Report - www.login-bestsign.com/a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff

Report Overview

Submitted URL
www.login-bestsign.com/a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff
IP
45.88.3.63
ASN
#200313 WEB_GroupInternet INC
Submitted
2023-02-17 04:43:40
Access
Website Title
Final URL
Tags
ing_bank financial phishing
urlquery detections
Phishing - ING Group

Detections

urlquery
6
Network Intrusion Detection
0
Threat Detection Systems
40

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.9 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	35.164.243.166
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	65 kB	34.120.237.76
www.login-bestsign.com	unknown	2023-02-16T16:35:33Z	2023-02-17T09:40:27Z	11 kB	282 kB	45.88.3.63
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.7 kB	7.1 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-02-16	medium	www.login-bestsign.com/a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff	ING
2023-02-16	medium	www.login-bestsign.com/a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff	ING
2023-02-16	medium	www.login-bestsign.com/	ING
2023-02-16	medium	www.login-bestsign.com/	ING
2023-02-16	medium	www.login-bestsign.com/	ING
2023-02-16	medium	www.login-bestsign.com/	ING
2023-02-16	medium	www.login-bestsign.com/	ING
2023-02-16	medium	www.login-bestsign.com/	ING
2023-02-16	medium	www.login-bestsign.com/	ING
2023-02-16	medium	www.login-bestsign.com/	ING
2023-02-16	medium	www.login-bestsign.com/	ING
2023-02-16	medium	www.login-bestsign.com/	ING
2023-02-16	medium	www.login-bestsign.com/	ING
2023-02-16	medium	www.login-bestsign.com/	ING
2023-02-16	medium	www.login-bestsign.com/	ING
2023-02-16	medium	www.login-bestsign.com/	ING
2023-02-16	medium	www.login-bestsign.com/	ING
2023-02-16	medium	www.login-bestsign.com/	ING
2023-02-16	medium	www.login-bestsign.com/	ING

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-17	medium	www.login-bestsign.com/login/token/token.js?v=63ef05f6e1540	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (9)

	URL	Size	First Seen	Last Seen
	www.login-bestsign.com/login/form/form.js?v=63ef05f6e153d	3.4 kB	2023-03-08	2024-04-09
Pretty URL www.login-bestsign.com/login/form/form.js?v=63ef05f6e153d IP 45.88.3.63 ASN #200313 WEB_GroupInternet INC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:46:45 Last Seen2024-04-09 13:48:51 Times Seen416 Hash 447e6553465a1a8462bccb5fea09d4ef d2945cfd3664e39bc7780d394db6fb459aa92d18 c1005b74fbab6be82c27178528f1af32dbf3b8c80c3c49837a803b52bd2c14c5 Loading...

	www.login-bestsign.com/a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff#56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d	57 B	2023-03-14	2023-03-14
Pretty URL www.login-bestsign.com/a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff#56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 01:45:19 Last Seen2023-03-14 01:45:19 Times Seen1 Hash 902332b54ccb1a30f91d94dbbad98865 b83a9423cb1567048c68913a302a8f4333bd92f6 162a6f0af90371bbc32395c8725d29f9ca071e27af20ea2bf731bdaf0a8d3259 Loading...

	www.login-bestsign.com/core/token/core_token.js	11 kB	2023-03-08	2024-04-09
Pretty URL www.login-bestsign.com/core/token/core_token.js IP 45.88.3.63 ASN #200313 WEB_GroupInternet INC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:46:45 Last Seen2024-04-09 13:48:51 Times Seen394 Hash f4281318bd57e892d87cea9fe71020fe 346a0102e3145a2009e3e5fdd0726a454e3ab5f6 1061610cc2a27b4a32adbda2dacd51b66fba3c151bb27311593f4c8e0fffc89e Loading...

	www.login-bestsign.com/bower_components/ua-parser-js/dist/ua-parser.min.js	17 kB	2023-03-07	2024-05-03
Pretty URL www.login-bestsign.com/bower_components/ua-parser-js/dist/ua-parser.min.js IP 45.88.3.63 ASN #200313 WEB_GroupInternet INC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:40 Last Seen2024-05-03 19:20:02 Times Seen677 Hash e0ae48c8ebbe57edeacb5b02f16d0df9 0c5a29a88add39486162e0c16f23e2e06fc7842e 0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896 Loading...

	www.login-bestsign.com/core/form/core_form.js	22 kB	2023-03-08	2024-04-09
Pretty URL www.login-bestsign.com/core/form/core_form.js IP 45.88.3.63 ASN #200313 WEB_GroupInternet INC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:46:45 Last Seen2024-04-09 13:48:51 Times Seen364 Hash b86cf252d2b4b398d65c5186763f0f95 a81a8d9a6b52435f24ae6b8cacb0d521f8d17e8a d79158bc504a7b927199bcd97fea63ee098de522003fca793bd78a817d7e1ff1 Loading...

	www.login-bestsign.com/a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff	588 B	2023-03-14	2023-03-14
Pretty URL www.login-bestsign.com/a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff IP 45.88.3.63 ASN #200313 WEB_GroupInternet INC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 01:12:54 Last Seen2023-03-14 01:45:19 Times Seen1 Hash 32827c00f95fa7a4d701d363dc4bcd50 d10f0767d30b9ae4b21bec460ea187acdfa98380 8a0cd34e2b185e267bd85b9aeec66b28cc6d009a815486271d607d77192c391c Loading...

	www.login-bestsign.com/login/token/token.js?v=63ef05f6e1540	1.8 kB	2023-03-08	2024-04-09
Pretty URL www.login-bestsign.com/login/token/token.js?v=63ef05f6e1540 IP 45.88.3.63 ASN #200313 WEB_GroupInternet INC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 20:46:45 Last Seen2024-04-09 13:48:51 Times Seen405 Hash 0828a5ef870544c37fdd11d7017c4a4f 61527e6d537edb90252421c7e603be6194438848 35ed0b385aa991d3c95c1c5b2f39986000e0bb3ddba79566c53220bb4db4f403 Loading...

	www.login-bestsign.com/a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff#56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d	57 B	2023-03-14	2023-03-14
Pretty URL www.login-bestsign.com/a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff#56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d56e71887e17c4f792fcf642bfd07743d IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 01:45:19 Last Seen2023-03-14 01:45:19 Times Seen1 Hash 7edaff7526d197b1a073f1c8adbcb2c4 3dba749eaf3567cf545231ccdf9c22d87df8466a db8ae194bfddeb272976ed3a691d43c791bd2b8198822abe538882ea178a6f43 Loading...

	www.login-bestsign.com/bower_components/jquery/dist/jquery.min.js	87 kB	2023-03-07	2024-05-10
Pretty URL www.login-bestsign.com/bower_components/jquery/dist/jquery.min.js IP 45.88.3.63 ASN #200313 WEB_GroupInternet INC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-10 08:51:18 Times Seen65643 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

HTTP Transactions (39)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4e78a380539960903ccc45f8ce47f434
87563f3db248a83ef5cb030836137976ab500be7
aa0a995b254f5db7f523b19e8d1d169828eb621680e8b6169df8e99643f85b73

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AA0A995B254F5DB7F523B19E8D1D169828EB621680E8B6169DF8E99643F85B73"
Last-Modified: Tue, 14 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9757
Expires: Fri, 17 Feb 2023 07:26:06 GMT
Date: Fri, 17 Feb 2023 04:43:29 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
deac0af90d5521aa0251892aa50348d8
e7e9e523acec5e4a306ca186be1656a498592d73
300d1709a6b16d845fef9eb9a25dce5500cac047a1bb3c1fba5a74f6e51d1759

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "300D1709A6B16D845FEF9EB9A25DCE5500CAC047A1BB3C1FBA5A74F6E51D1759"
Last-Modified: Wed, 15 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11394
Expires: Fri, 17 Feb 2023 07:53:23 GMT
Date: Fri, 17 Feb 2023 04:43:29 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Content-Length, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 17 Feb 2023 03:53:13 GMT
content-type: application/json
age: 3016
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ab826368e69a2ca160ec61aa596a7a27
52d3afd0d0a2bc2e65c09df55bfc58bf84034afd
48b80951de12295fa262aca8aa9b26e24725ea47d205f60737f37643ce43aa1a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B80951DE12295FA262ACA8AA9B26E24725EA47D205F60737F37643CE43AA1A"
Last-Modified: Thu, 16 Feb 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10147
Expires: Fri, 17 Feb 2023 07:32:36 GMT
Date: Fri, 17 Feb 2023 04:43:29 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: tmnY4128VdKBvLM/X6FPiBqIR57aNhWHrTS4y34kxkoQXWvW2rU9mYXeZULRx9zwYU8U1JgnfXo=
x-amz-request-id: E5WCAAKAF1J7R95G
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 17 Feb 2023 04:17:07 GMT
age: 1582
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 17 Feb 2023 04:43:30 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Last-Modified, Alert, Backoff, Content-Type, Pragma, Expires, Cache-Control, Retry-After, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 17 Feb 2023 04:20:33 GMT
age: 1377
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d146aa123635470cfd39942f1f25dcba
274574f078e959a423262a1b95344996299ea1cf
9e2c3a542626c68d479648479e09f9570564d4e1f954f63b6ce97ae939729a3d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9E2C3A542626C68D479648479E09F9570564D4E1F954F63B6CE97AE939729A3D"
Last-Modified: Wed, 15 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2636
Expires: Fri, 17 Feb 2023 05:27:26 GMT
Date: Fri, 17 Feb 2023 04:43:30 GMT
Connection: keep-alive

push.services.mozilla.com/

35.164.243.166

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.164.243.166:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: FsZSYv3I9uprsF7mt3QMDQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 6YiSmDnb+aV+A99F8RDuy7zGEns=

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c9333ebd8634e6b287e0b58265edf328
6ea57e1529609f015e198c72d2455c758f5b45ab
6bc07733856e4fbefbb42e5ad6423539ccbc855c66cf4279bf515997ea8933d2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6BC07733856E4FBEFBB42E5AD6423539CCBC855C66CF4279BF515997EA8933D2"
Last-Modified: Tue, 14 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20343
Expires: Fri, 17 Feb 2023 10:22:35 GMT
Date: Fri, 17 Feb 2023 04:43:32 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c9333ebd8634e6b287e0b58265edf328
6ea57e1529609f015e198c72d2455c758f5b45ab
6bc07733856e4fbefbb42e5ad6423539ccbc855c66cf4279bf515997ea8933d2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6BC07733856E4FBEFBB42E5AD6423539CCBC855C66CF4279BF515997EA8933D2"
Last-Modified: Tue, 14 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20343
Expires: Fri, 17 Feb 2023 10:22:35 GMT
Date: Fri, 17 Feb 2023 04:43:32 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c9333ebd8634e6b287e0b58265edf328
6ea57e1529609f015e198c72d2455c758f5b45ab
6bc07733856e4fbefbb42e5ad6423539ccbc855c66cf4279bf515997ea8933d2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6BC07733856E4FBEFBB42E5AD6423539CCBC855C66CF4279BF515997EA8933D2"
Last-Modified: Tue, 14 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20343
Expires: Fri, 17 Feb 2023 10:22:35 GMT
Date: Fri, 17 Feb 2023 04:43:32 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9395178-b457-480b-b390-87de876462fc.jpeg

34.120.237.76

200 OK

7.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9395178-b457-480b-b390-87de876462fc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.9 kB (7875 bytes)
Hash
74cdcd8ad30a0d394dcedcc6ddb84614
60bd39733bda62448fa46ed49b11037b81f618c4
0d58fe92e205b24e34e4480d7e6ce93e4f7dcf8d524f36b2f11ec979a642db48

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9395178-b457-480b-b390-87de876462fc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7875
x-amzn-requestid: 055a205d-ba8f-4584-ad60-15818f94cf22
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AU1ovGhyIAMFc-A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63eb696a-324781fe2db55e8848f71aec;Sampled=0
x-amzn-remapped-date: Tue, 14 Feb 2023 10:58:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 63ux37BfULjIXhWIoE9WPj31n_SGoizWzzbVAXBwjPPucjYWaHrRtA==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Feb 2023 21:57:53 GMT
age: 24339
etag: "60bd39733bda62448fa46ed49b11037b81f618c4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff32076f9-7699-4060-8c4f-8ca2cdd454e2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.8 kB (8813 bytes)
Hash
043c29f528f5414d1e280640e7bd6d79
5006aea566216e56530d02f3133b5eb0d15fd1a5
01c099af56ff9d26301d66f1bca427d41c7096ec687551b656edac95b0520e4a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff32076f9-7699-4060-8c4f-8ca2cdd454e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8813
x-amzn-requestid: 510cb459-2870-46eb-9c53-da577d62f83c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AdPCKEggoAMF3vQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63eec540-23f553c202ad097f53c58dc4;Sampled=0
x-amzn-remapped-date: Fri, 17 Feb 2023 00:07:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9h98BRm8m2_6fV9TkXJdvZdMMcCFe5NAd8ea5CfS2c6Hx3mGf46Xzg==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 17 Feb 2023 00:11:05 GMT
age: 16347
etag: "5006aea566216e56530d02f3133b5eb0d15fd1a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2836952b-4531-4fd4-b65f-4b46b34c589e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.0 kB (6975 bytes)
Hash
d2eae6226e2383cf7a14956fb5e00973
207870779f0bc576f842c3444c8a36cfb83827e7
1339bb05cf778cda51646dff372080356ec3d215ebe59fe8a8c3478422fe16ac

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2836952b-4531-4fd4-b65f-4b46b34c589e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6975
x-amzn-requestid: a51f7d5f-b9f5-45ad-a864-fcf92ee45a09
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AHHalERAoAMFZRA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e5ec43-2aa1297878995458524758f3;Sampled=0
x-amzn-remapped-date: Fri, 10 Feb 2023 07:03:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JbtPJs7uVnoMc8WtfcO85KEK8e8c439tQuWcGzILuYVC0-LCOS84DA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 17 Feb 2023 01:02:21 GMT
age: 13271
etag: "207870779f0bc576f842c3444c8a36cfb83827e7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4897bbc-1d69-4c79-9ba3-64b916da496b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12017 bytes)
Hash
6d90a9cb9409ccb44e948c029c3f2f07
399ec1a30e58ff5640b0967976f3d773c67c904a
59eeb6c4fe2729558f9b8309a71c861f4a7be0a93afbe4a4ffdfec6cbf890fce

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4897bbc-1d69-4c79-9ba3-64b916da496b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12017
x-amzn-requestid: 4e448682-e3ca-4aa2-aa27-a38f877ea4ab
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ARAqlFmqIAMFSwQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e9e176-6d2eb494356e733b5d46a67f;Sampled=0
x-amzn-remapped-date: Mon, 13 Feb 2023 07:06:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6GqSHACoKahPTqJUPa-rcOPpW0px_2olkFbhN-FL_X3dGhZCJPlM2g==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Feb 2023 22:43:43 GMT
age: 21589
etag: "399ec1a30e58ff5640b0967976f3d773c67c904a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9fe38f96-4b04-43d2-9644-5b2f7cd0c0c9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (14477 bytes)
Hash
504b69ec2b6350345c36777959b0765a
c302824325b8f0839c7de54af9c5bd02541e4269
6e3a5b1cd7d17a9f448b8189d5683567269b3b3d461838770482283898008f39

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9fe38f96-4b04-43d2-9644-5b2f7cd0c0c9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 14477
x-amzn-requestid: 2544b5cc-3fb0-4536-88ec-8cb9044fb612
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ANtsXFBYoAMF6tA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e88fe8-452901f67af9f5d95ccc61c3;Sampled=0
x-amzn-remapped-date: Sun, 12 Feb 2023 07:06:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: QTHmfrEThwRtGFhI3YpLu-1RUIdMM_QrCg5mnH9FT3SQf62cYUdj7A==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Feb 2023 06:57:09 GMT
age: 78383
etag: "c302824325b8f0839c7de54af9c5bd02541e4269"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c857de7-424a-4ab4-8c7d-03d5a59d3d0e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.2 kB (8178 bytes)
Hash
80aec15ae0bcdd34817188821d24af41
128a7d4ba2f258872894e18c1c410eb4072ec41a
7d60fa42da08251d37e82b5e3b549e94acec8bd01a1a5251f53d0c90192116a4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0c857de7-424a-4ab4-8c7d-03d5a59d3d0e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8178
x-amzn-requestid: 3af6b500-46b4-4255-b6cc-43ea68ab33c6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ARAqjE9jIAMFvdw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e9e176-47f7266725e8d2b876d67e40;Sampled=0
x-amzn-remapped-date: Mon, 13 Feb 2023 07:06:30 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: cjjFVwD2kstDQd-D9pyM85C8UtGh9wF_Tej2-U8hkoAW6iXrzpamqA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Feb 2023 22:40:15 GMT
etag: "128a7d4ba2f258872894e18c1c410eb4072ec41a"
content-type: image/jpeg
age: 21797
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.login-bestsign.com/a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff

45.88.3.63

301 Moved Permanently

178 B

URL HTTP/1.1
www.login-bestsign.com/a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff
IP
45.88.3.63:0
ASN
#200313 WEB_GroupInternet INC

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
bd2695f4b079c71dbddde3436286fb9c
733c05da132193d6cf1d8e242d12e2525c03bab4
2e04a18ff185ba5b16f762a0538339bc4049aceaef9738edd43af77d2ceb788b

Detections

Analyzer	Verdict	Alert
openphish	ING

HTTP Headers

GET /a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff HTTP/1.1
Host: www.login-bestsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 17 Feb 2023 04:43:34 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://www.login-bestsign.com:443/a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b909a9a310c4fa3aafec8b8243690db5
b1310f97f567273ce8c6e8d385528c1898d5f676
74f9a97f45cb325890e9282cc9943ba7d83c65450f81bd50a8a5c8e5830e34ff

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "74F9A97F45CB325890E9282CC9943BA7D83C65450F81BD50A8A5C8E5830E34FF"
Last-Modified: Thu, 16 Feb 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14857
Expires: Fri, 17 Feb 2023 08:51:11 GMT
Date: Fri, 17 Feb 2023 04:43:34 GMT
Connection: keep-alive

www.login-bestsign.com/a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff

45.88.3.63

200 OK

4.8 kB

URL HTTP/1.1
www.login-bestsign.com/a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff
IP
45.88.3.63:0
ASN
#200313 WEB_GroupInternet INC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (591)
Size
4.8 kB (4768 bytes)
Hash
575054c3bc25dd187f916e626c960be4
c7b37bba37d24dc0211dc16de86da0e61f6c480d
02103f7a2759b6cef44f57b4020803747faead1484363e54d0ab4ead946a18bf

Detections

Analyzer	Verdict	Alert
openphish	ING

HTTP Headers

GET /a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff HTTP/1.1
Host: www.login-bestsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 17 Feb 2023 04:43:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding
Content-Encoding: gzip

www.login-bestsign.com/bower_components/jquery/dist/jquery.min.js

45.88.3.63

200 OK

30 kB

URL HTTP/1.1
www.login-bestsign.com/bower_components/jquery/dist/jquery.min.js
IP
45.88.3.63:0
ASN
#200313 WEB_GroupInternet INC

File type
ASCII text, with very long lines (32058)
Size
30 kB (30388 bytes)
Hash
839ea6d40b314e1a1d99365999531070
c3df8f9c3f72c4365b02c9b991896f49c48f15c6
7b8eb2ea2cfda6af8796dde18078b512d6f69f29d31663c95277b43372513209

Detections

Analyzer	Verdict	Alert
openphish	ING

HTTP Headers

GET /bower_components/jquery/dist/jquery.min.js HTTP/1.1
Host: www.login-bestsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.login-bestsign.com/a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 17 Feb 2023 04:43:35 GMT
Content-Type: application/javascript
Last-Modified: Tue, 25 Oct 2022 21:21:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63585354-15283"
Expires: Sat, 18 Feb 2023 04:43:35 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

www.login-bestsign.com/login/form/css.css

45.88.3.63

200 OK

0 B

URL HTTP/1.1
www.login-bestsign.com/login/form/css.css
IP
45.88.3.63:0
ASN
#200313 WEB_GroupInternet INC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - ING Group
openphish	ING

HTTP Headers

GET /login/form/css.css HTTP/1.1
Host: www.login-bestsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.login-bestsign.com/a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 17 Feb 2023 04:43:35 GMT
Content-Type: text/css
Content-Length: 0
Last-Modified: Tue, 25 Oct 2022 21:21:26 GMT
Connection: keep-alive
ETag: "63585356-0"
Expires: Sat, 18 Feb 2023 04:43:35 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

www.login-bestsign.com/bower_components/ua-parser-js/dist/ua-parser.min.js

45.88.3.63

200 OK

6.1 kB

URL HTTP/1.1
www.login-bestsign.com/bower_components/ua-parser-js/dist/ua-parser.min.js
IP
45.88.3.63:0
ASN
#200313 WEB_GroupInternet INC

File type
Unicode text, UTF-8 text, with very long lines (16817)
Size
6.1 kB (6073 bytes)
Hash
4c4b52d5b197daf6710eaf3852a3ffd9
9a2c87935ef13dbfb4a6ea4fef200ef3a705ad54
ff14c04a53b52ea64003a6c368950009908be62a2c6f0c8836835f08778a4de8

Detections

Analyzer	Verdict	Alert
openphish	ING

HTTP Headers

GET /bower_components/ua-parser-js/dist/ua-parser.min.js HTTP/1.1
Host: www.login-bestsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.login-bestsign.com/a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 17 Feb 2023 04:43:35 GMT
Content-Type: application/javascript
Last-Modified: Tue, 25 Oct 2022 21:21:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63585354-4298"
Expires: Sat, 18 Feb 2023 04:43:35 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

www.login-bestsign.com/bower_components/font-awesome/css/font-awesome.min.css

45.88.3.63

200 OK

7.1 kB

URL HTTP/1.1
www.login-bestsign.com/bower_components/font-awesome/css/font-awesome.min.css
IP
45.88.3.63:0
ASN
#200313 WEB_GroupInternet INC

File type
ASCII text, with very long lines (30837)
Size
7.1 kB (7102 bytes)
Hash
f529ce613d8baf3f3cccfd46f03a084d
84ef851e9885ccc24911e5c03f1cc0d094959cd3
ad0cc939bf160d744317828d29614b37cde0ba0ef08365d8f8b919fe89df3caf

Detections

Analyzer	Verdict	Alert
openphish	ING

HTTP Headers

GET /bower_components/font-awesome/css/font-awesome.min.css HTTP/1.1
Host: www.login-bestsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.login-bestsign.com/a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 17 Feb 2023 04:43:35 GMT
Content-Type: text/css
Last-Modified: Tue, 25 Oct 2022 21:21:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63585354-7918"
Expires: Sat, 18 Feb 2023 04:43:35 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

www.login-bestsign.com/core/form/core_form.js

45.88.3.63

200 OK

6.3 kB

URL HTTP/1.1
www.login-bestsign.com/core/form/core_form.js
IP
45.88.3.63:0
ASN
#200313 WEB_GroupInternet INC

File type
Unicode text, UTF-8 text, with very long lines (21937), with no line terminators
Size
6.3 kB (6347 bytes)
Hash
cff7c4d242a1e52500655e5d7d0cde50
6ff16cc45514ce9a0fe3006d7ab2bdc8fe577f64
0ae1b802c82c67526083d3c4f82a6e5f7ad92fe2145560670a8e7b6aec449adb

Detections

Analyzer	Verdict	Alert
openphish	ING

HTTP Headers

GET /core/form/core_form.js HTTP/1.1
Host: www.login-bestsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.login-bestsign.com/a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 17 Feb 2023 04:43:35 GMT
Content-Type: application/javascript
Last-Modified: Tue, 25 Oct 2022 21:21:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63585352-55b4"
Expires: Sat, 18 Feb 2023 04:43:35 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

www.login-bestsign.com/core/token/core_token.js

45.88.3.63

200 OK

2.8 kB

URL HTTP/1.1
www.login-bestsign.com/core/token/core_token.js
IP
45.88.3.63:0
ASN
#200313 WEB_GroupInternet INC

File type
ASCII text, with very long lines (11063), with no line terminators
Size
2.8 kB (2757 bytes)
Hash
5e92bf0129c3cda1545aab3406df00f5
da2f924711756b692f657d3f3da96b3408eb838f
fb6804ce6f1060e00aa2133d03ff16a47754718d39e84e282cb78b3ced1bdeb5

Detections

Analyzer	Verdict	Alert
openphish	ING

HTTP Headers

GET /core/token/core_token.js HTTP/1.1
Host: www.login-bestsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.login-bestsign.com/a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 17 Feb 2023 04:43:35 GMT
Content-Type: application/javascript
Last-Modified: Tue, 25 Oct 2022 21:21:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63585350-2b37"
Expires: Sat, 18 Feb 2023 04:43:35 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

www.login-bestsign.com/core/form/core_form.css

45.88.3.63

200 OK

999 B

URL HTTP/1.1
www.login-bestsign.com/core/form/core_form.css
IP
45.88.3.63:0
ASN
#200313 WEB_GroupInternet INC

File type
ASCII text
Size
999 B (999 bytes)
Hash
2b9e4e6f3bb87a5f420067dc3b29bf8a
5f96e898be900f6dfa0cc5354653b7f14d3528ad
a896f458c7b3c1cc1e66efc9e34b8856f9e19b0b751a35fe17e57f7201a8475a

Detections

Analyzer	Verdict	Alert
openphish	ING

HTTP Headers

GET /core/form/core_form.css HTTP/1.1
Host: www.login-bestsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.login-bestsign.com/a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 17 Feb 2023 04:43:35 GMT
Content-Type: text/css
Last-Modified: Tue, 25 Oct 2022 21:21:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63585352-127c"
Expires: Sat, 18 Feb 2023 04:43:35 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

www.login-bestsign.com/login/BusyIndicator-ver-B7F2943258D5A2E62FFE465B6AD641A2.css

45.88.3.63

200 OK

467 B

URL HTTP/1.1
www.login-bestsign.com/login/BusyIndicator-ver-B7F2943258D5A2E62FFE465B6AD641A2.css
IP
45.88.3.63:0
ASN
#200313 WEB_GroupInternet INC

File type
ASCII text
Size
467 B (467 bytes)
Hash
ba3e07908b0b05bbb3357a6a6e0aef79
3efdbf2b58e815cd7583197f416a2bae3cd4f669
9bb57b230d013ece0e0dffddbd0a73b5d370fcb7e9eac5dc9529100fd2f76cb0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - ING Group
openphish	ING

HTTP Headers

GET /login/BusyIndicator-ver-B7F2943258D5A2E62FFE465B6AD641A2.css HTTP/1.1
Host: www.login-bestsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.login-bestsign.com/a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 17 Feb 2023 04:43:35 GMT
Content-Type: text/css
Last-Modified: Tue, 25 Oct 2022 21:21:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63585354-43c"
Expires: Sat, 18 Feb 2023 04:43:35 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

www.login-bestsign.com/login/form/form.js?v=63ef05f6e153d

45.88.3.63

200 OK

1.1 kB

URL HTTP/1.1
www.login-bestsign.com/login/form/form.js?v=63ef05f6e153d
IP
45.88.3.63:0
ASN
#200313 WEB_GroupInternet INC

File type
ASCII text, with very long lines (3431), with no line terminators
Size
1.1 kB (1116 bytes)
Hash
e7173e61d2bd66ab3ef7f14336599d96
6ec84d1ca44dc967b0631aba4b44acf0395128b9
2330d652411c5297eef16aee3893c8bbf66a0c065fd18be1ec6e1b07bb002668

HTTP Headers

GET /login/form/form.js?v=63ef05f6e153d HTTP/1.1
Host: www.login-bestsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.login-bestsign.com/a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 17 Feb 2023 04:43:35 GMT
Content-Type: application/javascript
Last-Modified: Tue, 25 Oct 2022 21:21:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63585356-d67"
Expires: Sat, 18 Feb 2023 04:43:35 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

www.login-bestsign.com/login/token/token.js?v=63ef05f6e1540

45.88.3.63

200 OK

746 B

URL HTTP/1.1
www.login-bestsign.com/login/token/token.js?v=63ef05f6e1540
IP
45.88.3.63:0
ASN
#200313 WEB_GroupInternet INC

File type
ASCII text, with very long lines (1837), with no line terminators
Size
746 B (746 bytes)
Hash
de781ae9b3ae8fba3c881a6074e1d898
aecf9becc80cbe6b0e8dc831a83affb7bbfd3aad
6d7e1347876785adcace1c9fcf69f3e76b0b5b3654ca7ab641930ada5afc0a93

Detections

Analyzer	Verdict	Alert
openphish	ING
fortinet	Phishing

HTTP Headers

GET /login/token/token.js?v=63ef05f6e1540 HTTP/1.1
Host: www.login-bestsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.login-bestsign.com/a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 17 Feb 2023 04:43:35 GMT
Content-Type: application/javascript
Last-Modified: Tue, 25 Oct 2022 21:21:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63585356-72d"
Expires: Sat, 18 Feb 2023 04:43:35 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

www.login-bestsign.com/login/bundle.ibbr-ver-0EFCA3FE9DBDCD28ABB2BAEA94D9129E.css

45.88.3.63

200 OK

107 kB

URL HTTP/1.1
www.login-bestsign.com/login/bundle.ibbr-ver-0EFCA3FE9DBDCD28ABB2BAEA94D9129E.css
IP
45.88.3.63:0
ASN
#200313 WEB_GroupInternet INC

File type
ASCII text, with very long lines (65492)
Size
107 kB (106738 bytes)
Hash
453b7053d4bb3f833d04bb184d8171eb
b93abec809279ae7b7ef3cc1ab17412b575a9f06
680a9da58152aa219be0a21b3e5186af0c851b4c888534939301f6f89feaf326

Detections

Analyzer	Verdict	Alert
openphish	ING

HTTP Headers

GET /login/bundle.ibbr-ver-0EFCA3FE9DBDCD28ABB2BAEA94D9129E.css HTTP/1.1
Host: www.login-bestsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.login-bestsign.com/a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 17 Feb 2023 04:43:35 GMT
Content-Type: text/css
Last-Modified: Tue, 25 Oct 2022 21:21:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63585354-bb690"
Expires: Sat, 18 Feb 2023 04:43:35 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

www.login-bestsign.com/login/ING_Deutschland_Claim.svg

45.88.3.63

200 OK

7.0 kB

URL HTTP/1.1
www.login-bestsign.com/login/ING_Deutschland_Claim.svg
IP
45.88.3.63:0
ASN
#200313 WEB_GroupInternet INC

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
7.0 kB (6964 bytes)
Hash
055e70528a33bd83b2001a5c5ef0fc65
dd3d5b6fa35e48d39667f5a98c92e2c0397a0698
468f2e8c96fa850a578087d58d1844ff199d5edd539b8d794b182e2e3891aa68

Detections

Analyzer	Verdict	Alert
openphish	ING

HTTP Headers

GET /login/ING_Deutschland_Claim.svg HTTP/1.1
Host: www.login-bestsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.login-bestsign.com/login/bundle.ibbr-ver-0EFCA3FE9DBDCD28ABB2BAEA94D9129E.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 17 Feb 2023 04:43:35 GMT
Content-Type: image/svg+xml
Last-Modified: Tue, 25 Oct 2022 21:21:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63585356-5178"
Expires: Sat, 18 Feb 2023 04:43:35 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip

www.login-bestsign.com/login/INGMeWeb-Regular.woff2

45.88.3.63

200 OK

30 kB

URL HTTP/1.1
www.login-bestsign.com/login/INGMeWeb-Regular.woff2
IP
45.88.3.63:0
ASN
#200313 WEB_GroupInternet INC

File type
Web Open Font Format (Version 2), TrueType, length 29616, version 1.0\012- data
Size
30 kB (29616 bytes)
Hash
97205b19383b6a85ef38eb0997c23c35
f7e0af7cfde57e454dde3a2a0c878cc37de5841e
f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - ING Group
openphish	ING

HTTP Headers

GET /login/INGMeWeb-Regular.woff2 HTTP/1.1
Host: www.login-bestsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.login-bestsign.com/login/bundle.ibbr-ver-0EFCA3FE9DBDCD28ABB2BAEA94D9129E.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 17 Feb 2023 04:43:35 GMT
Content-Type: application/octet-stream
Content-Length: 29616
Last-Modified: Tue, 25 Oct 2022 21:21:26 GMT
Connection: keep-alive
ETag: "63585356-73b0"
Expires: Sat, 18 Feb 2023 04:43:35 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

www.login-bestsign.com/login/INGMeWeb-Bold.woff2

45.88.3.63

200 OK

30 kB

URL HTTP/1.1
www.login-bestsign.com/login/INGMeWeb-Bold.woff2
IP
45.88.3.63:0
ASN
#200313 WEB_GroupInternet INC

File type
Web Open Font Format (Version 2), TrueType, length 30456, version 1.0\012- data
Size
30 kB (30456 bytes)
Hash
126c1fdeee5cc17fef5f5909ebb5c86f
e2676a4a0c0f88ad2f33fe8acefc038073785de3
3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - ING Group
openphish	ING

HTTP Headers

GET /login/INGMeWeb-Bold.woff2 HTTP/1.1
Host: www.login-bestsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.login-bestsign.com/login/bundle.ibbr-ver-0EFCA3FE9DBDCD28ABB2BAEA94D9129E.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 17 Feb 2023 04:43:35 GMT
Content-Type: application/octet-stream
Content-Length: 30456
Last-Modified: Tue, 25 Oct 2022 21:21:26 GMT
Connection: keep-alive
ETag: "63585356-76f8"
Expires: Sat, 18 Feb 2023 04:43:35 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

www.login-bestsign.com/login/icons.woff

45.88.3.63

200 OK

40 kB

URL HTTP/1.1
www.login-bestsign.com/login/icons.woff
IP
45.88.3.63:0
ASN
#200313 WEB_GroupInternet INC

File type
Web Open Font Format, TrueType, length 40128, version 1.0\012- data
Size
40 kB (40128 bytes)
Hash
bbf967c24ec9deda08e3ecef994bffb8
963b670dbe0d1d025dab9a1180bae0be469ec519
b5042719aa693ccb50ddf9bb7a99d2df224389b5e8dbf4c2bb3b385b8e63bdd9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - ING Group
openphish	ING

HTTP Headers

GET /login/icons.woff HTTP/1.1
Host: www.login-bestsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.login-bestsign.com/login/bundle.ibbr-ver-0EFCA3FE9DBDCD28ABB2BAEA94D9129E.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 17 Feb 2023 04:43:35 GMT
Content-Type: application/font-woff
Content-Length: 40128
Last-Modified: Tue, 25 Oct 2022 21:21:26 GMT
Connection: keep-alive
ETag: "63585356-9cc0"
Expires: Sat, 18 Feb 2023 04:43:35 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes

www.login-bestsign.com/home.php?pl=token&link=ing.de&bid=3735964a4d295b223a847e10188ed30a&callback=jQuery32103656183328912861_1676609014440&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1676609014441

45.88.3.63

200 OK

77 B

URL HTTP/1.1
www.login-bestsign.com/home.php?pl=token&link=ing.de&bid=3735964a4d295b223a847e10188ed30a&callback=jQuery32103656183328912861_1676609014440&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1676609014441
IP
45.88.3.63:0
ASN
#200313 WEB_GroupInternet INC

File type
ASCII text, with no line terminators
Size
77 B (77 bytes)
Hash
60f4b6634b364abde81e7d8275f6c5d9
cc3e94456a217badaac38372462094a6f309e852
8351fdb50c0f8ad51f35b87e5fcfabf21dd32adc3a00490d5480ed3d306b8e04

Detections

Analyzer	Verdict	Alert
openphish	ING

HTTP Headers

GET /home.php?pl=token&link=ing.de&bid=3735964a4d295b223a847e10188ed30a&callback=jQuery32103656183328912861_1676609014440&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1676609014441 HTTP/1.1
Host: www.login-bestsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://www.login-bestsign.com/a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 17 Feb 2023 04:43:35 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

www.login-bestsign.com/home.php?pl=token&link=ing.de&bid=3735964a4d295b223a847e10188ed30a&callback=jQuery32103656183328912861_1676609014442&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1676609014443

45.88.3.63

200 OK

77 B

URL HTTP/1.1
www.login-bestsign.com/home.php?pl=token&link=ing.de&bid=3735964a4d295b223a847e10188ed30a&callback=jQuery32103656183328912861_1676609014442&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1676609014443
IP
45.88.3.63:0
ASN
#200313 WEB_GroupInternet INC

File type
ASCII text, with no line terminators
Size
77 B (77 bytes)
Hash
db5fd36495425a4ba19f305fc866d8bc
444ee98117517055b06fc9d15fa14a4ff9d29449
1f4c5c018401f2ab52dc37663754517ec0c337f1fec4cf4e33b46c6105db40b0

Detections

Analyzer	Verdict	Alert
openphish	ING

HTTP Headers

GET /home.php?pl=token&link=ing.de&bid=3735964a4d295b223a847e10188ed30a&callback=jQuery32103656183328912861_1676609014442&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1676609014443 HTTP/1.1
Host: www.login-bestsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://www.login-bestsign.com/a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 17 Feb 2023 04:43:35 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

www.login-bestsign.com/favicon.ico

45.88.3.63

404 Not Found

239 B

URL HTTP/1.1
www.login-bestsign.com/favicon.ico
IP
45.88.3.63:0
ASN
#200313 WEB_GroupInternet INC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
239 B (239 bytes)
Hash
15e4fce1eb75813e5192a0be5954178e
0e9ff1a287c6c9354051169553a7792946197607
78a90db037b088fa7e01b357b52bd079bebfc1c4f0b678f83d33fbf835456211

Detections

Analyzer	Verdict	Alert
openphish	ING

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.login-bestsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.login-bestsign.com/a1b2c3/3735964a4d295b223a847e10188ed30a/login/?index=48479&feeder=91b3fc919345b2846c2ae681daae0a2f0c08f8ff
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 17 Feb 2023 04:43:35 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML