25f330
5d2fb215dbbcbfd1bd663a0cdeaf31c63abde8c6f20aa63551733ebc498bf605

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /static/logos/correos-paq72.png HTTP/1.1
Host: cdn.mycomandia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 17 Feb 2023 13:54:50 GMT
content-type: image/png
content-length: 1976
last-modified: Mon, 28 Dec 2020 12:06:56 GMT
etag: "5fe9ca60-7b8"
server: rebelio-n1
expires: Sat, 17 Feb 2024 13:54:50 GMT
cache-control: max-age=31536000
backend: 1
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/@posten/hedwig@11/assets/fonts.css

151.101.1.229

200 OK

542 B

URL HTTP/2
cdn.jsdelivr.net/npm/@posten/hedwig@11/assets/fonts.css
IP
151.101.1.229:0
ASN
#54113 FASTLY

File type
ASCII text
Size
542 B (542 bytes)
Hash
b24719d55767c669113336d8c684644d
24067e2371e11e36586528918e5c7adb7356edb9
ff84dceacce38a1a37e28e25757da04eec677c08070213f46fa0384c375ca2e7

HTTP Headers

GET /npm/@posten/hedwig@11/assets/fonts.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 11.9.9
x-jsd-version-type: version
etag: W/"855-mRW2/GJzwxRji+sy+ksrjfYsJnE"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 17 Feb 2023 13:54:50 GMT
age: 1686
x-served-by: cache-fra-eddf8230028-FRA, cache-bma1641-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 542
X-Firefox-Spdy: h2

www.lmlenzitrasporti.com/page1/rola/posten/file/f.txt

89.46.110.68

200 OK

11 kB

URL HTTP/1.1
www.lmlenzitrasporti.com/page1/rola/posten/file/f.txt
IP
89.46.110.68:0
ASN
#31034 Aruba S.p.A.

File type
ASCII text, with very long lines (1994), with CRLF line terminators
Size
11 kB (11156 bytes)
Hash
9822ac488e975c67f830ee453c852044
64d8f2c1b690f5eedf16494df7013958a29f5bf9
fdd312257d6d26e58643b7bc5cde6555613ffc8f1617fbc65189ab819761a7e4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge
fortinet	Phishing

HTTP Headers

GET /page1/rola/posten/file/f.txt HTTP/1.1
Host: www.lmlenzitrasporti.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/page1/rola/posten/

HTTP/1.1 200 OK
Server: aruba-proxy
Date: Fri, 17 Feb 2023 13:54:50 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 01 Mar 2021 06:20:12 GMT
X-ServerName: ipvsproxy233.ad.aruba.it
Content-Encoding: gzip

cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/posten.css

151.101.1.229

200 OK

29 kB

URL HTTP/2
cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/posten.css
IP
151.101.1.229:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (54670)
Size
29 kB (29077 bytes)
Hash
cab4a25d88a7f23bbe46846ffc169ace
d470188177492d7ce663c298301c852a9cfbde59
6971be30d85421291f18493ae6d84494f4fc9cd42d194aefd7197031f730cbe7

HTTP Headers

GET /npm/@posten/hedwig@11/dist/posten.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 11.9.10
x-jsd-version-type: version
etag: W/"35ae7-VIUJ2giFc9+RlRgcbyfbUh4mbO8"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 17 Feb 2023 13:54:50 GMT
age: 31718
x-served-by: cache-fra-eddf8230074-FRA, cache-bma1641-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 29077
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/main.js

151.101.1.229

200 OK

55 kB

URL HTTP/2
cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/main.js
IP
151.101.1.229:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (33341), with NEL line terminators
Size
55 kB (55053 bytes)
Hash
aceb930ded7386fd3874e88db9a79c1d
8ac16d7b8129e0bec4093cfb9d651c034f0745d9
8244dcb68ca3f57c94b683848d4d0f93d0ff560834ee6426f400cadc2477e4e1

HTTP Headers

GET /npm/@posten/hedwig@11/dist/main.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 11.9.10
x-jsd-version-type: version
etag: W/"281a4-/N1Jx7Y0IzQHyIjw7iTyyO0L1PY"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 17 Feb 2023 13:54:50 GMT
age: 25949
x-served-by: cache-fra-eddf8230133-FRA, cache-bma1641-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 55053
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/icons.min.js

151.101.1.229

200 OK

325 B

URL HTTP/2
cdn.jsdelivr.net/npm/@posten/hedwig@11/dist/icons.min.js
IP
151.101.1.229:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (484)
Size
325 B (325 bytes)
Hash
3cf89faabd93e7347ff136ce46273e50
11e620a5bdd6f53f699c1117f6abfd368275df67
162897c7f4536145c8f704320004aa5b68d7d08c9e080065657fd1dcee4979f8

HTTP Headers

GET /npm/@posten/hedwig@11/dist/icons.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 11.9.10
x-jsd-version-type: version
etag: W/"1e5-WAbOTOVCBaDeieReJgLvn/XKjp4"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 17 Feb 2023 13:54:50 GMT
age: 2816
x-served-by: cache-fra-eddf8230027-FRA, cache-bma1641-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 325
X-Firefox-Spdy: h2

www.lmlenzitrasporti.com/_/asset/no.posten.website:1594301215/js/bundle.js

89.46.110.68

404 Not Found

196 B

URL HTTP/1.1
www.lmlenzitrasporti.com/_/asset/no.posten.website:1594301215/js/bundle.js
IP
89.46.110.68:0
ASN
#31034 Aruba S.p.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge
fortinet	Phishing

HTTP Headers

GET /_/asset/no.posten.website:1594301215/js/bundle.js HTTP/1.1
Host: www.lmlenzitrasporti.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/page1/rola/posten/

HTTP/1.1 404 Not Found
Server: aruba-proxy
Date: Fri, 17 Feb 2023 13:54:50 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive

www.lmlenzitrasporti.com/page1/rola/posten/file/1.txt

89.46.110.68

200 OK

198 B

URL HTTP/1.1
www.lmlenzitrasporti.com/page1/rola/posten/file/1.txt
IP
89.46.110.68:0
ASN
#31034 Aruba S.p.A.

File type
ASCII text, with no line terminators
Size
198 B (198 bytes)
Hash
e8eb78614cd69ba5458449ee67661a79
415d4f5c96e7fd519a5c16343b16507bd0ddd9dc
b3256232be85e192b3f6ad9276d3aa22c01e36fdcdf424cde262134bb60d8e24

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge
fortinet	Phishing

HTTP Headers

GET /page1/rola/posten/file/1.txt HTTP/1.1
Host: www.lmlenzitrasporti.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/page1/rola/posten/

HTTP/1.1 200 OK
Server: aruba-proxy
Date: Fri, 17 Feb 2023 13:54:50 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 01 Mar 2021 06:20:11 GMT
X-ServerName: ipvsproxy233.ad.aruba.it
Content-Encoding: gzip

www.lmlenzitrasporti.com/page1/rola/posten/file/1(1).txt

89.46.110.68

200 OK

534 B

URL HTTP/1.1
www.lmlenzitrasporti.com/page1/rola/posten/file/1(1).txt
IP
89.46.110.68:0
ASN
#31034 Aruba S.p.A.

File type
ASCII text, with very long lines (1529), with no line terminators
Size
534 B (534 bytes)
Hash
9d1d1c1720dadba3e9790da3b894bd45
ea920623212646bbc98ccd45c53b53c9af91cd32
b6161cf2d336820e05b44792c97b6c8581e5e95d5c1127b1834d75ce1c5657a1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge
fortinet	Phishing

HTTP Headers

GET /page1/rola/posten/file/1(1).txt HTTP/1.1
Host: www.lmlenzitrasporti.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/page1/rola/posten/

HTTP/1.1 200 OK
Server: aruba-proxy
Date: Fri, 17 Feb 2023 13:54:50 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 01 Mar 2021 06:20:11 GMT
X-ServerName: ipvsproxy233.ad.aruba.it
Content-Encoding: gzip

www.lmlenzitrasporti.com/page1/rola/posten/file/moatframe.js.t%C3%A9l%C3%A9chargement

89.46.110.68

404 Not Found

196 B

URL HTTP/1.1
www.lmlenzitrasporti.com/page1/rola/posten/file/moatframe.js.t%C3%A9l%C3%A9chargement
IP
89.46.110.68:0
ASN
#31034 Aruba S.p.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge
fortinet	Phishing

HTTP Headers

GET /page1/rola/posten/file/moatframe.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: www.lmlenzitrasporti.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/page1/rola/posten/

HTTP/1.1 404 Not Found
Server: aruba-proxy
Date: Fri, 17 Feb 2023 13:54:50 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive

www.lmlenzitrasporti.com/_/asset/no.posten.website:1594301215/css/postenstyle.css

89.46.110.68

404 Not Found

196 B

URL HTTP/1.1
www.lmlenzitrasporti.com/_/asset/no.posten.website:1594301215/css/postenstyle.css
IP
89.46.110.68:0
ASN
#31034 Aruba S.p.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /_/asset/no.posten.website:1594301215/css/postenstyle.css HTTP/1.1
Host: www.lmlenzitrasporti.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/page1/rola/posten/

HTTP/1.1 404 Not Found
Server: aruba-proxy
Date: Fri, 17 Feb 2023 13:54:50 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive

siteimproveanalytics.com/js/siteanalyze_6015663.js

172.64.197.24

200 OK

26 kB

URL HTTP/1.1
siteimproveanalytics.com/js/siteanalyze_6015663.js
IP
172.64.197.24:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65492), with no line terminators
Size
26 kB (25663 bytes)
Hash
efed05da78b6a02254508bcda8d175ec
693b43c0ea204919ec9fe5a9b1c19057a894c19b
a4c7ca0fceb7f40af4f6862474c688b81f912b488626e8e461170b63831cb527

HTTP Headers

GET /js/siteanalyze_6015663.js HTTP/1.1
Host: siteimproveanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/

HTTP/1.1 200 OK
Date: Fri, 17 Feb 2023 13:54:50 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 25663
Connection: keep-alive
x-amz-id-2: FUfm5THqacbXr0paDYu667At2Y1QMxM6e8DWzLxHwMxsyyXo0tCmFYQGL/4RyDLdGcwE+jr8gsI=
x-amz-request-id: 1ED0XQ99C6FXBZXF
Cache-Control: max-age=86400, no-transform
Content-Encoding: gzip
Last-Modified: Fri, 17 Feb 2023 09:36:57 GMT
ETag: "efed05da78b6a02254508bcda8d175ec"
CF-Cache-Status: HIT
Age: 957
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EExCBLze%2FzAt3Elo%2FoYaE7iF69U7L7ntCsgrepSebPvvodSC%2BpJnSQ0%2BZqDjooXE%2FqGis3SUiDL7ZlTGWc%2B5%2BEGIUxRY%2Ftt3UBhY0cpXPMsMOIXT7gzwgLNee5fUTLT16iIvfojLQ3sJaBE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79af0467fe4e8924-LHR
alt-svc: h2=":443"; ma=60

translate.googleapis.com/translate_static/css/translateelement.css

142.250.74.42

200 OK

3.6 kB

URL HTTP/2
translate.googleapis.com/translate_static/css/translateelement.css
IP
142.250.74.42:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (22967)
Size
3.6 kB (3632 bytes)
Hash
f7bf2121608909b56672e6398ac2335c
864ef3bac46b08ab6609fad23f00d5f09815647d
b9d3a8600d9b6edf9c71b793c42782282ecfb01e2026e0128608b949e91e152c

HTTP Headers

GET /translate_static/css/translateelement.css HTTP/1.1
Host: translate.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="rosetta"
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-length: 3632
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 17 Feb 2023 13:16:50 GMT
expires: Fri, 17 Feb 2023 14:16:50 GMT
cache-control: public, max-age=3600
age: 2280
last-modified: Mon, 09 Jan 2023 20:58:00 GMT
content-type: text/css
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b9763adf5a3803ebbbd946989691ebad
79cc60d6949fa803a03f11396f7edc967e6aa8d4
5870c9bdf050b42605bd48728cb5f36ae4628e89e4727bb553c1218ddbfb6846

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:54:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

in.taskanalytics.com/00012/tm.js?r=&1595285185398

108.128.72.146

403 Forbidden

7 B

URL HTTP/1.1
in.taskanalytics.com/00012/tm.js?r=&1595285185398
IP
108.128.72.146:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /00012/tm.js?r=&1595285185398 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/

HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:54:50 GMT
Via: 1.1 vegur

in.taskanalytics.com/00012/tm.js?r=&1595293061723

108.128.72.146

403 Forbidden

7 B

URL HTTP/1.1
in.taskanalytics.com/00012/tm.js?r=&1595293061723
IP
108.128.72.146:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /00012/tm.js?r=&1595293061723 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/

HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:54:50 GMT
Via: 1.1 vegur

in.taskanalytics.com/00012/tm.js?r=&1595293061872

108.128.72.146

403 Forbidden

7 B

URL HTTP/1.1
in.taskanalytics.com/00012/tm.js?r=&1595293061872
IP
108.128.72.146:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /00012/tm.js?r=&1595293061872 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/

HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:54:50 GMT
Via: 1.1 vegur

in.taskanalytics.com/00012/tm.js?r=&1595299259690

108.128.72.146

403 Forbidden

7 B

URL HTTP/1.1
in.taskanalytics.com/00012/tm.js?r=&1595299259690
IP
108.128.72.146:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /00012/tm.js?r=&1595299259690 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/

HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:54:50 GMT
Via: 1.1 vegur

in.taskanalytics.com/00012/tm.js?r=&1595299259698

108.128.72.146

403 Forbidden

7 B

URL HTTP/1.1
in.taskanalytics.com/00012/tm.js?r=&1595299259698
IP
108.128.72.146:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /00012/tm.js?r=&1595299259698 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/

HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:54:50 GMT
Via: 1.1 vegur

in.taskanalytics.com/00012/tm.js?r=&1595299259862

108.128.72.146

403 Forbidden

7 B

URL HTTP/1.1
in.taskanalytics.com/00012/tm.js?r=&1595299259862
IP
108.128.72.146:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /00012/tm.js?r=&1595299259862 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/

HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:54:50 GMT
Via: 1.1 vegur

www.lmlenzitrasporti.com/_/asset/no.posten.website:1594301215/js/chatbot.js

89.46.110.68

404 Not Found

196 B

URL HTTP/1.1
www.lmlenzitrasporti.com/_/asset/no.posten.website:1594301215/js/chatbot.js
IP
89.46.110.68:0
ASN
#31034 Aruba S.p.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge
fortinet	Phishing

HTTP Headers

GET /_/asset/no.posten.website:1594301215/js/chatbot.js HTTP/1.1
Host: www.lmlenzitrasporti.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/page1/rola/posten/

HTTP/1.1 404 Not Found
Server: aruba-proxy
Date: Fri, 17 Feb 2023 13:54:50 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive

www.googletagmanager.com/gtm.js?id=GTM-M83DX4

142.250.74.168

302 Found

250 B

URL HTTP/1.1
www.googletagmanager.com/gtm.js?id=GTM-M83DX4
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
250 B (250 bytes)
Hash
1373afd5f63dc37d3b1e0cd4a9857230
c6f8ae3f09ce337c9e491f0946bdfe8eab86188a
989490b30a61855760b9f74412798e09385461c1f5f07e630d5fa943bc27a47e

HTTP Headers

GET /gtm.js?id=GTM-M83DX4 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtm.js?id=GTM-M83DX4
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 17 Feb 2023 13:54:50 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 250
X-XSS-Protection: 0

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d146aa123635470cfd39942f1f25dcba
274574f078e959a423262a1b95344996299ea1cf
9e2c3a542626c68d479648479e09f9570564d4e1f954f63b6ce97ae939729a3d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9E2C3A542626C68D479648479E09F9570564D4E1F954F63B6CE97AE939729A3D"
Last-Modified: Wed, 15 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3961
Expires: Fri, 17 Feb 2023 15:00:51 GMT
Date: Fri, 17 Feb 2023 13:54:50 GMT
Connection: keep-alive

ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4

104.18.20.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1462 bytes)
Hash
80bafb50039175fef776333e16b5294d
5fbeb1106fa363638176894b6e541eaa91196e8d
cf2d467afda5048859dcdf84ca9ebbff35959def6754ae5dcbd6495038f2ec78

HTTP Headers

POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 17 Feb 2023 13:54:50 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "C0867CEF0EE31AA349D2BC43AB5629DB97BAAEB0"
Expires: Sat, 18 Feb 2023 01:00:00 GMT
Last-Modified: Fri, 17 Feb 2023 13:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2620
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79af0468cdb4b527-OSL

cdn.mycomandia.com/static/shop/common/bundle/bootstrap-4.1.0/css/bootstrap.min.css?v=2019.12.17

176.31.232.62

200 OK

73 kB

URL HTTP/2
cdn.mycomandia.com/static/shop/common/bundle/bootstrap-4.1.0/css/bootstrap.min.css?v=2019.12.17
IP
176.31.232.62:0
ASN
#16276 OVH SAS

File type
data
Size
73 kB (72568 bytes)
Hash
22746f3faf58ccf05d4f77c1acdf6a8a
07786787f1c7e9232cd8bd1404ba979fce7a1728
6c8d1861349e3b33aca54982490872f631b45725a8f94db3efa233b6bbdae0bd

HTTP Headers

GET /static/shop/common/bundle/bootstrap-4.1.0/css/bootstrap.min.css?v=2019.12.17 HTTP/1.1
Host: cdn.mycomandia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 17 Feb 2023 13:54:49 GMT
content-type: text/css
last-modified: Thu, 18 Oct 2018 11:43:18 GMT
vary: Accept-Encoding
etag: W/"5bc871d6-22485"
server: rebelio-n1
expires: Sat, 17 Feb 2024 13:54:49 GMT
cache-control: max-age=31536000
backend: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

www.lmlenzitrasporti.com/page1/rola/posten/file/js

89.46.110.68

200 OK

86 kB

URL HTTP/1.1
www.lmlenzitrasporti.com/page1/rola/posten/file/js
IP
89.46.110.68:0
ASN
#31034 Aruba S.p.A.

File type
ASCII text, with very long lines (1578), with CRLF line terminators
Size
86 kB (86235 bytes)
Hash
3bc2dba628f72e4cb686cabe461d5817
2e462c205994b0b805bdb67c5270493d4767bbfc
a0244e6ec83e84391c2f82f729629fb848a1d480816753b46e0ab1eed258e516

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge
fortinet	Phishing

HTTP Headers

GET /page1/rola/posten/file/js HTTP/1.1
Host: www.lmlenzitrasporti.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/page1/rola/posten/

HTTP/1.1 200 OK
Server: aruba-proxy
Date: Fri, 17 Feb 2023 13:54:50 GMT
Content-Length: 86235
Connection: keep-alive
Last-Modified: Mon, 01 Mar 2021 06:20:12 GMT
Accept-Ranges: bytes
X-ServerName: ipvsproxy233.ad.aruba.it

www.googletagmanager.com/gtm.js?id=GTM-M83DX4

142.250.74.168

200 OK

74 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-M83DX4
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
Unicode text, UTF-8 text, with very long lines (22818)
Size
74 kB (74109 bytes)
Hash
b8544067969ec30f354f591bcb6da5e5
4e31f80fe3204efd060bf9af36374baf945ce2db
65c2d3a75e7a2b7dcf47be5f5ec83444fae9e9357576454eef053cf8b0c150fc

HTTP Headers

GET /gtm.js?id=GTM-M83DX4 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.lmlenzitrasporti.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 17 Feb 2023 13:54:50 GMT
expires: Fri, 17 Feb 2023 13:54:50 GMT
cache-control: private, max-age=900
last-modified: Fri, 17 Feb 2023 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74109
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b9763adf5a3803ebbbd946989691ebad
79cc60d6949fa803a03f11396f7edc967e6aa8d4
5870c9bdf050b42605bd48728cb5f36ae4628e89e4727bb553c1218ddbfb6846

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:54:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.sca1b.amazontrust.com/

54.230.245.110

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.110:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
51193703c31973e958c4e7845fde953b
05639ee0175bee76db2b8a1995933491420f04bb
50829dec1e1e26f4415931eb8bec0193dd3df3d3639618ffa175f39f9d6cff2f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=158242
Date: Fri, 17 Feb 2023 13:54:50 GMT
Etag: "63ef3b2d-1d7"
Expires: Sun, 19 Feb 2023 09:52:12 GMT
Last-Modified: Fri, 17 Feb 2023 08:30:37 GMT
Server: ECS (nyb/1D23)
X-Cache: Miss from cloudfront
Via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 2_4oqBLpBNA8WOJuq8byRel_q0TksYGoXSHB855Tfiiaosq7JkxVOw==
Age: 4895

www.lmlenzitrasporti.com/page1/rola/posten/file/moatframe.js.t%C3%A9l%C3%A9chargement

89.46.110.68

404 Not Found

196 B

URL HTTP/1.1
www.lmlenzitrasporti.com/page1/rola/posten/file/moatframe.js.t%C3%A9l%C3%A9chargement
IP
89.46.110.68:0
ASN
#31034 Aruba S.p.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge
fortinet	Phishing

HTTP Headers

GET /page1/rola/posten/file/moatframe.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: www.lmlenzitrasporti.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/page1/rola/posten/

HTTP/1.1 404 Not Found
Server: aruba-proxy
Date: Fri, 17 Feb 2023 13:54:50 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive

www.googletagmanager.com/gtm.js?id=GTM-M83DX4

142.250.74.168

302 Found

250 B

URL HTTP/1.1
www.googletagmanager.com/gtm.js?id=GTM-M83DX4
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
250 B (250 bytes)
Hash
1373afd5f63dc37d3b1e0cd4a9857230
c6f8ae3f09ce337c9e491f0946bdfe8eab86188a
989490b30a61855760b9f74412798e09385461c1f5f07e630d5fa943bc27a47e

HTTP Headers

GET /gtm.js?id=GTM-M83DX4 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtm.js?id=GTM-M83DX4
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 17 Feb 2023 13:54:50 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 250
X-XSS-Protection: 0

in.taskanalytics.com/00012/tm.js?r=&1595293061872

108.128.72.146

403 Forbidden

7 B

URL HTTP/1.1
in.taskanalytics.com/00012/tm.js?r=&1595293061872
IP
108.128.72.146:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /00012/tm.js?r=&1595293061872 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/

HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:54:50 GMT
Via: 1.1 vegur

in.taskanalytics.com/00012/tm.js?r=&1595293061723

108.128.72.146

403 Forbidden

7 B

URL HTTP/1.1
in.taskanalytics.com/00012/tm.js?r=&1595293061723
IP
108.128.72.146:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /00012/tm.js?r=&1595293061723 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/

HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:54:50 GMT
Via: 1.1 vegur

push.services.mozilla.com/

52.36.23.49

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.36.23.49:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: NCzaCMtrQFghkdHb5ONVpg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: mB6zY6mXXGjgNujimbK7Wr5t8H4=

www.lmlenzitrasporti.com/page1/rola/posten/file/moatframe.js.t%C3%A9l%C3%A9chargement

89.46.110.68

404 Not Found

196 B

URL HTTP/1.1
www.lmlenzitrasporti.com/page1/rola/posten/file/moatframe.js.t%C3%A9l%C3%A9chargement
IP
89.46.110.68:0
ASN
#31034 Aruba S.p.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge
fortinet	Phishing

HTTP Headers

GET /page1/rola/posten/file/moatframe.js.t%C3%A9l%C3%A9chargement HTTP/1.1
Host: www.lmlenzitrasporti.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/page1/rola/posten/

HTTP/1.1 404 Not Found
Server: aruba-proxy
Date: Fri, 17 Feb 2023 13:54:50 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive

www.googletagmanager.com/gtm.js?id=GTM-M83DX4

142.250.74.168

302 Found

250 B

URL HTTP/1.1
www.googletagmanager.com/gtm.js?id=GTM-M83DX4
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
250 B (250 bytes)
Hash
1373afd5f63dc37d3b1e0cd4a9857230
c6f8ae3f09ce337c9e491f0946bdfe8eab86188a
989490b30a61855760b9f74412798e09385461c1f5f07e630d5fa943bc27a47e

HTTP Headers

GET /gtm.js?id=GTM-M83DX4 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtm.js?id=GTM-M83DX4
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 17 Feb 2023 13:54:50 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 250
X-XSS-Protection: 0

in.taskanalytics.com/00012/tm.js?r=&1595285185398

108.128.72.146

403 Forbidden

7 B

URL HTTP/1.1
in.taskanalytics.com/00012/tm.js?r=&1595285185398
IP
108.128.72.146:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /00012/tm.js?r=&1595285185398 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/

HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:54:50 GMT
Via: 1.1 vegur

www.lmlenzitrasporti.com/_/asset/no.posten.website:1594301215/css/postenstyle.css

89.46.110.68

404 Not Found

196 B

URL HTTP/1.1
www.lmlenzitrasporti.com/_/asset/no.posten.website:1594301215/css/postenstyle.css
IP
89.46.110.68:0
ASN
#31034 Aruba S.p.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /_/asset/no.posten.website:1594301215/css/postenstyle.css HTTP/1.1
Host: www.lmlenzitrasporti.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/page1/rola/posten/

HTTP/1.1 404 Not Found
Server: aruba-proxy
Date: Fri, 17 Feb 2023 13:54:50 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive

www.googletagmanager.com/gtm.js?id=GTM-M83DX4

142.250.74.168

302 Found

250 B

URL HTTP/1.1
www.googletagmanager.com/gtm.js?id=GTM-M83DX4
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
250 B (250 bytes)
Hash
1373afd5f63dc37d3b1e0cd4a9857230
c6f8ae3f09ce337c9e491f0946bdfe8eab86188a
989490b30a61855760b9f74412798e09385461c1f5f07e630d5fa943bc27a47e

HTTP Headers

GET /gtm.js?id=GTM-M83DX4 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/

HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtm.js?id=GTM-M83DX4
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 17 Feb 2023 13:54:50 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 250
X-XSS-Protection: 0

www.lmlenzitrasporti.com/_/asset/no.posten.website:1594301215/js/bundle.js

89.46.110.68

404 Not Found

196 B

URL HTTP/1.1
www.lmlenzitrasporti.com/_/asset/no.posten.website:1594301215/js/bundle.js
IP
89.46.110.68:0
ASN
#31034 Aruba S.p.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge
fortinet	Phishing

HTTP Headers

GET /_/asset/no.posten.website:1594301215/js/bundle.js HTTP/1.1
Host: www.lmlenzitrasporti.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/page1/rola/posten/
Cookie: _gcl_au=1.1.492847991.1676642090

HTTP/1.1 404 Not Found
Server: aruba-proxy
Date: Fri, 17 Feb 2023 13:54:50 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
167cff66da2ad389f3881da21eaf9c4a
d41bde1198e497ded95069effafcba927c07be5c
2f7f1a258056ae5b8cbe7caf0c10e693bb4f67906090a298ca4d0a092d173e95

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:54:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdn.mycomandia.com/static/shop/common/fonts/flaticon/Flaticon.woff2

176.31.232.62

200 OK

2.0 kB

URL HTTP/2
cdn.mycomandia.com/static/shop/common/fonts/flaticon/Flaticon.woff2
IP
176.31.232.62:0
ASN
#16276 OVH SAS

File type
Web Open Font Format (Version 2), TrueType, length 2024, version 1.0\012- data
Size
2.0 kB (2024 bytes)
Hash
c1b7ca92614b5e76d59b8b467f1d8dd9
6ada3f43e5b4ec1a77383f2af00dd2b3c990af5c
a92c73eb3e53032a9846ca27c2c579b424b45a893ac814288954762e878b5e1b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /static/shop/common/fonts/flaticon/Flaticon.woff2 HTTP/1.1
Host: cdn.mycomandia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.lmlenzitrasporti.com
Connection: keep-alive
Referer: https://cdn.mycomandia.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 17 Feb 2023 13:54:50 GMT
content-type: application/octet-stream
content-length: 2024
last-modified: Tue, 27 Aug 2019 11:07:46 GMT
etag: "5d650f02-7e8"
server: rebelio-n1
expires: Sat, 17 Feb 2024 13:54:50 GMT
cache-control: max-age=31536000
backend: 1
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

8260928.fls.doubleclick.net/activityi;src=8260928;type=global;cat=postengl;ord=9825057889983;gtm=45He32f0;auiddc=492847991.1676642090;u1=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F;u2=page1;u3=rola-posten;u4=Posten.no;u5=;~oref=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F?

142.250.74.70

200 OK

273 B

URL HTTP/2
8260928.fls.doubleclick.net/activityi;src=8260928;type=global;cat=postengl;ord=9825057889983;gtm=45He32f0;auiddc=492847991.1676642090;u1=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F;u2=page1;u3=rola-posten;u4=Posten.no;u5=;~oref=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F?
IP
142.250.74.70:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (590), with no line terminators
Size
273 B (273 bytes)
Hash
212939c33a336a7f7f321daf9045ad9d
015536e783027c8e2f3eb81c038284f105bd99f1
9cfa3a8ce9c9425a1775a6bde6722c74dc47c4432168223ad14389148ee867fe

HTTP Headers

GET /activityi;src=8260928;type=global;cat=postengl;ord=9825057889983;gtm=45He32f0;auiddc=492847991.1676642090;u1=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F;u2=page1;u3=rola-posten;u4=Posten.no;u5=;~oref=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F? HTTP/1.1
Host: 8260928.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:54:50 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 273
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 17-Feb-2023 14:09:50 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
cb1f5e62b141c5096e8c7d26a07dc226
126ad2b6b2b64a77e8a41c7d13aa350301462272
f63f12b64a341369e32d441bd666ff6e3aa49e3d2464dab168d97dc3ac6d2230

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:54:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.lmlenzitrasporti.com/_/asset/no.posten.website:1594301215/js/chatbot.js

89.46.110.68

404 Not Found

196 B

URL HTTP/1.1
www.lmlenzitrasporti.com/_/asset/no.posten.website:1594301215/js/chatbot.js
IP
89.46.110.68:0
ASN
#31034 Aruba S.p.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge
fortinet	Phishing

HTTP Headers

GET /_/asset/no.posten.website:1594301215/js/chatbot.js HTTP/1.1
Host: www.lmlenzitrasporti.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/page1/rola/posten/
Cookie: _gcl_au=1.1.492847991.1676642090

HTTP/1.1 404 Not Found
Server: aruba-proxy
Date: Fri, 17 Feb 2023 13:54:51 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
aca8b73a066e2f30e966c25d0ff80224
c465ff174891c76ba6899a50c81fcdf700887de8
f5a07ec450cba204cf6c38a5ac3d16f0a63811f83816aa874d08148fb6c23e29

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:54:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

adservice.google.com/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=9825057889983;gtm=45He32f0;auiddc=492847991.1676642090;u1=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F;u2=page1;u3=rola-posten;u4=Posten.no;u5=;~oref=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F

142.250.74.130

200 OK

273 B

URL HTTP/2
adservice.google.com/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=9825057889983;gtm=45He32f0;auiddc=492847991.1676642090;u1=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F;u2=page1;u3=rola-posten;u4=Posten.no;u5=;~oref=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F
IP
142.250.74.130:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (589), with no line terminators
Size
273 B (273 bytes)
Hash
7e58b5b289589a04cd358fa3f7be3f28
3e2290dfd0c2c4a394cb8ee2d450a8118fcd8287
fe8d334a7bf3e88bd39edb4ed0a368c783ef30c0939dabd43272f96d62dfc620

HTTP Headers

GET /ddm/fls/i/src=8260928;type=global;cat=postengl;ord=9825057889983;gtm=45He32f0;auiddc=492847991.1676642090;u1=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F;u2=page1;u3=rola-posten;u4=Posten.no;u5=;~oref=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://8260928.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:54:51 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 273
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

8260928.fls.doubleclick.net/activityi;src=8260928;type=global;cat=postengl;ord=1731455357069;gtm=2wg783;auiddc=1977740214.1595281331;u1=https%3A%2F%2Fwww.posten.no%2F;u2=;u3=undefined;u4=Posten.no;u5=;~oref=https%3A%2F%2Fwww.posten.no%2F?

142.250.74.70

200 OK

379 B

URL HTTP/1.1
8260928.fls.doubleclick.net/activityi;src=8260928;type=global;cat=postengl;ord=1731455357069;gtm=2wg783;auiddc=1977740214.1595281331;u1=https%3A%2F%2Fwww.posten.no%2F;u2=;u3=undefined;u4=Posten.no;u5=;~oref=https%3A%2F%2Fwww.posten.no%2F?
IP
142.250.74.70:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (514), with no line terminators
Size
379 B (379 bytes)
Hash
b0d6eab9eab3a20438b0bd13da342a70
134028116c2bead7b536a69aff5cdffbe7cef66c
a10b560c3b8f69897480622085a0ab5675665bff0b3e3f8ead749b3f2535c7dc

HTTP Headers

GET /activityi;src=8260928;type=global;cat=postengl;ord=1731455357069;gtm=2wg783;auiddc=1977740214.1595281331;u1=https%3A%2F%2Fwww.posten.no%2F;u2=;u3=undefined;u4=Posten.no;u5=;~oref=https%3A%2F%2Fwww.posten.no%2F? HTTP/1.1
Host: 8260928.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 17 Feb 2023 13:54:51 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Strict-Transport-Security: max-age=21600
Content-Type: text/html; charset=UTF-8
Pragma: no-cache
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 379
X-XSS-Protection: 0

8260928.fls.doubleclick.net/activityi;src=8260928;type=global;cat=postengl;ord=4649758211791;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D?

142.250.74.70

200 OK

427 B

URL HTTP/1.1
8260928.fls.doubleclick.net/activityi;src=8260928;type=global;cat=postengl;ord=4649758211791;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D?
IP
142.250.74.70:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (636), with no line terminators
Size
427 B (427 bytes)
Hash
78b225543f9ea122bf259d94fd379b4b
cbe260dd69e0791c6479bf8c214f28aa09a41286
e2e8bdcba10a07de068f0c41f8f0c7dd6bfed0b8b0f4aaedae5b263cd70e0362

HTTP Headers

GET /activityi;src=8260928;type=global;cat=postengl;ord=4649758211791;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D? HTTP/1.1
Host: 8260928.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 17 Feb 2023 13:54:51 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Strict-Transport-Security: max-age=21600
Content-Type: text/html; charset=UTF-8
Pragma: no-cache
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 427
X-XSS-Protection: 0

8260928.fls.doubleclick.net/activityi;src=8260928;type=global;cat=postengl;ord=8037061832867;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D?

142.250.74.70

200 OK

427 B

URL HTTP/1.1
8260928.fls.doubleclick.net/activityi;src=8260928;type=global;cat=postengl;ord=8037061832867;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D?
IP
142.250.74.70:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (636), with no line terminators
Size
427 B (427 bytes)
Hash
7894f56de7efa41c42aab98bd8cd19ba
4a3a8110cc5a2e6deccedda3ac6d00bed188ff10
34c3b01b8c469b58e9933b67e4a12c9dd98ec4daefd4324f0aceb92cf8dd6d44

HTTP Headers

GET /activityi;src=8260928;type=global;cat=postengl;ord=8037061832867;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D? HTTP/1.1
Host: 8260928.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 17 Feb 2023 13:54:51 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Strict-Transport-Security: max-age=21600
Content-Type: text/html; charset=UTF-8
Pragma: no-cache
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 427
X-XSS-Protection: 0

in.taskanalytics.com/00012/tm.js?r=&1676642090326

108.128.72.146

403 Forbidden

7 B

URL HTTP/1.1
in.taskanalytics.com/00012/tm.js?r=&1676642090326
IP
108.128.72.146:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /00012/tm.js?r=&1676642090326 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/

HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:54:51 GMT
Via: 1.1 vegur

in.taskanalytics.com/00012/tm.js?r=&1676642090331

108.128.72.146

403 Forbidden

7 B

URL HTTP/1.1
in.taskanalytics.com/00012/tm.js?r=&1676642090331
IP
108.128.72.146:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /00012/tm.js?r=&1676642090331 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/

HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:54:51 GMT
Via: 1.1 vegur

in.taskanalytics.com/00012/tm.js?r=&1676642090333

108.128.72.146

403 Forbidden

7 B

URL HTTP/1.1
in.taskanalytics.com/00012/tm.js?r=&1676642090333
IP
108.128.72.146:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
9394bb34611399534ffac4f0ece96b7f
b4e856ccc12dd97ea890dfc802609afe410903b1
63446cf888571b1c5373a4ac8452e35ac378cdee775d3e5dee86903a1381d536

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /00012/tm.js?r=&1676642090333 HTTP/1.1
Host: in.taskanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/

HTTP/1.1 403 Forbidden
Server: Cowboy
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Vary: origin
Access-Control-Expose-Headers: WWW-Authenticate,Server-Authorization
Cache-Control: no-cache
Content-Length: 7
Date: Fri, 17 Feb 2023 13:54:51 GMT
Via: 1.1 vegur

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0fa96c0ed89bf54a1fb36555f527fcde
00366fa4ab2dbf17dbc987fb055cd9f573ccd30a
6f182e3b430c1e94329d84d1ee10dc550fe1b79f251a8467118cf6102e403a9d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:54:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

b.scorecardresearch.com/beacon.js

54.230.111.7

200 OK

1.9 kB

URL HTTP/1.1
b.scorecardresearch.com/beacon.js
IP
54.230.111.7:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (3936)
Size
1.9 kB (1857 bytes)
Hash
ccbe1595614949962ea0f4c9ec84e783
65525e8918223db782724d28fce74efb513a0fb0
f422f26d9197a10abf1a13a13a87a5fcc4b98ad57aae11fadfddf2df02b591f5

HTTP Headers

GET /beacon.js HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/

HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 28 Jun 2022 13:19:23 GMT
x-amz-server-side-encryption: AES256
Server: AmazonS3
Content-Encoding: gzip
Date: Fri, 17 Feb 2023 03:09:49 GMT
Cache-Control: max-age=86400
ETag: W/"eaf85c1c6758e84acfe134efd70e9373"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: IavMji_NbBnebH7J6-TP1nAjIl0Y4TDrN9PiW1bvLDMF9WjSFqgvww==
Age: 38703

static.ads-twitter.com/uwt.js

151.101.84.157

200 OK

15 kB

URL HTTP/1.1
static.ads-twitter.com/uwt.js
IP
151.101.84.157:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (57596), with no line terminators
Size
15 kB (15375 bytes)
Hash
573e6a7f86f6f3063763360ef0672c01
b12eab3b4ac8872d49ac6e15f9cd17741765c0cf
02445eb022a04139531f0ce8d8980c31083a1c670936f1477f5cfc4d252133f7

HTTP Headers

GET /uwt.js HTTP/1.1
Host: static.ads-twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/

HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 15375
Last-Modified: Thu, 27 Oct 2022 18:55:37 GMT
Cache-Control: no-cache
Content-Type: application/javascript; charset=utf-8
Content-Encoding: gzip
Etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
Accept-Ranges: bytes
Date: Fri, 17 Feb 2023 13:54:51 GMT
X-Served-By: cache-iad-kjyo7100147-IAD, cache-bma1643-BMA
X-Cache: HIT, HIT
Vary: Accept-Encoding,Host
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT

connect.facebook.net/en_US/fbevents.js

31.13.72.12

301 Moved Permanently

0 B

URL HTTP/1.1
connect.facebook.net/en_US/fbevents.js
IP
31.13.72.12:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/

HTTP/1.1 301 Moved Permanently
Location: https://connect.facebook.net/en_US/fbevents.js
Content-Type: text/plain
Server: proxygen-bolt
Date: Fri, 17 Feb 2023 13:54:51 GMT
Connection: keep-alive
Content-Length: 0

static.ads-twitter.com/uwt.js

151.101.84.157

304 Not Modified

0 B

URL HTTP/1.1
static.ads-twitter.com/uwt.js
IP
151.101.84.157:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uwt.js HTTP/1.1
Host: static.ads-twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
If-Modified-Since: Thu, 27 Oct 2022 18:55:37 GMT
If-None-Match: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"

HTTP/1.1 304 Not Modified
Connection: keep-alive
Date: Fri, 17 Feb 2023 13:54:51 GMT
Cache-Control: no-cache
ETag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
X-Served-By: cache-bma1643-BMA
X-Cache: HIT
Vary: Accept-Encoding,Host
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT

snap.licdn.com/li.lms-analytics/insight.min.js

95.101.11.57

200 OK

4.8 kB

URL HTTP/2
snap.licdn.com/li.lms-analytics/insight.min.js
IP
95.101.11.57:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (13351)
Size
4.8 kB (4777 bytes)
Hash
74f72658f6efd10c4c286ab07cd5e452
9fa4dfc644b6e818914f2f2c4fe4bdf791fd6d39
6681619d5962f95b3fccfa34a7f035664edb66522d237ea0c28a05851f9d295c

HTTP Headers

GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Tue, 10 Jan 2023 17:22:56 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=48444
date: Fri, 17 Feb 2023 13:54:51 GMT
content-length: 4777
x-content-type-options: nosniff
x-cdn: AKAM
X-Firefox-Spdy: h2

script.hotjar.com/modules.a1fbf755044ca8f629ba.js

54.230.111.44

200 OK

89 kB

URL HTTP/2
script.hotjar.com/modules.a1fbf755044ca8f629ba.js
IP
54.230.111.44:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (65536), with no line terminators
Size
89 kB (88758 bytes)
Hash
db69fc2480d3485a988c1628d311d0c0
82abdfda4d399e9e8032a71f1f962e91ad80860f
7517e0f2be2260c0cd09514fb51ac73f72751caa5e58e4fa5267732f3862b318

HTTP Headers

GET /modules.a1fbf755044ca8f629ba.js HTTP/1.1
Host: script.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
content-length: 88758
date: Thu, 05 Jan 2023 12:22:43 GMT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=31536000
content-encoding: br
cross-origin-resource-policy: cross-origin
etag: "db69fc2480d3485a988c1628d311d0c0"
last-modified: Wed, 22 Jul 2020 09:42:49 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 1qkmceZ9N488uRQMg5oBG6Y16VJ2ZboiHFziMV341CJzVhgsJs36Gg==
age: 3720728
X-Firefox-Spdy: h2

static.ads-twitter.com/uwt.js

151.101.84.157

304 Not Modified

0 B

URL HTTP/1.1
static.ads-twitter.com/uwt.js
IP
151.101.84.157:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uwt.js HTTP/1.1
Host: static.ads-twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
If-Modified-Since: Thu, 27 Oct 2022 18:55:37 GMT
If-None-Match: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"

HTTP/1.1 304 Not Modified
Connection: keep-alive
Date: Fri, 17 Feb 2023 13:54:51 GMT
Cache-Control: no-cache
ETag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
X-Served-By: cache-bma1643-BMA
X-Cache: HIT
Vary: Accept-Encoding,Host
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT

www.google-analytics.com/analytics.js

216.239.38.178

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
216.239.38.178:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1490)
Size
20 kB (20085 bytes)
Hash
ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Fri, 17 Feb 2023 13:45:20 GMT
expires: Fri, 17 Feb 2023 15:45:20 GMT
cache-control: public, max-age=7200
age: 571
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

vars.hotjar.com/box-XMRheight:%201px%20!important;%20opacity:%200%20!important;%20pointer-events:%20none%20!important;

108.157.214.129

403 Forbidden

243 B

URL HTTP/2
vars.hotjar.com/box-XMRheight:%201px%20!important;%20opacity:%200%20!important;%20pointer-events:%20none%20!important;
IP
108.157.214.129:0
ASN
#16509 AMAZON-02

File type
data
Size
243 B (243 bytes)
Hash
99f9507d367503cef34bfca45c0f21f9
a44c4b0a5af5266fd7d55760666eadd66bb60026
0ada8172f6200fa100fd564581677668ecc37c48334eb87202c63c6220a23b77

HTTP Headers

GET /box-XMRheight:%201px%20!important;%20opacity:%200%20!important;%20pointer-events:%20none%20!important; HTTP/1.1
Host: vars.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 403 Forbidden
content-type: application/xml
content-length: 243
date: Fri, 17 Feb 2023 13:54:51 GMT
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=2592000; includeSubDomains
x-robots-tag: none
vary: Accept-Encoding
x-cache: Error from cloudfront
via: 1.1 30a448a0dbd4a52ea118d2e64f0535c8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: Qmsq3zEdUuO2ZlCZ-Y2KIbWYTuZxn1CW9f3vdfzAPMS7J3tPttW-fQ==
X-Firefox-Spdy: h2

www.google-analytics.com/plugins/ua/linkid.js

216.239.38.178

200 OK

859 B

URL HTTP/2
www.google-analytics.com/plugins/ua/linkid.js
IP
216.239.38.178:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1335)
Size
859 B (859 bytes)
Hash
904463ce35aee800847ab85ec948aaf6
904e4d2647466c7f7e0f7412019984e3b2ccfb24
057b4d29359dfe2536a2ec40243bdfa7b151222efcc1eb358608994a14c34237

HTTP Headers

GET /plugins/ua/linkid.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 859
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 17 Feb 2023 13:47:21 GMT
expires: Fri, 17 Feb 2023 14:47:21 GMT
cache-control: public, max-age=3600
age: 450
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

static.hotjar.com/c/hotjar-507531.js?sv=7

54.230.111.39

200 OK

0 B

URL HTTP/2
static.hotjar.com/c/hotjar-507531.js?sv=7
IP
54.230.111.39:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c/hotjar-507531.js?sv=7 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
content-length: 0
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=2592000; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
date: Fri, 17 Feb 2023 13:54:02 GMT
cache-control: max-age=60
etag: W/d41d8cd98f00b204e9800998ecf8427e
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: aOBvy_yDFp83HKFqX5-ufCXcifugTiJck2hUzcsMMJXKIs9mhfnqEw==
age: 49
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
1d265a8dd327a623f78bca3983a79e02
61e62434256bfbb2a88b27f50b059c03580300ca
cada3b43d2add1edbac39f050ec315498f12b2ec3c8ea1061322054ec5c56549

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:54:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googleadservices.com/pagead/conversion_async.js

142.250.74.34

200 OK

15 kB

URL HTTP/2
www.googleadservices.com/pagead/conversion_async.js
IP
142.250.74.34:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1654)
Size
15 kB (15164 bytes)
Hash
74ace29e686ae4445710506fba552bd5
f09b4d13010f36b8f3efb0442b3d6e616e26a643
f655be0a03ae5bb0d71fae713a55c95462e40c688c2154221ba8c95d94917ff1

HTTP Headers

GET /pagead/conversion_async.js HTTP/1.1
Host: www.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 17 Feb 2023 13:54:51 GMT
expires: Fri, 17 Feb 2023 13:54:51 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 10376002428160754156
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 15164
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/pagead/1p-conversion/undefined/?random=1676642090014&cv=11&fst=1676642090014&bg=ffffff&guid=ON&async=1&gtm=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=492847991.1676642090&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4

216.58.211.4

302 Found

63 B

URL HTTP/2
www.google.com/pagead/1p-conversion/undefined/?random=1676642090014&cv=11&fst=1676642090014&bg=ffffff&guid=ON&async=1&gtm=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=492847991.1676642090&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4
IP
216.58.211.4:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
63 B (63 bytes)
Hash
0339f8f57d1bf75003db591e28957e45
ae2286e497c9f76a02cb40c40a674b73bd293b76
609cd8e12464fe137cfaa9f1ab6637150d44e105559c901b6df50303fd05aa26

HTTP Headers

GET /pagead/1p-conversion/undefined/?random=1676642090014&cv=11&fst=1676642090014&bg=ffffff&guid=ON&async=1&gtm=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=492847991.1676642090&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:54:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/pagead/1p-conversion/undefined/?random=1676642090014&cv=11&fst=1676642090014&bg=ffffff&guid=ON&async=1&gtm=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=492847991.1676642090&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
content-type: text/javascript; charset=UTF-8
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 63
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.lmlenzitrasporti.com/_/image/60b33711-0a7f-40bc-974b-0209e50dae4a:91dbc5bf28c5fb069b0219ca5856e5da19efea66/square-192/posten-logo.png

89.46.110.68

404 Not Found

196 B

URL HTTP/1.1
www.lmlenzitrasporti.com/_/image/60b33711-0a7f-40bc-974b-0209e50dae4a:91dbc5bf28c5fb069b0219ca5856e5da19efea66/square-192/posten-logo.png
IP
89.46.110.68:0
ASN
#31034 Aruba S.p.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /_/image/60b33711-0a7f-40bc-974b-0209e50dae4a:91dbc5bf28c5fb069b0219ca5856e5da19efea66/square-192/posten-logo.png HTTP/1.1
Host: www.lmlenzitrasporti.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/page1/rola/posten/
Cookie: _gcl_au=1.1.492847991.1676642090

HTTP/1.1 404 Not Found
Server: aruba-proxy
Date: Fri, 17 Feb 2023 13:54:51 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f8e34919a45c91c9c24ade6931afd022
388e683ca7de47486837127ab54d6265867443ea
c2ff7fece933be0048e1d6b1b82afec259124974fa63ab86f789981bfcb1eb78

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:54:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.lmlenzitrasporti.com/_/image/60b33711-0a7f-40bc-974b-0209e50dae4a:91dbc5bf28c5fb069b0219ca5856e5da19efea66/square-16/posten-logo.png

89.46.110.68

404 Not Found

196 B

URL HTTP/1.1
www.lmlenzitrasporti.com/_/image/60b33711-0a7f-40bc-974b-0209e50dae4a:91dbc5bf28c5fb069b0219ca5856e5da19efea66/square-16/posten-logo.png
IP
89.46.110.68:0
ASN
#31034 Aruba S.p.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /_/image/60b33711-0a7f-40bc-974b-0209e50dae4a:91dbc5bf28c5fb069b0219ca5856e5da19efea66/square-16/posten-logo.png HTTP/1.1
Host: www.lmlenzitrasporti.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/page1/rola/posten/
Cookie: _gcl_au=1.1.492847991.1676642090

HTTP/1.1 404 Not Found
Server: aruba-proxy
Date: Fri, 17 Feb 2023 13:54:51 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 196
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
1bf3278c2046b4fdb1f775dca9bc8b16
54fa26cf0329818b9878e437a59ddccc8d72d35f
f794ad5a7249fe547829bc49ec42f96270f9de8ce9b17c1581e06c0ff3e9785d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5948
Cache-Control: max-age=159692
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:54:51 GMT
Etag: "63ef3cbb-1d7"
Expires: Sun, 19 Feb 2023 10:16:23 GMT
Last-Modified: Fri, 17 Feb 2023 08:37:15 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471

www.gstatic.com/images/branding/product/2x/translate_24dp.png

216.58.211.3

200 OK

1.8 kB

URL HTTP/2
www.gstatic.com/images/branding/product/2x/translate_24dp.png
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
1.8 kB (1842 bytes)
Hash
c69c796362406f9e11c7f4bf5bb628da
e489ce95ab56208090868882113d7416abf46775
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

HTTP Headers

GET /images/branding/product/2x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://translate.googleapis.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1842
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 17 Feb 2023 10:24:39 GMT
expires: Sat, 17 Feb 2024 10:24:39 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
vary: Origin
age: 12612
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f8e34919a45c91c9c24ade6931afd022
388e683ca7de47486837127ab54d6265867443ea
c2ff7fece933be0048e1d6b1b82afec259124974fa63ab86f789981bfcb1eb78

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:54:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

connect.facebook.net/en_US/fbevents.js

31.13.72.12

200 OK

28 kB

URL HTTP/2
connect.facebook.net/en_US/fbevents.js
IP
31.13.72.12:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (64348)
Size
28 kB (27843 bytes)
Hash
be5a1814429d0a129322abda3791987f
9e0eeee65e17a9c6df149ed1f01d3d7194833fd8
75afa897dd6f4b97b0697589569c7c4f87e32b79addf981febc78a4ff741210e

HTTP Headers

GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
origin-agent-cluster: ?0
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: l4mezuTX2daMM4ARayR4CGp613OdXqjIJDL6Z5PzHcr2oRfyTkARIFdY/iTHYS5K/I0cFpZh/Q66mhpXVOD5GQ==
content-length: 27843
x-fb-trip-id: 1904183273
date: Fri, 17 Feb 2023 13:54:51 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

encrypted-tbn0.gstatic.com/images?q=tbn%3AANd9GcQTrX8MP4pA-vzwCA0DiAM71Fj69Cm9CP7aY7NITLF99rsGcwM9

142.250.74.78

200 OK

6.2 kB

URL HTTP/2
encrypted-tbn0.gstatic.com/images?q=tbn%3AANd9GcQTrX8MP4pA-vzwCA0DiAM71Fj69Cm9CP7aY7NITLF99rsGcwM9
IP
142.250.74.78:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x168, components 3\012- data
Size
6.2 kB (6238 bytes)
Hash
2063951383d22405d0663550e2ed3762
6a256b7cdec8d0e0aaf2c86c17e7cc34693a609e
0fb41ab8877699782e17566fafad17e01b8d04b840db658583cb0d3b9508fff4

HTTP Headers

GET /images?q=tbn%3AANd9GcQTrX8MP4pA-vzwCA0DiAM71Fj69Cm9CP7aY7NITLF99rsGcwM9 HTTP/1.1
Host: encrypted-tbn0.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-length: 6238
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 17 Feb 2023 06:24:19 GMT
expires: Sat, 17 Feb 2024 06:24:19 GMT
cache-control: public, max-age=31536000
age: 27032
last-modified: Thu, 28 Dec 2017 03:23:06 GMT
content-type: image/jpeg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d56fcc1e441a5a55e8e534be7b4f0e78
534216c89feed8f38c5b289ba5134f2b74b714ce
32b19f3ef1a5d882a0b243a836adc26bf4c854cc40aa2ae9fac271e6f32b5241

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:54:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/images/branding/product/1x/translate_24dp.png

216.58.211.3

200 OK

846 B

URL HTTP/2
www.gstatic.com/images/branding/product/1x/translate_24dp.png
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
846 B (846 bytes)
Hash
e9cd262114358f26b7608b56905185dc
6dbde0a96deaab2b529723ce26c62043cf9180ab
5a861509b658aa24fc3aed2867ac3c061e7d818d90b9990959afc6d1b5d4ff99

HTTP Headers

GET /images/branding/product/1x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 846
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 17 Feb 2023 08:21:26 GMT
expires: Sat, 17 Feb 2024 08:21:26 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
content-type: image/png
vary: Origin
age: 20005
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c9e6e005454b8541d1c2b06348e59b91
8f7f5ae9386edf53c6dc1cffed0a1d89ebb413cd
92e1518234ecff2b0656e1714f63ff8501eb727addcdcfc5c293a42eef177765

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:54:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

googleads.g.doubleclick.net/pagead/viewthroughconversion/undefined/?random=1676642090014&cv=11&fst=1676642090014&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=492847991.1676642090&gcp=1&ct_cookie_present=1

216.58.207.194

200 OK

42 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/undefined/?random=1676642090014&cv=11&fst=1676642090014&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=492847991.1676642090&gcp=1&ct_cookie_present=1
IP
216.58.207.194:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/viewthroughconversion/undefined/?random=1676642090014&cv=11&fst=1676642090014&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=492847991.1676642090&gcp=1&ct_cookie_present=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:54:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 17-Feb-2023 14:09:51 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

acdn.adnxs.com/dmp/up/pixie.js

151.101.65.108

200 OK

3.3 kB

URL HTTP/1.1
acdn.adnxs.com/dmp/up/pixie.js
IP
151.101.65.108:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (9139), with no line terminators
Size
3.3 kB (3340 bytes)
Hash
75b9af81e30e45403e6856566e888545
d013e9a47331447f32c2bdf6f35b286e711788f0
dd26e2e55783f6174ceea7c7a3b10e5af1c7fca56fc2543956a38b848f32a151

HTTP Headers

GET /dmp/up/pixie.js HTTP/1.1
Host: acdn.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/

HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 3340
Server: nginx/1.18.0 (Ubuntu)
Content-Type: application/javascript
Last-Modified: Wed, 02 Jun 2021 15:04:00 GMT
ETag: W/"60b79de0-23b3"
Expires: Fri, 27 Jan 2023 02:11:02 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 17 Feb 2023 13:54:51 GMT
Age: 42187
X-Served-By: cache-lga21930-LGA, cache-bma1654-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 101, 6916
X-Timer: S1676642091.490321,VS0,VE0
Vary: Accept-Encoding

adservice.google.no/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=4649758211791;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D

142.250.74.162

200 OK

85 B

URL HTTP/2
adservice.google.no/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=4649758211791;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
85 B (85 bytes)
Hash
4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb

HTTP Headers

GET /ddm/fls/i/src=8260928;type=global;cat=postengl;ord=4649758211791;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:54:51 GMT
expires: Fri, 17 Feb 2023 13:54:51 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

adservice.google.no/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=1731455357069;gtm=2wg783;auiddc=1977740214.1595281331;u1=https%3A%2F%2Fwww.posten.no%2F;u2=;u3=undefined;u4=Posten.no;u5=;~oref=https%3A%2F%2Fwww.posten.no%2F

142.250.74.162

200 OK

85 B

URL HTTP/2
adservice.google.no/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=1731455357069;gtm=2wg783;auiddc=1977740214.1595281331;u1=https%3A%2F%2Fwww.posten.no%2F;u2=;u3=undefined;u4=Posten.no;u5=;~oref=https%3A%2F%2Fwww.posten.no%2F
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
85 B (85 bytes)
Hash
4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb

HTTP Headers

GET /ddm/fls/i/src=8260928;type=global;cat=postengl;ord=1731455357069;gtm=2wg783;auiddc=1977740214.1595281331;u1=https%3A%2F%2Fwww.posten.no%2F;u2=;u3=undefined;u4=Posten.no;u5=;~oref=https%3A%2F%2Fwww.posten.no%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:54:51 GMT
expires: Fri, 17 Feb 2023 13:54:51 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

adservice.google.no/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=8037061832867;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D

142.250.74.162

200 OK

85 B

URL HTTP/2
adservice.google.no/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=8037061832867;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
85 B (85 bytes)
Hash
4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb

HTTP Headers

GET /ddm/fls/i/src=8260928;type=global;cat=postengl;ord=8037061832867;gtm=2wg783;auiddc=1528092789.1593547249;u1=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;u2=page;u3=manage-;u4=Posten.no;u5=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F;~oref=http%3A%2F%2Flocalhost%2Fpage%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:54:51 GMT
expires: Fri, 17 Feb 2023 13:54:51 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b617ba367e1ea63751230f57dea54575
e8e5b334030322c32596b4b8ca13688ae94426f5
7a9f17f10e76770dfd7ec9d725225699cf1364ec83f5d0ec077774f388605245

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:54:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c9e6e005454b8541d1c2b06348e59b91
8f7f5ae9386edf53c6dc1cffed0a1d89ebb413cd
92e1518234ecff2b0656e1714f63ff8501eb727addcdcfc5c293a42eef177765

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:54:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
fc63911e4661aa872ac148ba0e622495
8c71e1a1ca7a84edaeda049a242868a603685883
f9801dcdaab6db35dde3127add82844087ebdba6bf3149e4b54946e5e8e234d4

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:54:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

adservice.google.no/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=9825057889983;gtm=45He32f0;auiddc=492847991.1676642090;u1=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F;u2=page1;u3=rola-posten;u4=Posten.no;u5=;~oref=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F

142.250.74.162

200 OK

85 B

URL HTTP/2
adservice.google.no/ddm/fls/i/src=8260928;type=global;cat=postengl;ord=9825057889983;gtm=45He32f0;auiddc=492847991.1676642090;u1=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F;u2=page1;u3=rola-posten;u4=Posten.no;u5=;~oref=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
85 B (85 bytes)
Hash
4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb

HTTP Headers

GET /ddm/fls/i/src=8260928;type=global;cat=postengl;ord=9825057889983;gtm=45He32f0;auiddc=492847991.1676642090;u1=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F;u2=page1;u3=rola-posten;u4=Posten.no;u5=;~oref=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:54:51 GMT
expires: Fri, 17 Feb 2023 13:54:51 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
1bf3278c2046b4fdb1f775dca9bc8b16
54fa26cf0329818b9878e437a59ddccc8d72d35f
f794ad5a7249fe547829bc49ec42f96270f9de8ce9b17c1581e06c0ff3e9785d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5948
Cache-Control: max-age=159692
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:54:51 GMT
Etag: "63ef3cbb-1d7"
Expires: Sun, 19 Feb 2023 10:16:23 GMT
Last-Modified: Fri, 17 Feb 2023 08:37:15 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f8e34919a45c91c9c24ade6931afd022
388e683ca7de47486837127ab54d6265867443ea
c2ff7fece933be0048e1d6b1b82afec259124974fa63ab86f789981bfcb1eb78

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:54:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.r2m01.amazontrust.com/

54.230.80.227

200 OK

471 B

URL HTTP/1.1
ocsp.r2m01.amazontrust.com/
IP
54.230.80.227:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
4311193f1701ae091d50ba2eeabf36be
5c857e688f238adde8e19e470568a05f97a3d93e
021728417b1d75143bbf5bc1e926a50c17bd3ecd910c3090cc9efd03e43ee561

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 17 Feb 2023 13:54:51 GMT
Last-Modified: Fri, 17 Feb 2023 12:16:27 GMT
Server: ECS (bsa/EB15)
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: FRX3epRDLJlkld740SSqXKOen5EezeYJFLsduU9kFFmfvDRRYEHAQA==
Age: 5904

www.google.no/pagead/1p-conversion/undefined/?random=1676642090014&cv=11&fst=1676642090014&bg=ffffff&guid=ON&async=1&gtm=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=492847991.1676642090&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0

142.250.74.35

200 OK

63 B

URL HTTP/2
www.google.no/pagead/1p-conversion/undefined/?random=1676642090014&cv=11&fst=1676642090014&bg=ffffff&guid=ON&async=1&gtm=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=492847991.1676642090&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
63 B (63 bytes)
Hash
0339f8f57d1bf75003db591e28957e45
ae2286e497c9f76a02cb40c40a674b73bd293b76
609cd8e12464fe137cfaa9f1ab6637150d44e105559c901b6df50303fd05aa26

HTTP Headers

GET /pagead/1p-conversion/undefined/?random=1676642090014&cv=11&fst=1676642090014&bg=ffffff&guid=ON&async=1&gtm=45He32f0&u_w=1280&u_h=1024&label=undefined&hn=www.google.com&frm=0&url=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&tiba=Posten.no&value=0&bttype=purchase&auid=492847991.1676642090&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.lmlenzitrasporti.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 17 Feb 2023 13:54:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript; charset=UTF-8
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 63
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c8e9eeefa5d57aae7902f22001cacc91
30a9795bf30ff5c1056f506d866b00535defaeac
22d15f22115215143d2e173bf51e1b694de15e43d86ae46107fed2af7c15eca7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:54:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4e2047d0030ab6ef9ef1aa93bc0e225b
6d370262f2ba2ad80b2bc2ce29ca47a4ad0a7134
77d6af824538cdbd9dcd7e62429c5c5f1fa0970c4a8ddc358d0e95d2049b0140

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 17 Feb 2023 13:54:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

6015663.global.siteimproveanalytics.io/image.aspx?url=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&title=Posten.no&res=1280x1024&accountid=6015663&rt=1151&prev=ef9abbd6-61c1-d113-a291-3023913dccad&luid=eed2a69c-1e45-7e9b-643a-fbd9f014e8bb&rnd=24013

3.122.28.13

200 OK

34 B

URL HTTP/2
6015663.global.siteimproveanalytics.io/image.aspx?url=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&title=Posten.no&res=1280x1024&accountid=6015663&rt=1151&prev=ef9abbd6-61c1-d113-a291-3023913dccad&luid=eed2a69c-1e45-7e9b-643a-fbd9f014e8bb&rnd=24013
IP
3.122.28.13:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
34 B (34 bytes)
Hash
a82ba3a9d42148e9cf209df13d8c3f3d
dba80835d31175bdcf0bcad1abafefb06d86e304
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Posten Norge

HTTP Headers

GET /image.aspx?url=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&title=Posten.no&res=1280x1024&accountid=6015663&rt=1151&prev=ef9abbd6-61c1-d113-a291-3023913dccad&luid=eed2a69c-1e45-7e9b-643a-fbd9f014e8bb&rnd=24013 HTTP/1.1
Host: 6015663.global.siteimproveanalytics.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 17 Feb 2023 13:54:51 GMT
content-type: image/gif
content-length: 34
set-cookie: AWSALB=lK5dr9ANBnq6dutxKQY7Bkawz5KVrTX9+MDz/HAfLoDVVhpMmAzP5S30/pgC1zA4O3ebM915NVnoo75PrTBbs40Pmtb1sx3qSpwpNfcFHfl927/5B1NlDKmRhBl8; Expires=Fri, 24 Feb 2023 13:54:51 GMT; Path=/
AWSALBCORS=lK5dr9ANBnq6dutxKQY7Bkawz5KVrTX9+MDz/HAfLoDVVhpMmAzP5S30/pgC1zA4O3ebM915NVnoo75PrTBbs40Pmtb1sx3qSpwpNfcFHfl927/5B1NlDKmRhBl8; Expires=Fri, 24 Feb 2023 13:54:51 GMT; Path=/; SameSite=None; Secure
cache-control: max-age=0
expires: Fri, 17 Feb 2023 13:54:51 UTC
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d5c646f380041ed1ac1a7ab27727520c
ecdaf9bcfa5f857591fccd16f54508f446a3d17d
365c720e726309a6f71f7867158cd3eac4af6da979f482fb267f877f0824b6ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "365C720E726309A6F71F7867158CD3EAC4AF6DA979F482FB267F877F0824B6BA"
Last-Modified: Wed, 15 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6793
Expires: Fri, 17 Feb 2023 15:48:04 GMT
Date: Fri, 17 Feb 2023 13:54:51 GMT
Connection: keep-alive

ib.adnxs.com/pixie?e=PageView&pi=3ff1e0a2-bf36-4112-bfb2-d9ea337ee435&it=1676642090774&v=0.0.20&u=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&st=1676642090774&et=1676642090774&if=0

37.252.172.123

200 OK

42 B

URL HTTP/1.1
ib.adnxs.com/pixie?e=PageView&pi=3ff1e0a2-bf36-4112-bfb2-d9ea337ee435&it=1676642090774&v=0.0.20&u=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&st=1676642090774&et=1676642090774&if=0
IP
37.252.172.123:0
ASN
#29990 ASN-APPNEX

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pixie?e=PageView&pi=3ff1e0a2-bf36-4112-bfb2-d9ea337ee435&it=1676642090774&v=0.0.20&u=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&st=1676642090774&et=1676642090774&if=0 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Fri, 17 Feb 2023 13:54:51 GMT
Content-Type: image/gif
Content-Length: 42
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com

37.252.172.123

200 OK

42 B

URL HTTP/1.1
ib.adnxs.com/pixie?e=PageView&pi=3ff1e0a2-bf36-4112-bfb2-d9ea337ee435&it=1676642090774&v=0.0.20&u=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&st=1676642090774&et=1676642090775&if=0
IP
37.252.172.123:0
ASN
#29990 ASN-APPNEX

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pixie?e=PageView&pi=3ff1e0a2-bf36-4112-bfb2-d9ea337ee435&it=1676642090774&v=0.0.20&u=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&st=1676642090774&et=1676642090775&if=0 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Fri, 17 Feb 2023 13:54:51 GMT
Content-Type: image/gif
Content-Length: 42
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com

ib.adnxs.com/pixie?e=PageView&pi=9c3f7c51-769b-4487-8db5-bef9b5c66993&it=1676642090775&v=0.0.20&u=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&st=1676642090774&et=1676642090776&if=0

37.252.172.123

200 OK

42 B

URL HTTP/1.1
ib.adnxs.com/pixie?e=PageView&pi=9c3f7c51-769b-4487-8db5-bef9b5c66993&it=1676642090775&v=0.0.20&u=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&st=1676642090774&et=1676642090776&if=0
IP
37.252.172.123:0
ASN
#29990 ASN-APPNEX

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pixie?e=PageView&pi=9c3f7c51-769b-4487-8db5-bef9b5c66993&it=1676642090775&v=0.0.20&u=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&st=1676642090774&et=1676642090776&if=0 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Fri, 17 Feb 2023 13:54:51 GMT
Content-Type: image/gif
Content-Length: 42
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com

px.ads.linkedin.com/collect?v=2&fmt=js&pid=&time=1676642090561&url=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F

13.107.42.14

200 OK

0 B

URL HTTP/2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=&time=1676642090561&url=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F
IP
13.107.42.14:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /collect?v=2&fmt=js&pid=&time=1676642090561&url=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
set-cookie: bcookie="v=2&d232446d-3dcc-473f-8a71-7fb6a79812c0"; domain=.linkedin.com; Path=/; Secure; Expires=Sat, 17-Feb-2024 13:54:51 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2434:u=1:x=1:i=1676642091:t=1676728491:v=2:sig=AQEhHfFfyEIzJ6Jmy1R-A7QnKj0cKUWT"; Expires=Sat, 18 Feb 2023 13:54:51 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAX05ahJ3TZTFCbiLoM8iA==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 61AE46A0B931410F8CB4E84356AD45D6 Ref B: OSL30EDGE0408 Ref C: 2023-02-17T13:54:51Z
date: Fri, 17 Feb 2023 13:54:51 GMT
content-length: 0
X-Firefox-Spdy: h2

www.facebook.com/tr/?id=843920095719058&ev=PageView&dl=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&rl=&if=false&ts=1676642091015&sw=1280&sh=1024&v=2.9.96&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1676642091013.477667065&it=1676642090689&coo=false&rqm=GET

157.240.200.35

200 OK

0 B

URL HTTP/2
www.facebook.com/tr/?id=843920095719058&ev=PageView&dl=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&rl=&if=false&ts=1676642091015&sw=1280&sh=1024&v=2.9.96&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1676642091013.477667065&it=1676642090689&coo=false&rqm=GET
IP
157.240.200.35:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tr/?id=843920095719058&ev=PageView&dl=http%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&rl=&if=false&ts=1676642091015&sw=1280&sh=1024&v=2.9.96&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1676642091013.477667065&it=1676642090689&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin: 
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Fri, 17 Feb 2023 13:54:51 GMT
X-Firefox-Spdy: h2

s4.histats.com/stats/0.php?4203309&@f16&@g1&@h1&@i1&@j1676642090574&@k0&@l1&@mPosten.no&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:49682866&@b3:1676642091&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&@w

149.56.240.131

200 OK

50 B

URL HTTP/1.1
s4.histats.com/stats/0.php?4203309&@f16&@g1&@h1&@i1&@j1676642090574&@k0&@l1&@mPosten.no&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:49682866&@b3:1676642091&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&@w
IP
149.56.240.131:0
ASN
#16276 OVH SAS

File type
ASCII text, with no line terminators
Size
50 B (50 bytes)
Hash
9cd6ede28cfc6e5ac6d6a8f5da778bf1
00eea7749a59d2d9de93de5277e166649840357e
deb98550d0786ba57242229448ac976dfc908fca9fca55a0a207481d41334da7

HTTP Headers

GET /stats/0.php?4203309&@f16&@g1&@h1&@i1&@j1676642090574&@k0&@l1&@mPosten.no&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:49682866&@b3:1676642091&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Fwww.lmlenzitrasporti.com%2Fpage1%2Frola%2Fposten%2F&@w HTTP/1.1
Host: s4.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 17 Feb 2023 13:54:51 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 50
Connection: close

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a21c31f8f5210f5b628c9b281f409240
afdfdd353a8da5d06d15c2c62e8a6a14e6c91c76
daf360f8bd98efd15166c73f888aa7f69453c3b5ff1848f819741ffd183a1965

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DAF360F8BD98EFD15166C73F888AA7F69453C3B5FF1848F819741FFD183A1965"
Last-Modified: Wed, 15 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6836
Expires: Fri, 17 Feb 2023 15:48:47 GMT
Date: Fri, 17 Feb 2023 13:54:51 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a21c31f8f5210f5b628c9b281f409240
afdfdd353a8da5d06d15c2c62e8a6a14e6c91c76
daf360f8bd98efd15166c73f888aa7f69453c3b5ff1848f819741ffd183a1965

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DAF360F8BD98EFD15166C73F888AA7F69453C3B5FF1848F819741FFD183A1965"
Last-Modified: Wed, 15 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6836
Expires: Fri, 17 Feb 2023 15:48:47 GMT
Date: Fri, 17 Feb 2023 13:54:51 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881c24a9-07ee-4126-b2c3-501b0461ee5e.webp

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881c24a9-07ee-4126-b2c3-501b0461ee5e.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6879 bytes)
Hash
9c5a0bab7d34e51ee6476be179b356ba
87917d3cf520d73b7b1029f44505e7700413d51d
136e727a99409218318247b645558fad485ed84bcd90bd43a5895492cb317d89

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881c24a9-07ee-4126-b2c3-501b0461ee5e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6879
x-amzn-requestid: 18c46562-f8d9-4f7f-8ea0-1bb46e206f80
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ANnahEWgIAMFwYg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e885dc-50a7cfe4693b4efb038ce1a7;Sampled=0
x-amzn-remapped-date: Sun, 12 Feb 2023 06:23:24 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qwK1XWOYMXy8qna9sVCV7q__QKMko9KXa8towbYhIj1EolPbqEuIHQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Feb 2023 15:50:12 GMT
age: 79480
etag: "87917d3cf520d73b7b1029f44505e7700413d51d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ff85c78-1c5e-4e0e-b056-c59edc64e066.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8683 bytes)
Hash
6a689195f741507797cbfee1088b6096
7114ea3a2073e2a9356a82611300afb43a44af02
8e304f2e413644bd97225abaf443121aea7a8b1ae5237cfffd8acd0bc9ece258

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ff85c78-1c5e-4e0e-b056-c59edc64e066.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8683
x-amzn-requestid: 52627a4c-8764-4aa7-9d95-5a364a5c48a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AKaBSGKgoAMFesw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e73d3b-40df63f72db14cab7d4f2e7b;Sampled=0
x-amzn-remapped-date: Sat, 11 Feb 2023 07:01:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: knG5uaFviCGKFtYeHBxEV6VPTGJwElhQuruCBPn0mN-iKtITf06_ag==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 17 Feb 2023 00:15:13 GMT
age: 49179
etag: "7114ea3a2073e2a9356a82611300afb43a44af02"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2836952b-4531-4fd4-b65f-4b46b34c589e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.0 kB (6975 bytes)
Hash
d2eae6226e2383cf7a14956fb5e00973
207870779f0bc576f842c3444c8a36cfb83827e7
1339bb05cf778cda51646dff372080356ec3d215ebe59fe8a8c3478422fe16ac

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2836952b-4531-4fd4-b65f-4b46b34c589e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6975
x-amzn-requestid: a51f7d5f-b9f5-45ad-a864-fcf92ee45a09
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AHHalERAoAMFZRA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e5ec43-2aa1297878995458524758f3;Sampled=0
x-amzn-remapped-date: Fri, 10 Feb 2023 07:03:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JbtPJs7uVnoMc8WtfcO85KEK8e8c439tQuWcGzILuYVC0-LCOS84DA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Feb 2023 22:18:33 GMT
age: 56179
etag: "207870779f0bc576f842c3444c8a36cfb83827e7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4748156e-3671-4964-bccd-dcff5a4dcabd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.5 kB (6486 bytes)
Hash
0f696a6d6b899ea990863fd3f6cef50b
15ed196a642a4e767c5527ec92e346109632fbbb
afd3a83fffd1b1d3df4c95632b78508e6509e369fea66b3e78cca1db1dd97d92

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4748156e-3671-4964-bccd-dcff5a4dcabd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6486
x-amzn-requestid: 9cd0762a-003f-45fd-ad59-2cb9d1c9a1e6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Ac4-lESQIAMFlhQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63eea1f6-22c2261c4bdfab1d44a07164;Sampled=0
x-amzn-remapped-date: Thu, 16 Feb 2023 21:36:54 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3a6crVzn1im5K9oMA5RqaEIjX2vluZ5yCcIkAfTUTB0cluzbzJbTGA==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Feb 2023 21:53:13 GMT
age: 57699
etag: "15ed196a642a4e767c5527ec92e346109632fbbb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7840d7de-9548-4fc6-97b8-8f5af718cc5a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12174 bytes)
Hash
6ed56061e371e2163c8ff504a3b5bd2a
e337c3263d41c1605b2ea4f78c507a1ee730b0f4
fafce9ccbddf16f92f386fb1bb9d29c078618f85fb7bb23ed4f4687f8aa4242b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7840d7de-9548-4fc6-97b8-8f5af718cc5a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12174
x-amzn-requestid: a37ded49-6b05-4236-830f-34c498e7b3fb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AP-HEGcHoAMFR-A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e976f9-3786bcc94a3da2b20cc92ca3;Sampled=0
x-amzn-remapped-date: Sun, 12 Feb 2023 23:32:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: BbGasX05lf87Z_FlXXsC_1MblqxA663fIg6WrunSGlDhq-T2cT46Dw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Feb 2023 21:51:33 GMT
age: 57799
etag: "e337c3263d41c1605b2ea4f78c507a1ee730b0f4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff32076f9-7699-4060-8c4f-8ca2cdd454e2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.8 kB (8813 bytes)
Hash
043c29f528f5414d1e280640e7bd6d79
5006aea566216e56530d02f3133b5eb0d15fd1a5
01c099af56ff9d26301d66f1bca427d41c7096ec687551b656edac95b0520e4a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff32076f9-7699-4060-8c4f-8ca2cdd454e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8813
x-amzn-requestid: 510cb459-2870-46eb-9c53-da577d62f83c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AdPCKEggoAMF3vQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63eec540-23f553c202ad097f53c58dc4;Sampled=0
x-amzn-remapped-date: Fri, 17 Feb 2023 00:07:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: F-Wi5siD9pPdWz8E84A8TeiWrgMnHr-3IiQuPjp2zz6RpCHSxUX09A==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Fri, 17 Feb 2023 00:45:51 GMT
age: 47341
etag: "5006aea566216e56530d02f3133b5eb0d15fd1a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=PT+Sans:400,700

142.250.74.138

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=PT+Sans:400,700
IP
142.250.74.138:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=PT+Sans:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 17 Feb 2023 13:54:49 GMT
date: Fri, 17 Feb 2023 13:54:49 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.mycomandia.com/static/shop/common/bundle/font-awesome-5/web-fonts-with-css/css/fontawesome-all.min.css?v=2019.12.17

176.31.232.62

200 OK

0 B

URL HTTP/2
cdn.mycomandia.com/static/shop/common/bundle/font-awesome-5/web-fonts-with-css/css/fontawesome-all.min.css?v=2019.12.17
IP
176.31.232.62:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /static/shop/common/bundle/font-awesome-5/web-fonts-with-css/css/fontawesome-all.min.css?v=2019.12.17 HTTP/1.1
Host: cdn.mycomandia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 17 Feb 2023 13:54:49 GMT
content-type: text/css
last-modified: Thu, 18 Oct 2018 11:43:16 GMT
vary: Accept-Encoding
etag: W/"5bc871d4-8ef7"
server: rebelio-n1
expires: Sat, 17 Feb 2024 13:54:49 GMT
cache-control: max-age=31536000
backend: 1
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

posten.boost.ai/chatPanel/chatPanel.js

63.32.138.97

200 OK

0 B

URL HTTP/2
posten.boost.ai/chatPanel/chatPanel.js
IP
63.32.138.97:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /chatPanel/chatPanel.js HTTP/1.1
Host: posten.boost.ai
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.lmlenzitrasporti.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 17 Feb 2023 13:54:50 GMT
content-type: application/javascript
server: Apache
access-control-allow-methods: POST, GET, OPTIONS
strict-transport-security: max-age=94608000; includeSubDomains
access-control-max-age: 600
access-control-allow-headers: origin, content-type, accept, x-csrf-token, X-Requested-With, Access-Control-Request-Method, Access-Control-Request-Headers, X-CSRF-TOKEN, X-XSRF-TOKEN, X-XHR-Logon, x-ms-client-application-name, x-ms-client-request-id, x-ms-client-session-id, x-ms-effective-locale
x-robots-tag: noindex
last-modified: Fri, 17 Feb 2023 13:15:53 GMT
etag: "ba81d-5f4e51ce96afd-gzip"
accept-ranges: bytes
cache-control: max-age=600
expires: Fri, 17 Feb 2023 14:04:50 GMT
vary: Accept-Encoding,Origin
content-encoding: gzip
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (36)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML