Overview

URL nexi-ticket.mrface.com/
IP45.125.66.70
ASNTele Asia Limited
Location Lithuania
Report completed2022-09-01 10:48:56 UTC
StatusLoading report..
urlquery Alerts DynDNS domain detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
mnemonic secure dns  No alerts detected
Quad9 DNS
Scan Date Severity Indicator Comment
2022-09-01 2 ns1.name Sinkholed
2022-09-01 2 ns1.name Sinkholed
2022-09-01 2 ns1.name Sinkholed


Files

No files detected



Passive DNS (11)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS nexiinfo-service-it.ddns.ms (34) 0 2022-09-01 08:31:11 UTC 2022-09-01 08:31:11 UTC 45.125.66.70 Domain (ddns.ms) ranked at: 807725
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-01 04:51:03 UTC 143.204.55.25
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-01 04:48:38 UTC 34.117.237.239
mnemonic passive DNS r3.o.lencr.org (9) 344 2020-12-02 08:52:13 UTC 2022-09-01 04:47:54 UTC 23.36.76.226
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-01 05:48:00 UTC 93.184.220.29
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-01 05:02:40 UTC 35.164.47.107
mnemonic passive DNS i.imgur.com (1) 5110 2012-05-21 08:09:36 UTC 2022-09-01 05:13:04 UTC 151.101.84.193
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-01 04:41:03 UTC 34.120.237.76
mnemonic passive DNS panelumeu.ns1.name (3) 0 2022-08-22 12:19:23 UTC 2022-08-28 21:25:20 UTC 45.125.66.95 Unknown ranking
mnemonic passive DNS nexi-ticket.mrface.com (1) 0 2022-08-30 12:24:54 UTC 2022-08-30 12:26:13 UTC 45.125.66.70 Unknown ranking
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-01 04:49:28 UTC 143.204.55.35


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 45.125.66.70

Date UQ / IDS / BL URL IP
2022-09-02 20:06:42 +0000
39 - 0 - 56 nexipaymobilekey.dns04.com/ 45.125.66.70
2022-09-02 18:54:27 +0000
39 - 0 - 61 info-pay-nexi-key.port25.biz/ 45.125.66.70
2022-09-02 08:44:55 +0000
2 - 0 - 1 ftp.info-pay-nexi-key.port25.biz/ 45.125.66.70
2022-09-02 08:36:31 +0000
2 - 0 - 0 app-utente.ddns.ms/ 45.125.66.70
2022-09-02 04:48:39 +0000
2 - 0 - 0 ftp.info-nexi-key.myddns.com/ 45.125.66.70

Last 5 reports on ASN: Tele Asia Limited

Date UQ / IDS / BL URL IP
2022-11-04 13:11:22 +0000
4 - 0 - 0 area-personale.is-gone.com/persone-e-famiglie/ 45.125.66.85
2022-11-01 04:17:42 +0000
4 - 0 - 1 titulare.likescandy.com/persone-e-famiglie/ 45.125.66.85
2022-10-27 10:45:33 +0000
0 - 0 - 0 45.123.188.178 45.123.188.178
2022-10-20 19:32:54 +0000
0 - 0 - 1 mahjongline.com/ 45.125.65.66
2022-09-24 08:49:50 +0000
0 - 0 - 3 logininfoutete.dubya.net/ 45.125.66.85

Last 1 reports on domain: mrface.com

Date UQ / IDS / BL URL IP
2022-09-01 10:48:56 +0000
39 - 0 - 3 nexi-ticket.mrface.com/ 45.125.66.70

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-10-29 06:36:22 +0000
4 - 0 - 0 www.key-client-titolare.is-leet.com/txt/ 54.209.165.232
2022-09-16 16:00:59 +0000
4 - 0 - 22 www.titolare-key-nexxi.iamallama.com/pay_nexa (...) 45.125.66.101
2022-09-02 20:06:42 +0000
39 - 0 - 56 nexipaymobilekey.dns04.com/ 45.125.66.70
2022-09-02 18:54:27 +0000
39 - 0 - 61 info-pay-nexi-key.port25.biz/ 45.125.66.70
2022-09-01 22:13:01 +0000
39 - 0 - 3 ftp.info-nexi-key.myddns.com/ 45.125.66.70


JavaScript

Executed Scripts (12)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (60)


Request Response
                                        
                                            GET / HTTP/1.1 
Host: nexi-ticket.mrface.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 01 Sep 2022 10:48:44 GMT
Server: Apache/2.4.18 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 147
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   147
Md5:    813c2c086fdc23c49596f71e83a67632
Sha1:   418e8f168221965379279e382196f5909bedcc91
Sha256: 1f14c3a633f2e77a0c260eea43b04664e29a0c750fd5dbf546df3377f011cf9a

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 01 Sep 2022 10:41:13 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: LCqnPdrbU6ThhsgpWnuK10nJXDUjkCXyp_S9foOz2l5fbSDECRAHNA==
Age: 450


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    b593eb39329cfe060d55be5e4a5405e2
Sha1:   78e46c1028e9f94f8569303ad2d90d7df13a059a
Sha256: 08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "ECE269E8B9BE8A5839D75C1343823D68B96930C593C2E3E8D522999176EE3149"
Last-Modified: Mon, 29 Aug 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5080
Expires: Thu, 01 Sep 2022 12:13:25 GMT
Date: Thu, 01 Sep 2022 10:48:45 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.25
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
date: Thu, 01 Sep 2022 01:15:17 GMT
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
etag: "742edb4038f38bc533514982f3d2e861"
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: _1ztqdLnax2adgNa4cmQLVpG9RPaR0ja97oGiQSJgMhe38b_0Rm_nQ==
age: 34409
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    742edb4038f38bc533514982f3d2e861
Sha1:   cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
Sha256: b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Thu, 01 Sep 2022 10:48:45 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "8171FF854DCB3B67DD5B53E302C47F6EAC4FE3C216A45EACFB571C28E2147925"
Last-Modified: Thu, 01 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13592
Expires: Thu, 01 Sep 2022 14:35:17 GMT
Date: Thu, 01 Sep 2022 10:48:45 GMT
Connection: keep-alive

                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app?https://www.nexi.it/privati/servizi/area-personale.html HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         45.125.66.70
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Thu, 01 Sep 2022 10:48:45 GMT
Server: Apache/2.4.18 (Ubuntu)
Location: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/?https://www.nexi.it/privati/servizi/area-personale.html
Content-Length: 436
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   436
Md5:    8f2d0853b067b7730e84c080be346947
Sha1:   7ac9ab2d88f699c07935dd68cca5c4831c4d0e7e
Sha256: c8f8ab73a5d17d0caf1df7511396bed60e3e2b2a40d6627ed0261696e4e9955f

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/?https://www.nexi.it/privati/servizi/area-personale.html HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 01 Sep 2022 10:48:45 GMT
Server: Apache/2.4.18 (Ubuntu)
Set-Cookie: real=OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 349
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   349
Md5:    015898ad29e93f479eacbec9e6f612b3
Sha1:   597bf2a8174de34b337dccf23edbe1794a5997ad
Sha256: 801c84133815131ca77501867e8e42306ae5f2b613ec861cd4c8e46641786667

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/?https://www.nexi.it/privati/servizi/area-personale.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Thu, 01 Sep 2022 10:48:45 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Length: 290
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   290
Md5:    b3fce92c4e5ce93cf42d633800dd2f34
Sha1:   59a5b0b8a6f7737d5d5143fe3342eea0f1137cde
Sha256: 359ce3888ed865e249b3b124dc21ea1bed2d041f73430802e75293f1c88dd730

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Cache-Control, Pragma, Backoff, Last-Modified, ETag, Expires, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Thu, 01 Sep 2022 09:57:05 GMT
Expires: Thu, 01 Sep 2022 10:56:16 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: eQmSQ618VtSDQuACNp_-Pjqf76VnmLIOYXpdww5hFbENNqP9dStojA==
Age: 3100


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5595
Cache-Control: 'max-age=158059'
Date: Thu, 01 Sep 2022 10:48:45 GMT
Last-Modified: Thu, 01 Sep 2022 09:15:30 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rbk/ao+VF/kYE+HtgPSPzA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         35.164.47.107
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: AXmK+VoXTt7hIbpi9W6NBxXmTDk=

                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/a1b2c3/ceb0fa49cb5305b88e24bb95f300a3ef?https://www.nexi.it/privati/servizi/area-personale.html HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Thu, 01 Sep 2022 10:48:46 GMT
Server: Apache/2.4.18 (Ubuntu)
Location: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/a1b2c3/ceb0fa49cb5305b88e24bb95f300a3ef/?https://www.nexi.it/privati/servizi/area-personale.html
Content-Length: 476
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   476
Md5:    ea55d7553652ec9e48f4f57410d27441
Sha1:   170660cd73c1798e7afce987d225119271c38ac7
Sha256: 39940c19c391352512f750d154f8177ff88bea952e76ff940fc2d85b216d1ed3

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/a1b2c3/ceb0fa49cb5305b88e24bb95f300a3ef/?https://www.nexi.it/privati/servizi/area-personale.html HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/?https://www.nexi.it/privati/servizi/area-personale.html
Connection: keep-alive
Cookie: real=OK
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 01 Sep 2022 10:48:46 GMT
Server: Apache/2.4.18 (Ubuntu)
Set-Cookie: bid=ceb0fa49cb5305b88e24bb95f300a3ef; expires=Sat, 01-Oct-2022 10:48:46 GMT; Max-Age=2592000; path=/
location: login/?https://www.nexi.it/privati/servizi/area-personale.html
Content-Length: 0
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/a1b2c3/ceb0fa49cb5305b88e24bb95f300a3ef/login/?https://www.nexi.it/privati/servizi/area-personale.html HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/?https://www.nexi.it/privati/servizi/area-personale.html
Connection: keep-alive
Cookie: real=OK; bid=ceb0fa49cb5305b88e24bb95f300a3ef
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 01 Sep 2022 10:48:46 GMT
Server: Apache/2.4.18 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5100
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2815)
Size:   5100
Md5:    1c1dc37f423f0919820ea4d48100007d
Sha1:   14068f6868b9d1fa2caf7a79ed9614254dd9f739
Sha256: 0f4a40d7d4faadd813282ab81d42520186314115ccd94638815535d3e38fcc7e

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/bower_components/jquery/dist/jquery.min.js HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/a1b2c3/ceb0fa49cb5305b88e24bb95f300a3ef/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=ceb0fa49cb5305b88e24bb95f300a3ef
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 01 Sep 2022 10:48:46 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Mon, 05 Jun 2017 03:55:06 GMT
ETag: "15283-5512e77ee3a80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 30138
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (32058)
Size:   30138
Md5:    3430607b4301113ad9394c9260eef3f0
Sha1:   8c4db68b161b17e31be300e968a30ab0116b3193
Sha256: 31e4d11375322cd6f94dba7338570426f2412d6c5fa670427966d45c3648098c

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/bower_components/ua-parser-js/dist/ua-parser.min.js HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/a1b2c3/ceb0fa49cb5305b88e24bb95f300a3ef/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=ceb0fa49cb5305b88e24bb95f300a3ef
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 01 Sep 2022 10:48:46 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 12 Oct 2017 08:16:24 GMT
ETag: "4298-55b5527f0e600-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6063
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (16817)
Size:   6063
Md5:    14da93cff6d49885bf214d2503f614db
Sha1:   04d64d738cd0fd2b4eee3b8abc5326dfda3f1dea
Sha256: 49e584e9a0aee55b81771b9e010ccf1da6278da03fb8ddba07ef7a1f0a126732

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/bower_components/font-awesome/css/font-awesome.min.css HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/a1b2c3/ceb0fa49cb5305b88e24bb95f300a3ef/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=ceb0fa49cb5305b88e24bb95f300a3ef
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 01 Sep 2022 10:48:46 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Sun, 09 Apr 2017 04:29:24 GMT
ETag: "7918-54cb44da47100-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7053
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (30837)
Size:   7053
Md5:    52f1a8a2ce85fa8432308b33bc1a2e79
Sha1:   fd80917af5371c8ecad0198592a1e7cce4b77b0e
Sha256: 07bd6a9ea0213e20f362485aadc17a88c486ecfb394004b41b8b38db6e6a35f6

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/core/form/core_form.js HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/a1b2c3/ceb0fa49cb5305b88e24bb95f300a3ef/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=ceb0fa49cb5305b88e24bb95f300a3ef
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 01 Sep 2022 10:48:46 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Fri, 08 Nov 2019 20:10:31 GMT
ETag: "3fda-596db5fb11bc0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4019
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   4019
Md5:    7c8bd0c35f152ecc839349fc096a7316
Sha1:   172c05793d2b4a32b983b2183d290df61348144e
Sha256: e3513e4ff663a665d9fa2b474c902444341024828a1bda4521edf660418aa2d1

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/core/token/core_token.js HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/a1b2c3/ceb0fa49cb5305b88e24bb95f300a3ef/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=ceb0fa49cb5305b88e24bb95f300a3ef
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 01 Sep 2022 10:48:46 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Fri, 08 Nov 2019 20:08:32 GMT
ETag: "22fd-596db58995000-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1431
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   1431
Md5:    715880a9d6da7f01e624f6669fcc99bf
Sha1:   fa51999ee6bfbfe9361d2248b5429c260f205194
Sha256: 3b31e617e97a433067b65cf16dd953c5e04e9746a342a4284f9e3b3beba04a11

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/core/form/core_form.css HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/a1b2c3/ceb0fa49cb5305b88e24bb95f300a3ef/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=ceb0fa49cb5305b88e24bb95f300a3ef
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 01 Sep 2022 10:48:46 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Fri, 08 Nov 2019 07:58:11 GMT
ETag: "a9b-596d124a9eac0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 665
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   665
Md5:    268653a679c54f58ddfbd3a1dea26e81
Sha1:   9cdfb1a2f3fa2498d5c477ca47f6b20b59a041cf
Sha256: 7cfe7376e45f6f27808c9313a426d2361eae0dc005983111dde6a5e88d00a7ed

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/login/form/css.css HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/a1b2c3/ceb0fa49cb5305b88e24bb95f300a3ef/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=ceb0fa49cb5305b88e24bb95f300a3ef
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 01 Sep 2022 10:48:46 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Fri, 08 Nov 2019 20:43:05 GMT
ETag: "90-596dbd428c840-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 121
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   121
Md5:    388da9932145e417adb96e2e88a9c1bd
Sha1:   6add9b7f63d23638b807662588944a01a57a5ae9
Sha256: faebec4e15b72ea3d0c455f14f1e48a08bf5cf26462eb078f2d7b4d19d098d1b

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/login/style.css HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/a1b2c3/ceb0fa49cb5305b88e24bb95f300a3ef/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=ceb0fa49cb5305b88e24bb95f300a3ef
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 01 Sep 2022 10:48:46 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 07 Nov 2019 18:39:00 GMT
ETag: "4452-596c5fa8fb900-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3431
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   3431
Md5:    319ebfc54b48fd3b3cf2613ad74c03ac
Sha1:   22ceec21aaf2f6bbbd0705fc5c785dbbb6890b5b
Sha256: d82bd0b8e4e0d03d38826b2603b22f773575ff9068faff1f5187cfe509d3e360

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/login/css.css HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/a1b2c3/ceb0fa49cb5305b88e24bb95f300a3ef/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=ceb0fa49cb5305b88e24bb95f300a3ef
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 01 Sep 2022 10:48:46 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 07 Nov 2019 18:38:58 GMT
ETag: "10ec-596c5fa713480-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 602
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   602
Md5:    0be73f2e004f675f5b54b4630bd826df
Sha1:   1809f06b66415c6782c92e4acbc897857b543f22
Sha256: c942be2806f9a69273d5983195617ee3e3eb3799245e2f8012382318442abca3

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/login/form/form.js?v=63108e0ea0ebb HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/a1b2c3/ceb0fa49cb5305b88e24bb95f300a3ef/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=ceb0fa49cb5305b88e24bb95f300a3ef
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 01 Sep 2022 10:48:46 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Sun, 22 Sep 2019 09:13:10 GMT
ETag: "a49-59320b6489580-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 626
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   626
Md5:    c0328e89fb60d267fbbb17f437914c3b
Sha1:   8cfdbf9752314ade4ffc65f933f8a04917aaa958
Sha256: ddd5d1ad5bfe667d81b83760d5f0fe6cc80e8d2546698f97a70fc577e41479c4

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/bower_components/angular/angular.min.js HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/a1b2c3/ceb0fa49cb5305b88e24bb95f300a3ef/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=ceb0fa49cb5305b88e24bb95f300a3ef
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 01 Sep 2022 10:48:46 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Fri, 18 Aug 2017 14:37:28 GMT
ETag: "2937c-5570811783a00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  ASCII text, with very long lines (552)
Size:   58946
Md5:    ef8273bb5f21cf02cdb9ccd56513e7c1
Sha1:   0de400b680cfc9a05f3d182ea010b4ecb6166f7a
Sha256: 369f26576626b7705342e67ae37363858a5655c66755ddff450054dfe9c70bc4

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/login/ng/ng.js?v=63108e0ea0ef6 HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/a1b2c3/ceb0fa49cb5305b88e24bb95f300a3ef/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=ceb0fa49cb5305b88e24bb95f300a3ef
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 01 Sep 2022 10:48:46 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Fri, 08 Nov 2019 20:43:50 GMT
ETag: "c50-596dbd6d76d80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1107
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   1107
Md5:    678d911920b638e0348fe1d1221bc98d
Sha1:   254a44adf9d27886ebae3416410f2cc9ca41e1e1
Sha256: a2d2430fdc89c9d502c5115a37dc26d1f409cdb86ab243187643783cabd1d3d1

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/login/token/token.js?v=63108e0ea0f2d HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/a1b2c3/ceb0fa49cb5305b88e24bb95f300a3ef/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=ceb0fa49cb5305b88e24bb95f300a3ef
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 01 Sep 2022 10:48:46 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Fri, 08 Nov 2019 20:23:09 GMT
ETag: "4be-596db8cdf4540-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 516
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   516
Md5:    618403e922584d493d90e88a9a151cda
Sha1:   f44949bed024bdb5d49eda5d16f8252eeb09f691
Sha256: d2c7111a465a323d5a08768fe787b09c8858c764de8ee7c8c95570b08012e8ce

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/login/style-1.css HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/a1b2c3/ceb0fa49cb5305b88e24bb95f300a3ef/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=ceb0fa49cb5305b88e24bb95f300a3ef
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 01 Sep 2022 10:48:46 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 07 Nov 2019 18:39:02 GMT
ETag: "88aed-596c5faae3d80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  ASCII text, with very long lines (685), with CRLF, LF line terminators
Size:   69737
Md5:    127eedd202127bf5d5a05cc076b2c6b2
Sha1:   673b466dad34317249322691e040c747e23d4de1
Sha256: 5854f5eaff334ab480506c2ea7661d7a9592ca0e63a1cfa3862f2528b69ac7fb

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/login/icon-phone-warning-white.svg HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/a1b2c3/ceb0fa49cb5305b88e24bb95f300a3ef/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=ceb0fa49cb5305b88e24bb95f300a3ef
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Thu, 01 Sep 2022 10:48:46 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 07 Nov 2019 18:38:58 GMT
ETag: "f29-596c5fa713480"
Accept-Ranges: bytes
Content-Length: 3881
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   3881
Md5:    8ca4186994be106eea6423d4f2d9af10
Sha1:   4963eaacbdf6ba1cf7c529694ec488eea950bc92
Sha256: c8e1f312e86564f3d293bb04806f55d4296cc3342321655bb738d7d61eeeef22

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/login/app_store.svg HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/a1b2c3/ceb0fa49cb5305b88e24bb95f300a3ef/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=ceb0fa49cb5305b88e24bb95f300a3ef
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Thu, 01 Sep 2022 10:48:46 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 07 Nov 2019 18:38:58 GMT
ETag: "3dc8-596c5fa713480"
Accept-Ranges: bytes
Content-Length: 15816
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1295)
Size:   15816
Md5:    d11b30ed05c8b249efe85b47532305c4
Sha1:   e2be0738062a412e6a31b6bc67ea983b1db98732
Sha256: 5e3c6b5c51b5fbf7691fa5d0adbcd05be694548d5f03aee7d59d7a8b092b5d27

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/login/icon-blocked.svg HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/a1b2c3/ceb0fa49cb5305b88e24bb95f300a3ef/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=ceb0fa49cb5305b88e24bb95f300a3ef
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Thu, 01 Sep 2022 10:48:46 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 07 Nov 2019 18:38:58 GMT
ETag: "3a7-596c5fa713480"
Accept-Ranges: bytes
Content-Length: 935
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   935
Md5:    c3034188332fd8391df588c244a10a55
Sha1:   8a95344a40342edf303b04b994f1787dd2207efb
Sha256: 92751c1749c593c1ad2a7b61ff640b0dbb1a4c32db1981a523e5432cc35a029f

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/login/icon-close.svg HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/a1b2c3/ceb0fa49cb5305b88e24bb95f300a3ef/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=ceb0fa49cb5305b88e24bb95f300a3ef
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Thu, 01 Sep 2022 10:48:46 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 07 Nov 2019 18:38:58 GMT
ETag: "628-596c5fa713480"
Accept-Ranges: bytes
Content-Length: 1576
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   1576
Md5:    6a2b6418343e69fd866ebb827f33a2d6
Sha1:   4b6842649792e108920c211c2dca658e6f429734
Sha256: f1926ee7a205ed96afdd1b8a74d845d21a64dadb6ef76e672558e5b84b58274c

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/login/google_play.svg HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/a1b2c3/ceb0fa49cb5305b88e24bb95f300a3ef/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=ceb0fa49cb5305b88e24bb95f300a3ef
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Thu, 01 Sep 2022 10:48:46 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 07 Nov 2019 18:38:58 GMT
ETag: "62ff-596c5fa713480"
Accept-Ranges: bytes
Content-Length: 25343
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (24914)
Size:   25343
Md5:    9f366adad75cc2c3bf7d704939967a7b
Sha1:   54264a40ad66760e85e4a7407f78a94ccfe754d1
Sha256: ed313341bbd73a61ddacf268f494c9f85cb84e46f8954bde8a5260e21174f340

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/login/logo--light-double.svg HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/a1b2c3/ceb0fa49cb5305b88e24bb95f300a3ef/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=ceb0fa49cb5305b88e24bb95f300a3ef
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Thu, 01 Sep 2022 10:48:47 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 07 Nov 2019 18:38:58 GMT
ETag: "5c4-596c5fa713480"
Accept-Ranges: bytes
Content-Length: 1476
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   1476
Md5:    77ef18d95472ac80e6e86cf40daf8d4e
Sha1:   9289a4e6397fb8374db9532c00b684d0568c9e2c
Sha256: c37a1253313f01ecf7b8d5ac83025a8059d161d955ecbe5254c99d4edf6989fc

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /lQNIz8H.png HTTP/1.1 
Host: i.imgur.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.84.193
HTTP/2 200 OK
content-type: image/png
                                        
last-modified: Fri, 08 Nov 2019 07:55:56 GMT
etag: "c8ec33a7f60d9bf2bd70fe2096c58aac"
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Thu, 01 Sep 2022 10:48:47 GMT
age: 1991524
x-served-by: cache-iad-kiad7000031-IAD, cache-bma1625-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 1
x-timer: S1662029327.130740,VS0,VE10
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 4119
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 385 x 131, 8-bit colormap, non-interlaced\012- data
Size:   4119
Md5:    c8ec33a7f60d9bf2bd70fe2096c58aac
Sha1:   2dc66c21fdd555ccac7742177acd3e75677c3d34
Sha256: c12490d726ef93f69ec5c1368ab7b34269e9dd4e784f2e09a6e590a9002e3e0b
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/login/karbon-medium-webfont.woff HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/login/style-1.css
Cookie: real=OK; bid=ceb0fa49cb5305b88e24bb95f300a3ef; lng=it
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: application/font-woff
                                        
Date: Thu, 01 Sep 2022 10:48:47 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 07 Nov 2019 18:38:58 GMT
ETag: "617c-596c5fa713480"
Accept-Ranges: bytes
Content-Length: 24956
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 24956, version 1.0\012- data
Size:   24956
Md5:    034fa219154a0eed22d6ef6ebd89c3a9
Sha1:   c8574cf3bfc69f53392d916aef929ccc882a9386
Sha256: 4061275193aa1a5245941f7768b307219fc0f86f44dc1cf4d293168b93a72259

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/login/icon-phone.svg HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/a1b2c3/ceb0fa49cb5305b88e24bb95f300a3ef/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=ceb0fa49cb5305b88e24bb95f300a3ef
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Thu, 01 Sep 2022 10:48:47 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 07 Nov 2019 18:38:58 GMT
ETag: "fb0-596c5fa713480"
Accept-Ranges: bytes
Content-Length: 4016
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   4016
Md5:    ba155a06b6ed2efff975f38208ca03a7
Sha1:   e75f40d95197f19c38d900ac7c749857fbdb93f7
Sha256: 7e6f9ccce4ea514b53fb258d72b5682c74d1e81ef9148d3c406fbd03cfd56919

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/login/karbon-semibold-webfont.woff HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/login/style-1.css
Cookie: real=OK; bid=ceb0fa49cb5305b88e24bb95f300a3ef; lng=it
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: application/font-woff
                                        
Date: Thu, 01 Sep 2022 10:48:47 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 07 Nov 2019 18:38:58 GMT
ETag: "61c8-596c5fa713480"
Accept-Ranges: bytes
Content-Length: 25032
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 25032, version 1.0\012- data
Size:   25032
Md5:    4e893a43d47ba798763b8990f9e07180
Sha1:   9ac339e30beac18d0a4aaecce5b66a723ec46532
Sha256: 0696904b24ea3bdaf9ee857ded71391ccd44d40b84334571a5c5e71f93b4a0c6

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/login/icon-close-white.svg HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/a1b2c3/ceb0fa49cb5305b88e24bb95f300a3ef/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=ceb0fa49cb5305b88e24bb95f300a3ef
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Thu, 01 Sep 2022 10:48:46 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 07 Nov 2019 18:38:58 GMT
ETag: "637-596c5fa713480"
Accept-Ranges: bytes
Content-Length: 1591
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   1591
Md5:    e61ea756f9b2ae7f774048dfbc85f1df
Sha1:   d50555f8f6e6882e1031332a76a48ab9709f13b1
Sha256: 32cde70fcb4ed6949904cec5ef9065adce2196b3e8216bb5874019a9efe96edd

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/login/karbon-regular-webfont.woff HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/login/style-1.css
Cookie: real=OK; bid=ceb0fa49cb5305b88e24bb95f300a3ef; lng=it
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: application/font-woff
                                        
Date: Thu, 01 Sep 2022 10:48:47 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 07 Nov 2019 18:38:58 GMT
ETag: "5ef4-596c5fa713480"
Accept-Ranges: bytes
Content-Length: 24308
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 24308, version 1.0\012- data
Size:   24308
Md5:    e6b850dccbd545df306ea2f25452a124
Sha1:   08bdf0f61b8316130f85a2725dcbd7eb5a6dc750
Sha256: ade827343407a2a81168acb91cabc1ed7d83de7010966dd1b7f06f4e0344b9e6

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/login/form/newloader.gif HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/a1b2c3/ceb0fa49cb5305b88e24bb95f300a3ef/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=ceb0fa49cb5305b88e24bb95f300a3ef
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 01 Sep 2022 10:48:47 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Mon, 16 Sep 2019 06:51:55 GMT
ETag: "88042-592a60a1618c0"
Accept-Ranges: bytes
Content-Length: 557122
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 480 x 480\012- data
Size:   557122
Md5:    ef8d4e6b20b0cf0d68713fb2f6069042
Sha1:   d62bb4b1a169c88879de3bd2f5c4292b6259a952
Sha256: 32bfc673211421c1a5a33acc98291840183582f11d15490954b42a81d79d4630

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1AFFB6FFB5C46F0905E74DDFF3422CF8C4D747E444791372ED92A47270E8B5D5"
Last-Modified: Tue, 30 Aug 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13592
Expires: Thu, 01 Sep 2022 14:35:19 GMT
Date: Thu, 01 Sep 2022 10:48:47 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1AFFB6FFB5C46F0905E74DDFF3422CF8C4D747E444791372ED92A47270E8B5D5"
Last-Modified: Tue, 30 Aug 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13592
Expires: Thu, 01 Sep 2022 14:35:19 GMT
Date: Thu, 01 Sep 2022 10:48:47 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11446
Expires: Thu, 01 Sep 2022 13:59:33 GMT
Date: Thu, 01 Sep 2022 10:48:47 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11446
Expires: Thu, 01 Sep 2022 13:59:33 GMT
Date: Thu, 01 Sep 2022 10:48:47 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11446
Expires: Thu, 01 Sep 2022 13:59:33 GMT
Date: Thu, 01 Sep 2022 10:48:47 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11446
Expires: Thu, 01 Sep 2022 13:59:33 GMT
Date: Thu, 01 Sep 2022 10:48:47 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11446
Expires: Thu, 01 Sep 2022 13:59:33 GMT
Date: Thu, 01 Sep 2022 10:48:47 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F761bec2c-917c-4d76-b30f-d952432e80ae.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8243
x-amzn-requestid: cf7ca552-b255-4629-8115-9dd951f9c4c0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xv3i4EKBoAMFxPw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630fd2df-38f269ff114135be10791fd7;Sampled=0
x-amzn-remapped-date: Wed, 31 Aug 2022 21:30:07 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: cgMiw354TldS7AQAID-oF-ueF9g9HBslGnMLTjOXiU4Sf6LTBVkILg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Wed, 31 Aug 2022 21:37:41 GMT
age: 47466
etag: "db7ad928f5cb3478e16a4827aa1324d5f0441aee"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8243
Md5:    f6f2d3a00d6d7da233136a2f97288438
Sha1:   db7ad928f5cb3478e16a4827aa1324d5f0441aee
Sha256: e52e34961bd591a719e421a2c42681ae4e7f53162e708c0e1cd23a032b8c1461
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9564bd06-b264-460b-96bb-6b37cf25a72b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 16818
x-amzn-requestid: 6950a3c5-2cdc-4a21-854c-10d925e32ecd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XiYLvHRSIAMFotQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630a6d7e-6e98b9a77e592bd01afb1d97;Sampled=0
x-amzn-remapped-date: Sat, 27 Aug 2022 19:16:14 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3eBLhLH4APXLyj9kLHXNCFT9ccS_bnBp5INvMI93IFvOuBMERe_GgQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 31 Aug 2022 13:40:03 GMT
age: 76124
etag: "9fef9b071daea6793cbbdfe391254ac4326b1aa2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   16818
Md5:    12756903aaa74164feb5f8525398ca36
Sha1:   9fef9b071daea6793cbbdfe391254ac4326b1aa2
Sha256: 6d474a6d96aebfed43a4f6812f18a1be8d100c590f75eb0fbf4ec7277dd0c442
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff4a31025-b077-4937-93a3-a0669697b0ee.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8044
x-amzn-requestid: 8ea16c8b-f0aa-4ce9-a99d-8e59c51ffb8d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xv3j7Ge9IAMFQBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630fd2e5-6762d09b569221944f9b7870;Sampled=0
x-amzn-remapped-date: Wed, 31 Aug 2022 21:30:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tZWKpWZnFUVhefoWK-AwAYKOsmAcMhTmPXEyWp0BJPKfhgooGpI6xQ==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 31 Aug 2022 21:52:58 GMT
age: 46549
etag: "6d814e56d87e2579e51139759fa7dfb8195a6529"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8044
Md5:    043263cdba253c3eb4bfa33c95e8ca21
Sha1:   6d814e56d87e2579e51139759fa7dfb8195a6529
Sha256: 9c7cf679c9a6a0d0a2c75a85b13d8407a5e0fe2448d73fced51b45a3e701e9c1
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfd1bafb-f92b-46dc-9f17-4df493cefb83.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10137
x-amzn-requestid: 7d5f19c4-7c9b-4aad-928c-bb44da795f1f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XaISzFY1IAMF-zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630720de-0ea5331041f0167a196f9820;Sampled=0
x-amzn-remapped-date: Thu, 25 Aug 2022 07:12:30 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: h1ELVJBwpf4d3Fbspah-2KCSXx08D8_ZAgcZZjQSJdkMIUmtNmGJOw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 04:59:05 GMT
age: 20982
etag: "b844f3dcb14a2995644312406a80842e3f02a114"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10137
Md5:    ac4d5b101c9dc6a6f7e4bf252bfa9ca7
Sha1:   b844f3dcb14a2995644312406a80842e3f02a114
Sha256: e81f08ce6d9c7670f6e291f3d6a674b624386bd550d5c364264c3ff8fb7c797a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff48464b4-ee99-46c1-8a3e-aa01e1b670f8.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11031
x-amzn-requestid: bd49a4c9-205b-4553-90a3-308ebc6be818
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xv4hOHzVoAMFl8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630fd46e-783de8c2461d7cb9167f734e;Sampled=0
x-amzn-remapped-date: Wed, 31 Aug 2022 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: fo9YF1JJrYUMp7y9uM7av78_409D9n4ZWSaeydPAH7HuQzd8vOPiRg==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 31 Aug 2022 21:36:46 GMT
age: 47521
etag: "2082e9f809e97bbcaf6ff11846398aca472f9f0f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11031
Md5:    494ba0180ab4b2b80ca11aeb67ae69ab
Sha1:   2082e9f809e97bbcaf6ff11846398aca472f9f0f
Sha256: c6a707e79315677912fa7cf6ab592abf4377aa76e51ae5149d4bae7e663d6801
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7bffab86-e623-4ccd-9297-981c9dc6e4cd.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9674
x-amzn-requestid: 79dc68ea-ea2e-4eab-bab9-1c89b0a955a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XjMSvHJ-oAMF6Jw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630ac0de-2370cf5363d5f308121f0ca4;Sampled=0
x-amzn-remapped-date: Sun, 28 Aug 2022 01:11:58 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 1oGbbOSjJza6WWt0IDMqwsZkCk07uevGo0wML4y5LiexzhqlcHt3lA==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 31 Aug 2022 14:45:21 GMT
age: 72206
etag: "b691ef5e7a302e2678302818130a9637c3efbe3a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9674
Md5:    b0f6c541f6335bb709d2270147bd5aed
Sha1:   b691ef5e7a302e2678302818130a9637c3efbe3a
Sha256: e63922331a4463519e6df77ae7a1ad3316a36e54dd03c00ff6b119ee3fa684c5
                                        
                                            GET /loginspid/uadmin/gate.php?pl=token&link=nexi_it&bid=ceb0fa49cb5305b88e24bb95f300a3ef&callback=jQuery32107273981916991134_1662029326713&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1662029326714 HTTP/1.1 
Host: panelumeu.ns1.name
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         45.125.66.95
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 01 Sep 2022 10:48:47 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Length: 57
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   57
Md5:    460643e673e96cc4ad7a1f22fe17dcc3
Sha1:   a5d350e93e71fac2e2d33c9566b0194cfa406036
Sha256: a7ed7fab2eae858b2f1e4512c4acba320a07678870d5dadd4c7cd04a6880c944

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /loginspid/uadmin/gate.php?pl=token&link=nexi_it&bid=ceb0fa49cb5305b88e24bb95f300a3ef&callback=jQuery32107273981916991134_1662029326715&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1662029326716 HTTP/1.1 
Host: panelumeu.ns1.name
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         45.125.66.95
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 01 Sep 2022 10:48:47 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Length: 57
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   57
Md5:    23a573c19a79ae19c8907b13b918d96b
Sha1:   15c29dbc199fbbee8c9b37a75838f96f1bdf3b1d
Sha256: 6f1ac9ad2bbfaaa36848b0f6fc2bf90193c550bc5b51d946a019304a3a08df9d

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/login/placeholder_login_portale_privati.png HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/a1b2c3/ceb0fa49cb5305b88e24bb95f300a3ef/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=ceb0fa49cb5305b88e24bb95f300a3ef; lng=it
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 01 Sep 2022 10:48:47 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 07 Nov 2019 18:38:58 GMT
ETag: "13b53f-596c5fa713480"
Accept-Ranges: bytes
Content-Length: 1291583
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 1440 x 1024, 8-bit/color RGBA, non-interlaced\012- data
Size:   1291583
Md5:    a0e51a5d24b4401c9297341ad69c7405
Sha1:   18da1c5fdf6547e7390f72427fccbc2667490f32
Sha256: 861a4758d8d84ee664daa9cebfccf9aa3ab671f213484cb1f5e9ce586670a89b

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /loginspid/uadmin/gate.php?pl=token&link=nexi_it&bid=ceb0fa49cb5305b88e24bb95f300a3ef&callback=jQuery32107273981916991134_1662029326715&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1662029326717 HTTP/1.1 
Host: panelumeu.ns1.name
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         45.125.66.95
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 01 Sep 2022 10:48:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Length: 57
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   57
Md5:    23a573c19a79ae19c8907b13b918d96b
Sha1:   15c29dbc199fbbee8c9b37a75838f96f1bdf3b1d
Sha256: 6f1ac9ad2bbfaaa36848b0f6fc2bf90193c550bc5b51d946a019304a3a08df9d

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /www.nexi-pay.mobile-mobile-login-nexi-app/login/index.css HTTP/1.1 
Host: nexiinfo-service-it.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nexiinfo-service-it.ddns.ms/www.nexi-pay.mobile-mobile-login-nexi-app/a1b2c3/ceb0fa49cb5305b88e24bb95f300a3ef/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=ceb0fa49cb5305b88e24bb95f300a3ef
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 01 Sep 2022 10:48:46 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Fri, 08 Nov 2019 20:45:09 GMT
ETag: "3f39b-596dbdb8cdf40-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 23231
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---

Alerts:
  urlquery:
    - DynDNS domain detected