Report - user-mtb01.hufeer.ir/login.php

Report Overview

Submitted URL
user-mtb01.hufeer.ir/login.php
IP
212.33.195.109
ASN
#43754 Asiatech Data Transmission company
Submitted
2022-10-11 06:56:18
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
20

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	34.160.144.191
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	44.237.239.70
user-mtb01.hufeer.ir	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	12 kB	212.33.195.109
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
nexus.ensighten.com	2786	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	293 B	639 B	18.164.68.43
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
ocsp.entrust.net	1208	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	12 kB	104.110.10.32
resources.mtb.com	144011	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.4 kB	287 kB	192.216.61.78
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	4.4 kB	23.36.77.32
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	18.164.68.8
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.7 kB	60 kB	34.120.237.76
asset.mtb.com	246397	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	397 B	16 kB	18.165.201.38

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-10-08	medium	user-mtb01.hufeer.ir/login.php	M & T Bank Coporation

PhishTank

Scan Date	Severity	Indicator	Alert
2022-07-31	medium	user-mtb01.hufeer.ir/login.php	Other

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-10-11	medium	user-mtb01.hufeer.ir/login.php	Phishing
2022-10-11	medium	user-mtb01.hufeer.ir/TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=17	Phishing
2022-10-11	medium	user-mtb01.hufeer.ir/ruxitagentjs_ICA2SVfhjqrux_10205201218101503.js	Phishing
2022-10-11	medium	user-mtb01.hufeer.ir/Assets/scripts/Login/Index.js	Phishing
2022-10-11	medium	user-mtb01.hufeer.ir/TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=9	Phishing
2022-10-11	medium	user-mtb01.hufeer.ir/TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=17	Phishing
2022-10-11	medium	user-mtb01.hufeer.ir/ruxitagentjs_ICA2SVfhjqrux_10205201218101503.js	Phishing
2022-10-11	medium	user-mtb01.hufeer.ir/Assets/scripts/Login/Index.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	resources.mtb.com/r/simple-layout-responsive/js.mtb?v=08132020140516	322 kB	2023-03-07	2024-04-14
Pretty URL resources.mtb.com/r/simple-layout-responsive/js.mtb?v=08132020140516 IP 192.216.61.78 ASN #12134 MTB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:36 Last Seen2024-04-14 19:38:09 Times Seen2461 Hash 9c5a48bd789473f18b8bf7bd777371f9 f84d9237854640f2b0cc554b816c17d11376af5a 6ef98ef294d03000d904d5f868598dc98667a0d00338cee40b3080a9d725d1cd Loading...

	user-mtb01.hufeer.ir/login.php	4.6 kB	2023-03-07	2024-01-19
Pretty URL user-mtb01.hufeer.ir/login.php IP 212.33.195.109 ASN #43754 Asiatech Data Transmission company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:36 Last Seen2024-01-19 12:35:52 Times Seen1403 Hash dacedfbc4ea9e2ac287931ec646d7979 e13028112bf73025b142b70b1d3aef564c224d91 647f1b0a378a597fdb7c8f17ec5e062814d4d30c76e4f3d6d8b271b851e13030 Loading...

	nexus.ensighten.com/mtbank/OE-Prod/Bootstrap.js	15 B	2023-03-07	2024-04-01
Pretty URL nexus.ensighten.com/mtbank/OE-Prod/Bootstrap.js IP 18.164.68.43 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:36 Last Seen2024-04-01 18:55:57 Times Seen1629 Hash ffe905f50d9b47e6353b68513c4d48ac d2c2ee4201cca3be67abf771ed1f1922fa94d083 c0d8671e209f009f9c1ad8153222f942087ec193b7e87f856e60971bd5424633 Loading...

HTTP Transactions (42)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ef6d323da0ad155f526b4a57c2e46ccc
71686b19b3ca049b9b66f8740284c552a3f61a20
99e2f56075a08f133a9d1d0122ab9ef2d9eaa61e18f46994e52e21a8a53203f3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "99E2F56075A08F133A9D1D0122AB9EF2D9EAA61E18F46994E52E21A8A53203F3"
Last-Modified: Mon, 10 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5398
Expires: Tue, 11 Oct 2022 08:26:05 GMT
Date: Tue, 11 Oct 2022 06:56:07 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3d0ffae9abfdf558a6286013a0201c8b
2dc8ea0000a1b0c0f849611fdd73429bca51bfad
8e19eab9b6d16819f9ef3920971542cbcf5dd18280617e2de1a3827f0c149398

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8E19EAB9B6D16819F9EF3920971542CBCF5DD18280617E2DE1A3827F0C149398"
Last-Modified: Sun, 09 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19415
Expires: Tue, 11 Oct 2022 12:19:42 GMT
Date: Tue, 11 Oct 2022 06:56:07 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: Swgkw/B3DmcoouaEX6meoE1LOA+njkmgsdm2hW9w4G67BrDBGXSKKJnApKqqEkSEXBkmDWhFkGo=
x-amz-request-id: 8PQXBN1KNX03D2T0
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 11 Oct 2022 06:32:49 GMT
age: 1398
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/

18.164.68.8

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
18.164.68.8:0
ASN
#0

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
3f17af4e8a1739eda4a518039f4892f9
c3feba08ae7e8f57e0fe9bcd2ebedea6bda67cbb
c485b09cad08b5233fe8753682faf59219fe0d18fcc34d90dc88fb0971295f5f

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 11 Oct 2022 06:08:20 GMT
Expires: Tue, 11 Oct 2022 06:29:21 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 6777bbd78e2191b131d624eba7093540.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: 3mN3I3riXECVbnHet8gJZhamTEStmqTuVXamEoLB5osd0aRh2FfjmQ==
Age: 2867

user-mtb01.hufeer.ir/login.php

212.33.195.109

200 OK

4.8 kB

URL HTTP/1.1
user-mtb01.hufeer.ir/login.php
IP
212.33.195.109:0
ASN
#43754 Asiatech Data Transmission company

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (960), with CRLF line terminators
Size
4.8 kB (4798 bytes)
Hash
d9d3b9129013d7c03caa960e39f0344d
b61db46f8e8e7406f0414ff9f12a59605fd068d0
0208b343f1f505560ddc01fefda5c50c04b0a6609cd52c0cf3f1ca1f58980c60

Detections

Analyzer	Verdict	Alert
openphish	M & T Bank Coporation
phishtank	Other
fortinet	Phishing

HTTP Headers

GET /login.php HTTP/1.1
Host: user-mtb01.hufeer.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=0
Expires: Tue, 11 Oct 2022 06:56:07 GMT
Content-Length: 4798
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Tue, 11 Oct 2022 06:56:07 GMT

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 11 Oct 2022 06:56:07 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

user-mtb01.hufeer.ir/TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=17

212.33.195.109

404 Not Found

708 B

URL HTTP/1.1
user-mtb01.hufeer.ir/TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=17
IP
212.33.195.109:0
ASN
#43754 Asiatech Data Transmission company

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
708 B (708 bytes)
Hash
2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=17 HTTP/1.1
Host: user-mtb01.hufeer.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://user-mtb01.hufeer.ir/login.php

HTTP/1.1 404 Not Found
Connection: Keep-Alive
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 708
Date: Tue, 11 Oct 2022 06:56:07 GMT

user-mtb01.hufeer.ir/ruxitagentjs_ICA2SVfhjqrux_10205201218101503.js

212.33.195.109

404 Not Found

708 B

URL HTTP/1.1
user-mtb01.hufeer.ir/ruxitagentjs_ICA2SVfhjqrux_10205201218101503.js
IP
212.33.195.109:0
ASN
#43754 Asiatech Data Transmission company

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
708 B (708 bytes)
Hash
2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /ruxitagentjs_ICA2SVfhjqrux_10205201218101503.js HTTP/1.1
Host: user-mtb01.hufeer.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://user-mtb01.hufeer.ir/login.php

HTTP/1.1 404 Not Found
Connection: Keep-Alive
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 708
Date: Tue, 11 Oct 2022 06:56:07 GMT

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

18.164.68.8

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
18.164.68.8:0
ASN
#0

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Pragma, Content-Length, Backoff, Last-Modified, Cache-Control, Content-Type, Retry-After, ETag, Expires, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Tue, 11 Oct 2022 06:23:37 GMT
Expires: Tue, 11 Oct 2022 06:35:40 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 8939944fc38fd924b1fd4243119debb8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: iXXelSTdRXkmjykMKiuoeKfD45jsdDKD7VL2hQ9CGG6eIH9hLbu0Hg==
Age: 1951

user-mtb01.hufeer.ir/Assets/scripts/Login/Index.js

212.33.195.109

404 Not Found

708 B

URL HTTP/1.1
user-mtb01.hufeer.ir/Assets/scripts/Login/Index.js
IP
212.33.195.109:0
ASN
#43754 Asiatech Data Transmission company

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
708 B (708 bytes)
Hash
2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /Assets/scripts/Login/Index.js HTTP/1.1
Host: user-mtb01.hufeer.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://user-mtb01.hufeer.ir/login.php

HTTP/1.1 404 Not Found
Connection: Keep-Alive
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 708
Date: Tue, 11 Oct 2022 06:56:07 GMT

nexus.ensighten.com/mtbank/OE-Prod/Bootstrap.js

18.164.68.43

200 OK

15 B

URL HTTP/1.1
nexus.ensighten.com/mtbank/OE-Prod/Bootstrap.js
IP
18.164.68.43:0
ASN
#0

File type
ASCII text
Size
15 B (15 bytes)
Hash
ffe905f50d9b47e6353b68513c4d48ac
d2c2ee4201cca3be67abf771ed1f1922fa94d083
c0d8671e209f009f9c1ad8153222f942087ec193b7e87f856e60971bd5424633

HTTP Headers

GET /mtbank/OE-Prod/Bootstrap.js HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://user-mtb01.hufeer.ir/

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 15
Connection: keep-alive
Date: Tue, 11 Oct 2022 06:56:09 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Fri, 22 Jul 2022 23:48:01 GMT
ETag: "ffe905f50d9b47e6353b68513c4d48ac"
x-amz-server-side-encryption: AES256
Cache-Control: no-cache, no-store
x-amz-version-id: aoJA4xuOoFemAhjg4lZAdeni.2iMq5FL
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Error from cloudfront
Via: 1.1 d07f455dc14de1d5060686170d34b904.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: Uobm353YCvR9kvZ4WgtTAX20uU_1nP7nVZeACE1M2vSkwMQTP2wLgw==

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d545bc725dcd5d6f1dfc10a8b35aeb3a
82d92587953dac8a05d691730b8318719328de6b
9d1e6f1bf4b1c138d9e07e67264cb9ac5090a1c338ff72c87e1758e187cccb24

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4767
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 11 Oct 2022 06:56:08 GMT
Last-Modified: Tue, 11 Oct 2022 05:36:41 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
ee38425f2c5e429fbc3dec0566c86c59
819941c470578ba438c6b778137d12c5bd738356
895cd49d55da1413ff43c18b4463fad3d607107272df5bca5da95104d06cbe5b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "895CD49D55DA1413FF43C18B4463FAD3D607107272DF5BCA5DA95104D06CBE5B"
Last-Modified: Mon, 10 Oct 2022 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3565
Expires: Tue, 11 Oct 2022 07:55:33 GMT
Date: Tue, 11 Oct 2022 06:56:08 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
ee38425f2c5e429fbc3dec0566c86c59
819941c470578ba438c6b778137d12c5bd738356
895cd49d55da1413ff43c18b4463fad3d607107272df5bca5da95104d06cbe5b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "895CD49D55DA1413FF43C18B4463FAD3D607107272DF5BCA5DA95104D06CBE5B"
Last-Modified: Mon, 10 Oct 2022 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3578
Expires: Tue, 11 Oct 2022 07:55:46 GMT
Date: Tue, 11 Oct 2022 06:56:08 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
ee38425f2c5e429fbc3dec0566c86c59
819941c470578ba438c6b778137d12c5bd738356
895cd49d55da1413ff43c18b4463fad3d607107272df5bca5da95104d06cbe5b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "895CD49D55DA1413FF43C18B4463FAD3D607107272DF5BCA5DA95104D06CBE5B"
Last-Modified: Mon, 10 Oct 2022 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3590
Expires: Tue, 11 Oct 2022 07:55:58 GMT
Date: Tue, 11 Oct 2022 06:56:08 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1585 bytes)
Hash
4de14b5df7bdf388fbc4335f02913cd0
2e74b2fa78712de8b08ab905bc727d40707499e7
912d3dc94117b618c767c9f799d38236a7768ea21c7a46bfa1d209c0e95c340a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "912D3DC94117B618C767C9F799D38236A7768EA21C7A46BFA1D209C0E95C340A"
Last-Modified: Mon, 10 Oct 2022 20:00:00 UTC
Content-Length: 1585
Cache-Control: public, no-transform, must-revalidate, max-age=3600
Expires: Tue, 11 Oct 2022 07:56:08 GMT
Date: Tue, 11 Oct 2022 06:56:08 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1585 bytes)
Hash
4de14b5df7bdf388fbc4335f02913cd0
2e74b2fa78712de8b08ab905bc727d40707499e7
912d3dc94117b618c767c9f799d38236a7768ea21c7a46bfa1d209c0e95c340a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "912D3DC94117B618C767C9F799D38236A7768EA21C7A46BFA1D209C0E95C340A"
Last-Modified: Mon, 10 Oct 2022 20:00:00 UTC
Content-Length: 1585
Cache-Control: public, no-transform, must-revalidate, max-age=3547
Expires: Tue, 11 Oct 2022 07:55:15 GMT
Date: Tue, 11 Oct 2022 06:56:08 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1585 bytes)
Hash
4de14b5df7bdf388fbc4335f02913cd0
2e74b2fa78712de8b08ab905bc727d40707499e7
912d3dc94117b618c767c9f799d38236a7768ea21c7a46bfa1d209c0e95c340a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "912D3DC94117B618C767C9F799D38236A7768EA21C7A46BFA1D209C0E95C340A"
Last-Modified: Mon, 10 Oct 2022 20:00:00 UTC
Content-Length: 1585
Cache-Control: public, no-transform, must-revalidate, max-age=3600
Expires: Tue, 11 Oct 2022 07:56:08 GMT
Date: Tue, 11 Oct 2022 06:56:08 GMT
Connection: keep-alive

push.services.mozilla.com/

44.237.239.70

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.237.239.70:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: r0tXaS03WSd1gJ5BZP6gMA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: HDBsN5q07a9dAOpUl8Ryc+kfA+8=

resources.mtb.com/r/simple-layout-responsive/css.mtb?v=08132020140516

192.216.61.78

200 OK

35 kB

URL HTTP/1.1
resources.mtb.com/r/simple-layout-responsive/css.mtb?v=08132020140516
IP
192.216.61.78:0
ASN
#12134 MTB

File type
Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Size
35 kB (34711 bytes)
Hash
a09551203c370fcc0c14eee4d7af4fac
6fcd08a7f0871a33ded481a49023de7c42bcdbf0
59df120e12a64898104a890d8a3d976a0c9ef2e31c0741215106fd1edfa172d9

HTTP Headers

GET /r/simple-layout-responsive/css.mtb?v=08132020140516 HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://user-mtb01.hufeer.ir/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Expires: Wed, 11 Oct 2023 06:56:08 GMT
Last-Modified: Tue, 11 Oct 2022 06:56:07 GMT
ETag: "1665471368:dtagent10249220905100923q4Pu"
Vary: User-Agent
X-Srv: M-SC-01
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-449512458"
Date: Tue, 11 Oct 2022 06:56:08 GMT
Cteonnt-Length: 258715
Cache-Control: private
Content-Encoding: gzip
Set-Cookie: dtCookie=v_4_srv_4_sn_E6E0FC0FA4231FFFF156FD05C760C30F_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=019f8203fd113ed9f83a2c6b9f2b226ea2b841d0e3d9c99e5aac066b716d636c14a7c1ba476a58c7e49d79a7da17786fb6056e0f3a; Path=/
TS0128739d=019f8203fde3fed55195246e4a2dc6be183f3dba5ed9c99e5aac066b716d636c14a7c1ba47acf81838d5fec255913206f91cc794010a9ed5bde5984fe51a8666a96c437fd5; path=/; domain=.mtb.com
TSf60233d5027=08affc4e07ab2000d6dd5cf927c9c91c597b13cb3b1868ce15257672f2929fd292bd93827cf9aba208a2056e3b113000e0d4021920e2076ad23690bc08fde89ff64193a8201d1a2f0e51e511d3c4d61018d5b7788bdd1e46f935f775b1326263; Path=/
Transfer-Encoding: chunked

resources.mtb.com/r/simple-layout-responsive/js.mtb?v=08132020140516

192.216.61.78

200 OK

104 kB

URL HTTP/1.1
resources.mtb.com/r/simple-layout-responsive/js.mtb?v=08132020140516
IP
192.216.61.78:0
ASN
#12134 MTB

File type
ASCII text, with CRLF line terminators
Size
104 kB (103533 bytes)
Hash
08b250830e37bab4db49f49dcfa521aa
196ea486f29834f4f74c9415c3952b725055c866
9b41dafbfb1b1f1d091bcb7593dbdae2d91dddb1c00bbb00eea511b7c9c92443

HTTP Headers

GET /r/simple-layout-responsive/js.mtb?v=08132020140516 HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://user-mtb01.hufeer.ir/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Expires: Wed, 11 Oct 2023 06:56:08 GMT
Last-Modified: Tue, 11 Oct 2022 06:56:07 GMT
ETag: "1665471368:dtagent10249220905100923q4Pu"
Vary: User-Agent
X-Srv: M-SC-01
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1392907363"
Date: Tue, 11 Oct 2022 06:56:08 GMT
Cteonnt-Length: 322405
Cache-Control: private
Content-Encoding: gzip
Set-Cookie: dtCookie=v_4_srv_6_sn_0C638F6A64E74D0D6FAE13C81849DEF1_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=019f8203fdfa14eeb46adafbba8d302821050e67162fb57d3112049cd40a3720bae75791edd7a9cdbebf466650824b3f524f03e5b4; Path=/
TS0128739d=019f8203fdc0144c0aa2d0a28765284d5ca7bc23802fb57d3112049cd40a3720bae75791ed8eaada286b74e30fb7d9a9f876f957023a5b24ec19e794375550e9c476329a69; path=/; domain=.mtb.com
TSf60233d5027=08affc4e07ab200030f2cda0c38484a967af83098142dcbb51162fd10e2c64cd3906bd52f4ce474008d109eac81130001042178dbe11494ed23690bc08fde89fb3255ad4e3371643afa5b3b9f4ce0d15be42558d69fcc1f12aac73f2b0f28993; Path=/
Transfer-Encoding: chunked

user-mtb01.hufeer.ir/TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=9

212.33.195.109

404 Not Found

708 B

URL HTTP/1.1
user-mtb01.hufeer.ir/TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=9
IP
212.33.195.109:0
ASN
#43754 Asiatech Data Transmission company

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
708 B (708 bytes)
Hash
2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=9 HTTP/1.1
Host: user-mtb01.hufeer.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://user-mtb01.hufeer.ir/login.php

HTTP/1.1 404 Not Found
Connection: Keep-Alive
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 708
Date: Tue, 11 Oct 2022 06:56:07 GMT

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f97cde01f1afd5ed30319169445ec773
1cb25a8da62cdf1f9ab1b2b35d03163037691b33
1db2f13247d84bbebf5221ac7429e9367ee92aa1148b4aa879751e1944766406

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1DB2F13247D84BBEBF5221AC7429E9367EE92AA1148B4AA879751E1944766406"
Last-Modified: Mon, 10 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5237
Expires: Tue, 11 Oct 2022 08:23:26 GMT
Date: Tue, 11 Oct 2022 06:56:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f97cde01f1afd5ed30319169445ec773
1cb25a8da62cdf1f9ab1b2b35d03163037691b33
1db2f13247d84bbebf5221ac7429e9367ee92aa1148b4aa879751e1944766406

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1DB2F13247D84BBEBF5221AC7429E9367EE92AA1148B4AA879751E1944766406"
Last-Modified: Mon, 10 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5237
Expires: Tue, 11 Oct 2022 08:23:26 GMT
Date: Tue, 11 Oct 2022 06:56:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f97cde01f1afd5ed30319169445ec773
1cb25a8da62cdf1f9ab1b2b35d03163037691b33
1db2f13247d84bbebf5221ac7429e9367ee92aa1148b4aa879751e1944766406

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1DB2F13247D84BBEBF5221AC7429E9367EE92AA1148B4AA879751E1944766406"
Last-Modified: Mon, 10 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5237
Expires: Tue, 11 Oct 2022 08:23:26 GMT
Date: Tue, 11 Oct 2022 06:56:09 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F829a81b7-8a2b-4381-a830-9c534e3312fe.jpeg

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F829a81b7-8a2b-4381-a830-9c534e3312fe.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12187 bytes)
Hash
2b15495e3e13c06fd0d67523870405ed
3cb8b43735e86c93733affa10818c47693c80fce
f65edddef18295076f79a48e9a6c95d07ed244a2ae618cb4229b6c1bd434cd57

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F829a81b7-8a2b-4381-a830-9c534e3312fe.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12187
x-amzn-requestid: 9768886f-0e17-4958-bdaf-e17385eb21d6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjqJCHyNoAMFmDg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633e23d3-288e1d28057753a16893d6b5;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 00:39:47 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: jm9hynO1KfuT2luShwOU_Ps2ZHxUAPwymP1Bi-V49MWWJ3ooQq7qVg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Tue, 11 Oct 2022 00:52:48 GMT
age: 21801
etag: "3cb8b43735e86c93733affa10818c47693c80fce"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7abfd93d-a205-46fc-a450-d0de2182b1c7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10736 bytes)
Hash
7c510a5010677fcfa9ee8065c0abc894
5f2cf2a511760f5fd16d5c14a48a1aff185830e0
a07018792c7eb661bfddde47d26d728298c90314e52c96228a91c7d1978fedc6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7abfd93d-a205-46fc-a450-d0de2182b1c7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10736
x-amzn-requestid: fb2bd595-cff6-4278-95cb-f42939d91f17
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zzt85Fd9IAMFQeg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63449052-326c047f01d742353e1891c8;Sampled=0
x-amzn-remapped-date: Mon, 10 Oct 2022 21:36:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: u5XxBwVbvOux8Bv_DgbsHjE5KcQE5gy_F2mXDNFfgPxmTfsfwCQS7Q==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Mon, 10 Oct 2022 21:59:42 GMT
etag: "5f2cf2a511760f5fd16d5c14a48a1aff185830e0"
content-type: image/jpeg
age: 32187
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd01ec14d-f07e-4384-9b59-3bda5a58411c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.3 kB (6291 bytes)
Hash
b4c053b895a9ad451daac9ad8966efe2
d7ba07ca6981902c18ba848a33056d92c090e486
313da2baca74daf2ff4e6e0caaa885dfda4419b97f70ca4a8052ae6dbd5940b3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd01ec14d-f07e-4384-9b59-3bda5a58411c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6291
x-amzn-requestid: c4033712-d0c9-4554-af0c-e7c2485f6716
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zzt7lH6OIAMFkPg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63449049-5410402106d85ddd08a91551;Sampled=0
x-amzn-remapped-date: Mon, 10 Oct 2022 21:36:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: udn2aYY-nq2cubYtX9USkmfjQt0nsmb5mFYsgjN8PtHvVp2_YcIQlg==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 10 Oct 2022 21:59:42 GMT
etag: "d7ba07ca6981902c18ba848a33056d92c090e486"
content-type: image/jpeg
age: 32187
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1f22c3-33a7-4f40-9b8b-96764c81e8d4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5205 bytes)
Hash
30456d487c35886b1856909aafd25955
2a49a0b04e6763475e5cbb4d10c0c1a55f5b6506
f66c17dc9b78564a6f2d340ea95113cfae08c2bc1e2e0013b7fcc535bd37c198

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f1f22c3-33a7-4f40-9b8b-96764c81e8d4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5205
x-amzn-requestid: a855373d-076a-444d-b20e-123f3e085082
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZubqSHINoAMF_qQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6342730e-7cb791452232e9dd60c70560;Sampled=0
x-amzn-remapped-date: Sun, 09 Oct 2022 07:06:54 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: kE4kg-fVpc6z0kDU_9mwfZBa9-KNuMdWi2lgjZK_-w1vImI0kTUXAQ==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Mon, 10 Oct 2022 13:37:03 GMT
age: 62346
etag: "2a49a0b04e6763475e5cbb4d10c0c1a55f5b6506"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33b0daac-7759-4c24-876e-0081209775ee.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.0 kB (5986 bytes)
Hash
bbb9ff33a7a2e6ce3960c9c90b9606be
9a7c7f0f1a0fce0c7cdf7b842c6b0e23793a9b7c
8e937db0d312a1f0667038ab6cb5ff49eb22d1c7f5addfe9ed9f1988481476af

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33b0daac-7759-4c24-876e-0081209775ee.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5986
x-amzn-requestid: c5a80a04-65d8-4949-8a74-fde444516732
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZxttuEUdIAMF4mw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6343c324-47150b855f93b773337cfa4e;Sampled=0
x-amzn-remapped-date: Mon, 10 Oct 2022 07:00:52 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: RmWrbes3UmN46NlzE8SXSauQmuJZV9ApjuplqgmQI3xSHI7075HfQQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 10 Oct 2022 07:16:11 GMT
age: 85198
etag: "9a7c7f0f1a0fce0c7cdf7b842c6b0e23793a9b7c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ea1c33c-766b-4b55-98a5-0a22380c61ce.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6645 bytes)
Hash
1a8720e1bfd92ce7ccfeb8ab6ca2477a
1277a8a73b2fbf48562a7f767c3219d836b1faa9
61cfaa0a0338ae710735fab66822d8227adeb6a8bc4035686fae4a4de6247f1e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ea1c33c-766b-4b55-98a5-0a22380c61ce.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6645
x-amzn-requestid: 6e75c182-93bc-4339-a679-b069f78a397c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZzuQ0H3qoAMFi5w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634490d1-4e134a93174cbf3559bea75c;Sampled=0
x-amzn-remapped-date: Mon, 10 Oct 2022 21:38:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 2T5ArGyU86KvuyKtp_G0XC9MaZQWS2luBYlIKcQRWNeeUjqcmQgMSA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 10 Oct 2022 21:42:38 GMT
age: 33211
etag: "1277a8a73b2fbf48562a7f767c3219d836b1faa9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

resources.mtb.com/Assets/img/mtb-entrust.svg

192.216.61.78

200 OK

1.3 kB

URL HTTP/1.1
resources.mtb.com/Assets/img/mtb-entrust.svg
IP
192.216.61.78:0
ASN
#12134 MTB

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1349), with no line terminators
Size
1.3 kB (1349 bytes)
Hash
9a569ad20708d7453d89fe6c72e7fcdc
60b6a41620583484642f7c826faf8e3c879a6374
b2ef3bd17aa6bc2daa7b1209f7848b30c64f3068e43162b09a216639ab430ce5

HTTP Headers

GET /Assets/img/mtb-entrust.svg HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://user-mtb01.hufeer.ir/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: image/svg+xml
Last-Modified: Sat, 08 Oct 2022 06:24:04 GMT
Accept-Ranges: bytes
ETag: "09af18fdedad81:0"
X-Srv: M-SC-01
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="1906341386"
Date: Tue, 11 Oct 2022 06:56:08 GMT
Content-Length: 1349
Set-Cookie: dtCookie=v_4_srv_4_sn_60B8B9D6BC6BE6FEE4D4181D62F7504F_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=019f8203fd1e97c54070d158206f86d98053a433b81b8c403677eeb0bed78da37ba5be27dcd66ea49e3225daffd273380f94e2d501; Path=/
TS0128739d=019f8203fd705b20baaba6d938f6f38b179ac3b52b1b8c403677eeb0bed78da37ba5be27dc3e7fa5ba70f7ebfbff3edd287e7cdc8b8afab4f72f4989af0ddc6faa3c988aa6; path=/; domain=.mtb.com
TSf60233d5027=08affc4e07ab2000222db69a0a33b0821ed17b0c7819ea5754ab006056a438c94311fa33a7e2a67408047c7fd1113000d15431742f9366a16596d8e976bd0dd0f816575028a56f296f8d494548459b91e80242425a22e94f690b0f9b975fc0d6; Path=/

resources.mtb.com/Assets/img/mtb-equalhousinglender.svg

192.216.61.78

200 OK

230 B

URL HTTP/1.1
resources.mtb.com/Assets/img/mtb-equalhousinglender.svg
IP
192.216.61.78:0
ASN
#12134 MTB

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Size
230 B (230 bytes)
Hash
916635d10512ae6a1840614a895dcd38
db175de4c42281bb4d239c57d1b95b8e75c529ec
d58eb2802f72d0c6b1d944a1335e8fb914af44b51fe16097aad994c15b8cfbad

HTTP Headers

GET /Assets/img/mtb-equalhousinglender.svg HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://user-mtb01.hufeer.ir/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: image/svg+xml
Last-Modified: Sat, 08 Oct 2022 06:24:04 GMT
Accept-Ranges: bytes
ETag: "09af18fdedad81:0"
X-Srv: M-SC-01
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-914152854"
Date: Tue, 11 Oct 2022 06:56:08 GMT
Content-Length: 230
Set-Cookie: TSf60233d5027=08affc4e07ab2000db9289826d66ddde951c72b6ba30023a84cdb13e523f96d317dec50f1b81454a08be599583113000bf99ab1b4805a8f46596d8e976bd0dd00b8760197acf17e604d093705c0853f69229a48272b390574a40c3633c5fccd1; Path=/

resources.mtb.com/Assets/img/mtb-logo.svg

192.216.61.78

200 OK

2.0 kB

URL HTTP/1.1
resources.mtb.com/Assets/img/mtb-logo.svg
IP
192.216.61.78:0
ASN
#12134 MTB

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2039), with no line terminators
Size
2.0 kB (2039 bytes)
Hash
f2b901cf895852a0866fe4a16c7f1730
c4240af1ec798477b4e65a185ddbb1b038817da4
5f5b0d9f678fe446631a33a4cbbe891a01b0ed972143702e67ae6617367096ac

HTTP Headers

GET /Assets/img/mtb-logo.svg HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://user-mtb01.hufeer.ir/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: image/svg+xml
Last-Modified: Sat, 08 Oct 2022 06:24:04 GMT
Accept-Ranges: bytes
ETag: "09af18fdedad81:0"
X-Srv: M-SC-01
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="1159964188"
Date: Tue, 11 Oct 2022 06:56:08 GMT
Content-Length: 2039
Set-Cookie: dtCookie=v_4_srv_9_sn_2D0336C9BE792A9037CE8789AF204A66_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=019f8203fd9147995334fb29ec4346733dcb644d1818cf50d1adca4a4ea8418265cf40391a3e4cf69977cdc1e5064f9cd7f7128acb; Path=/
TS0128739d=019f8203fdb264519df672e3c2d6ad7d351b054ff318cf50d1adca4a4ea8418265cf40391a1c97587d4cfa63c5e96c5dd278badf3f11a66c44ea5799d550c8f9c7e7a1d68f; path=/; domain=.mtb.com
TSf60233d5027=08affc4e07ab20009e4965d2329516c84f475db4d94c3f638e2c0651f19f416466cc98c7eb8f9acd0822df6d3111300016dbf42115df84c36596d8e976bd0dd0f3bfa86fefe6fbc3bb98ceb8d6f3514f240c795c58886aaed0ffdc4ae4ea84a5; Path=/

user-mtb01.hufeer.ir/TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=17

212.33.195.109

404 Not Found

708 B

URL HTTP/1.1
user-mtb01.hufeer.ir/TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=17
IP
212.33.195.109:0
ASN
#43754 Asiatech Data Transmission company

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
708 B (708 bytes)
Hash
2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=17 HTTP/1.1
Host: user-mtb01.hufeer.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://user-mtb01.hufeer.ir/login.php

HTTP/1.1 404 Not Found
Connection: Keep-Alive
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 708
Date: Tue, 11 Oct 2022 06:56:09 GMT

user-mtb01.hufeer.ir/ruxitagentjs_ICA2SVfhjqrux_10205201218101503.js

212.33.195.109

404 Not Found

708 B

URL HTTP/1.1
user-mtb01.hufeer.ir/ruxitagentjs_ICA2SVfhjqrux_10205201218101503.js
IP
212.33.195.109:0
ASN
#43754 Asiatech Data Transmission company

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
708 B (708 bytes)
Hash
2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /ruxitagentjs_ICA2SVfhjqrux_10205201218101503.js HTTP/1.1
Host: user-mtb01.hufeer.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://user-mtb01.hufeer.ir/login.php

HTTP/1.1 404 Not Found
Connection: Keep-Alive
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 708
Date: Tue, 11 Oct 2022 06:56:09 GMT

resources.mtb.com/assets/fonts/mandtpg-iconfont.woff

192.216.61.78

200 OK

4.8 kB

URL HTTP/1.1
resources.mtb.com/assets/fonts/mandtpg-iconfont.woff
IP
192.216.61.78:0
ASN
#12134 MTB

File type
Web Open Font Format, TrueType, length 4776, version 1.0\012- data
Size
4.8 kB (4776 bytes)
Hash
ac13691b89191d11d0e5577eb3cf3d53
0126fa82c0ab022e61b5de74f1fe3e204a905a7b
108d16421ae2ff7fc5157d507dc5b1bf7f62140ba58cf3c723b1f2b7e74c21df

HTTP Headers

GET /assets/fonts/mandtpg-iconfont.woff HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://user-mtb01.hufeer.ir
Connection: keep-alive
Referer: https://resources.mtb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: APPLICATION/X-WOFF
Last-Modified: Sat, 08 Oct 2022 06:24:03 GMT
Accept-Ranges: bytes
ETag: "09af18fdedad81:0:dtagent10249220905100923q4Pu"
X-Srv: M-SC-01
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Timing-Allow-Origin: *
Server-Timing: dtSInfo;desc="0", dtRpid;desc="914565259", dtTao;desc="1"
Date: Tue, 11 Oct 2022 06:56:09 GMT
Content-Length: 4776
Set-Cookie: dtCookie=v_4_srv_9_sn_366708E11EFED3CD7D7D61C72AF13B69_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_1; Path=/; Domain=.mtb.com
TS019299a7=019f8203fd53891c1ebfaaa3b5d4ee633d904bc3a360e9b8a7e424587e77187d8001801692ffe098d557ba777bf2bca796d1a4afe3; Path=/
TS0128739d=019f8203fd808ee8c35289c84e3e99f20b92dc7bda60e9b8a7e424587e77187d80018016922314deb0a1c1d970b6296c7b07ed69e8fb9e0888d471c4a956eaca8bd3321893; path=/; domain=.mtb.com
TSf60233d5027=08affc4e07ab20006a8537b34379a4f701cc38cb13cf95ec809ec4055e21972f51b3283c490b01dc08c848a36811300020715ddabf58683a1f5a9e8af46141e6debbcd0cea369ce80accde3711303ae155fd702813efc9301bab315e8e34b42a; Path=/

resources.mtb.com/assets/fonts/mandtbaltoweb-medium.woff

192.216.61.78

200 OK

64 kB

URL HTTP/1.1
resources.mtb.com/assets/fonts/mandtbaltoweb-medium.woff
IP
192.216.61.78:0
ASN
#12134 MTB

File type
Web Open Font Format, TrueType, length 64318, version 1.0\012- data
Size
64 kB (64318 bytes)
Hash
b245a55f7e33e1cf4d2477570936ef84
12bf1c1eda6db246778f7c343acebbaad8fa36f4
b391b55f950528937beee7687717a4aef81196817834f1c93b099713ff738fbc

HTTP Headers

GET /assets/fonts/mandtbaltoweb-medium.woff HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://user-mtb01.hufeer.ir
Connection: keep-alive
Referer: https://resources.mtb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: APPLICATION/X-WOFF
Last-Modified: Sat, 08 Oct 2022 06:24:03 GMT
Accept-Ranges: bytes
ETag: "09af18fdedad81:0:dtagent10249220905100923q4Pu"
X-Srv: M-SC-01
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Timing-Allow-Origin: *
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1323260175", dtTao;desc="1"
Date: Tue, 11 Oct 2022 06:56:09 GMT
Content-Length: 64318
Set-Cookie: dtCookie=v_4_srv_2_sn_7BF76F1D75076B46BBA9F0544B3BFF66_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=019f8203fdeb3896e859304417b4e2d513a13d2576e8675b8f25ea89aeb6a6721cc462217b9ed0ea8902244a5944d842b7b69fac40; Path=/
TS0128739d=019f8203fd6ec78d41e9541bcd8f0223b47470ba14e8675b8f25ea89aeb6a6721cc462217b0c1e7a23aac8858c6a06197ee8db6494c2e8fe7f07f53adc07f05aa99313283d; path=/; domain=.mtb.com
TSf60233d5027=08affc4e07ab2000bfebfd07734500db0d3d349b2a56525c1550fccecbf430855baf240f64bfa0f6089e33cfc8113000dca01dbdecbe36d91f5a9e8af46141e67dddcd1d0ad2df54c920222b50d028dcb118173ebd2a8841d3ffeed2e169e4a7; Path=/

resources.mtb.com/assets/fonts/mandtbaltoweb-book.woff

192.216.61.78

200 OK

68 kB

URL HTTP/1.1
resources.mtb.com/assets/fonts/mandtbaltoweb-book.woff
IP
192.216.61.78:0
ASN
#12134 MTB

File type
Web Open Font Format, TrueType, length 67671, version 1.0\012- data
Size
68 kB (67671 bytes)
Hash
6cd469e8613d82d4d07834a5ca7745f0
95347ba0a03d27e1aa91bc17c937d8aefe53e6ff
4029a5a081992259f4e529190b49dbba893931da4e843dd203449f1b9a4509d2

HTTP Headers

GET /assets/fonts/mandtbaltoweb-book.woff HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://user-mtb01.hufeer.ir
Connection: keep-alive
Referer: https://resources.mtb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: APPLICATION/X-WOFF
Last-Modified: Sat, 08 Oct 2022 06:24:03 GMT
Accept-Ranges: bytes
ETag: "09af18fdedad81:0:dtagent10249220905100923q4Pu"
X-Srv: M-SC-01
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Timing-Allow-Origin: *
Server-Timing: dtSInfo;desc="0", dtRpid;desc="1383914109", dtTao;desc="1"
Date: Tue, 11 Oct 2022 06:56:09 GMT
Content-Length: 67671
Set-Cookie: dtCookie=v_4_srv_11_sn_965585B8C1B6D07FF8A6BA00A859DF9A_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=019f8203fdc13989ccda16d94471097818df3d2ba8227e3f8dffe4f4c46958626d645d14c3a7c3b0d92c73924c902ab4e6fd754704; Path=/
TS0128739d=019f8203fdc73f56e34c7df916d213177c1d149906227e3f8dffe4f4c46958626d645d14c39bf0b0066af57fde5877dacf08f41ef0a2e5353a1b4d7127508ba2a3e3a3a520; path=/; domain=.mtb.com
TSf60233d5027=08affc4e07ab20006db11cc6ee9549dcc4c241251e6791f426a8e524634db98fc7fa3a1fa730731008fb948c9a11300094ef760a1adeecc61f5a9e8af46141e633bdf9c62dca0115f2e3c8b71ff25c6fb469ad398d64e94b025e959b7143680e; Path=/

asset.mtb.com/Documents/html/homepage/favicon.ico

18.165.201.38

200 OK

15 kB

URL HTTP/2
asset.mtb.com/Documents/html/homepage/favicon.ico
IP
18.165.201.38:0
ASN
#0

File type
PNG image data, 300 x 300, 8-bit/color RGB, non-interlaced\012- data
Size
15 kB (14862 bytes)
Hash
e82f458a5c1c5353a97401eccc925613
949d6c8d06ca14b52f496c20f63fae269b6708c2
cd320f6e4a5ccfb2d08a5aca1d42dc606530d63e3d779038c41865c85568cbf3

HTTP Headers

GET /Documents/html/homepage/favicon.ico HTTP/1.1
Host: asset.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://user-mtb01.hufeer.ir/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/x-icon
content-length: 14862
accept-ranges: bytes
cache-control: max-age=3600, no-cache="set-cookie"
content-disposition: inline
content-encoding: gzip
date: Tue, 11 Oct 2022 06:56:12 GMT
last-modified: Wed, 04 May 2022 18:18:59 GMT
server: Apache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
x-dispatcher: dispatcher2useast1
x-frame-options: SAMEORIGIN
x-vhost: publish
etag: "3dce-5de33a8b9cac0-gzip"
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 675c3f96928d591debc37b54f2b16dc2.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P3
x-amz-cf-id: ZpgUD7ag-Mls29sdic46qki-NuVn1W0oA8h3ay5dHRkxxK08rakrng==
X-Firefox-Spdy: h2

user-mtb01.hufeer.ir/Assets/scripts/Login/Index.js

212.33.195.109

404 Not Found

708 B

URL HTTP/1.1
user-mtb01.hufeer.ir/Assets/scripts/Login/Index.js
IP
212.33.195.109:0
ASN
#43754 Asiatech Data Transmission company

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
708 B (708 bytes)
Hash
2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /Assets/scripts/Login/Index.js HTTP/1.1
Host: user-mtb01.hufeer.ir
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://user-mtb01.hufeer.ir/login.php

HTTP/1.1 404 Not Found
Connection: Keep-Alive
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 708
Date: Tue, 11 Oct 2022 06:56:09 GMT

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19424b7e-63c8-4f4a-ad93-ef6cb886a50f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5184 bytes)
Hash
a038cab69baa881794ca6712d38fb838
dfad15b64839ef9b304f7c919a36c4e66cfd46b6
26fc7247d679fe9f5b583abd33e3b56857b003facbb3b22b7d38b5d859a8c423

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19424b7e-63c8-4f4a-ad93-ef6cb886a50f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 5184
x-amzn-requestid: 4051eb09-2dd2-4e38-8077-8bb8ac919aa0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zj_dQG9VIAMFYTQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633e45ee-549cfdff0ead4dce44a3e546;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 03:05:18 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: mKygWi_g37uFV_B4qM2c_ZbVyXuqMWdTAO-pJQ5Gytz7vQ09B0CbvA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Mon, 10 Oct 2022 11:02:58 GMT
age: 71598
etag: "dfad15b64839ef9b304f7c919a36c4e66cfd46b6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (42)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size