Overview

URLc2541454.ferozo.com/fa/webcss/
IP 200.58.111.50 (Argentina)
ASN#27823 Dattatec.com
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-05 23:58:49 UTC
StatusLoading report..
IDS alerts0
Blocklist alert8
urlquery alerts
21
Phishing - Banca Sella
Tags None

Domain Summary (9)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-12-05 04:09:09 UTC 34.102.187.140
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
c2541454.ferozo.com (12) 0 2022-12-05 06:50:54 UTC 2022-12-05 12:21:03 UTC 200.58.111.50 Domain (ferozo.com) ranked at: 237713
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 52.38.227.80
billng-netlflex-llogian.com (2) 0 2022-12-05 08:23:43 UTC 2022-12-05 12:35:32 UTC 200.58.111.50 Unknown ranking
r3.o.lencr.org (7) 344 No data No data 23.36.76.226
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-12-05 04:09:48 UTC 34.117.237.239
img-getpocket.cdn.mozilla.net (6) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-12-05 2 c2541454.ferozo.com/fa/webcss/ Banca Sella

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-12-05 2 c2541454.ferozo.com/fa/webcss/ Phishing
2022-12-05 2 c2541454.ferozo.com/fa/webcss/css/osp.js Phishing
2022-12-05 2 c2541454.ferozo.com/fa/webcss/css/LOGO_BSE_PAGAM.svg Phishing
2022-12-05 2 c2541454.ferozo.com/fa/webcss/css/icon_arrowhead_progressBar_finished.svg Phishing
2022-12-05 2 c2541454.ferozo.com/fa/webcss/css/language_italian.svg Phishing
2022-12-05 2 c2541454.ferozo.com/fa/webcss/css/icon_arrowhead_progressBar_next.svg Phishing
2022-12-05 2 c2541454.ferozo.com/fa/webcss/css/icon_arrowhead_progressBar_now.svg Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 200.58.111.50
Date UQ / IDS / BL URL IP
2023-01-27 20:34:52 +0000 0 - 0 - 7 c2541481.ferozo.com/step-4.php 200.58.111.50
2023-01-27 20:34:33 +0000 0 - 0 - 7 c2541481.ferozo.com/step-3.php 200.58.111.50
2023-01-27 20:34:17 +0000 0 - 0 - 7 c2541481.ferozo.com/step-2.php 200.58.111.50
2023-01-27 20:33:55 +0000 0 - 0 - 18 c2541481.ferozo.com/ 200.58.111.50
2023-01-27 06:49:36 +0000 0 - 1 - 26 c2541481.ferozo.com/hotmailverifi/Pin.html 200.58.111.50


Last 5 reports on ASN: Dattatec.com
Date UQ / IDS / BL URL IP
2023-02-04 13:40:12 +0000 0 - 1 - 2 environ-mental.com.ar/css/UltraBranch/login.p (...) 200.58.111.46
2023-02-04 10:21:56 +0000 0 - 1 - 43 environ-mental.com.ar/css/ultrabranch/login.p (...) 200.58.111.46
2023-02-04 07:39:25 +0000 0 - 1 - 2 environ-mental.com.ar/css/UltraBranch/login.p (...) 200.58.111.46
2023-02-04 05:39:20 +0000 0 - 0 - 2 elementtv.com.ar/home/in/clients/login.php 200.58.110.204
2023-02-04 04:52:05 +0000 0 - 1 - 45 environ-mental.com.ar/css/ultrabranch/login.p (...) 200.58.111.46


Last 5 reports on domain: ferozo.com
Date UQ / IDS / BL URL IP
2023-02-03 21:34:48 +0000 33 - 0 - 0 j5000477.ferozo.com/wp-admin/maint/Aramex/cli (...) 200.58.111.230
2023-02-03 18:46:26 +0000 33 - 0 - 0 j5000477.ferozo.com/wp-admin/maint/Aramex/cli (...) 200.58.111.230
2023-02-03 18:19:55 +0000 31 - 0 - 0 j5000477.ferozo.com/wp-admin/maint/Aramex/cli (...) 200.58.111.230
2023-02-03 12:04:11 +0000 0 - 1 - 17 c1572007.ferozo.com/ 200.58.110.107
2023-02-01 12:42:16 +0000 0 - 1 - 4 c1450565.ferozo.com/fichier/ajax/Cuidad/verif (...) 200.58.111.68


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-12-22 06:22:00 +0000 13 - 0 - 11 rinnovadominio-it.167-99-242-43.plesk.page/pa (...) 167.99.242.43
2022-12-22 06:21:40 +0000 13 - 0 - 9 rinnovadominio-it.167-99-242-43.plesk.page/ 167.99.242.43
2022-09-13 22:19:38 +0000 0 - 0 - 9 idolnutrition.com/area/b532536d5f8d808978b5f0 (...) 163.44.198.41
2022-09-13 22:19:18 +0000 0 - 0 - 9 idolnutrition.com/area/4a61d37a4e4f459e687436 (...) 163.44.198.41
2022-09-13 22:01:22 +0000 0 - 0 - 10 idolnutrition.com/area/ed31de20fff66637225f30 (...) 163.44.198.41

JavaScript

Executed Scripts (3)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (34)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10937
Expires: Tue, 06 Dec 2022 03:00:56 GMT
Date: Mon, 05 Dec 2022 23:58:39 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 997
Cache-Control: max-age=125357
Date: Mon, 05 Dec 2022 23:58:39 GMT
Etag: "638dc877-1d7"
Expires: Wed, 07 Dec 2022 10:47:56 GMT
Last-Modified: Mon, 05 Dec 2022 10:31:19 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 05 Dec 2022 23:20:20 GMT
cache-control: public,max-age=3600
age: 2299
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    14cd9a0afb6ba9a763651d5112760d1e
Sha1:   75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
Sha256: 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13498
Expires: Tue, 06 Dec 2022 03:43:37 GMT
Date: Mon, 05 Dec 2022 23:58:39 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: sjBLD/p9yzgvo5OlZTWEZqpcKZ2OyWIAni2xZtndFAWv5KRC3tv9FbMjpQ9TfuwRRwdZXLFI3YQ=
x-amz-request-id: 6P234JKE9PM7A77D
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 05 Dec 2022 23:46:52 GMT
age: 707
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    53341dea33f4f3d9b4966f80589f429a
Sha1:   20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
Sha256: 651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Mon, 05 Dec 2022 23:58:39 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 05 Dec 2022 23:08:58 GMT
cache-control: public,max-age=3600
age: 2981
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /fa/webcss/ HTTP/1.1 
Host: c2541454.ferozo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         200.58.111.50
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Mon, 05 Dec 2022 23:58:39 GMT
Server: Apache
X-Powered-By: PHP/7.4.25
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=10, max=200
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (322)
Size:   3409
Md5:    a1df98dd741347521e5100eaaeda2703
Sha1:   94306a6227f80e315c4104b2c4233528af02f523
Sha256: 60fc5152b18edf7908d57848c96ead6a001f1d141c7f99ea7a3629c6577b21d1

Alerts:
  Blocklists:
    - openphish: Banca Sella
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 982
Cache-Control: max-age=120275
Date: Mon, 05 Dec 2022 23:58:39 GMT
Etag: "638db4ac-1d7"
Expires: Wed, 07 Dec 2022 09:23:14 GMT
Last-Modified: Mon, 05 Dec 2022 09:06:52 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /fa/webcss/css/jquery-ui.css HTTP/1.1 
Host: c2541454.ferozo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c2541454.ferozo.com/fa/webcss/

search
                                         200.58.111.50
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Mon, 05 Dec 2022 23:58:40 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 03 Dec 2022 07:00:04 GMT
ETag: "6e23-5eee700ede500-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6750
Keep-Alive: timeout=10, max=200


--- Additional Info ---
Magic:  ASCII text, with very long lines (28195), with no line terminators
Size:   6750
Md5:    613596a9b61d4505f619b62ebe0e65b2
Sha1:   ddca79f5d3d0cf1ee5cf130f1d0228973e64ce8f
Sha256: 225bf998eb5f7f8bca06e729f4ca5bff000a7fb35f24d35e591cb8c5a36a325d

Alerts:
  urlquery:
    - Phishing - Banca Sella
    - Phishing - Banca Sella
                                        
                                            GET /fa/webcss/css/osp.js HTTP/1.1 
Host: c2541454.ferozo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c2541454.ferozo.com/fa/webcss/

search
                                         200.58.111.50
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Mon, 05 Dec 2022 23:58:40 GMT
Server: Apache
Last-Modified: Sat, 03 Dec 2022 07:00:04 GMT
ETag: "b7b-5eee700ede500-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 767
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   767
Md5:    9318db4200c12e5eec8acd91c9942bc1
Sha1:   cae0f15e1b346023e3734ac84ec638fbb3d4ea1e
Sha256: ff0fdf98dcd765d3333ba851ac191631b48672d092e6c2bcd9e8211f4383a81e

Alerts:
  urlquery:
    - Phishing - Banca Sella
    - Phishing - Banca Sella
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: salO9qDoo6VJz5icm9AYIw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         52.38.227.80
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: o+/nYQTFnCjfgV47Ps9uiNDPh6U=

                                        
                                            GET /fa/webcss/css/dyf.css HTTP/1.1 
Host: c2541454.ferozo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c2541454.ferozo.com/fa/webcss/

search
                                         200.58.111.50
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Mon, 05 Dec 2022 23:58:40 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 03 Dec 2022 07:00:04 GMT
ETag: "409d-5eee700ede500-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4110
Keep-Alive: timeout=10, max=200


--- Additional Info ---
Magic:  ASCII text, with very long lines (16540)
Size:   4110
Md5:    0e0f8b4252ccc38ad635f604763bab1a
Sha1:   0dd5f15e764c14fa0060657787317e2ede36d563
Sha256: 485d69c9ad66124b3a915ded4b54f06aed602fb700dd3812f005c7284bb8681d

Alerts:
  urlquery:
    - Phishing - Banca Sella
    - Phishing - Banca Sella
                                        
                                            GET /fa/webcss/css/checkBrowser.css HTTP/1.1 
Host: c2541454.ferozo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c2541454.ferozo.com/fa/webcss/

search
                                         200.58.111.50
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Mon, 05 Dec 2022 23:58:40 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 03 Dec 2022 07:00:04 GMT
ETag: "a28-5eee700ede500-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 864
Keep-Alive: timeout=10, max=200


--- Additional Info ---
Magic:  ASCII text, with very long lines (2600), with no line terminators
Size:   864
Md5:    6e1fd832a2e7dbf9f91868ad470ec791
Sha1:   bdc3d374ebce929927853a76c0f1a0770c7feecc
Sha256: d3a01d02b09f5afa5319e44b652d9488d61d9d1baabccdd04ef145e6e449caf7

Alerts:
  urlquery:
    - Phishing - Banca Sella
    - Phishing - Banca Sella
                                        
                                            GET /fa/webcss/css/LOGO_BSE_PAGAM.svg HTTP/1.1 
Host: c2541454.ferozo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c2541454.ferozo.com/fa/webcss/

search
                                         200.58.111.50
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Mon, 05 Dec 2022 23:58:40 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 03 Dec 2022 07:00:04 GMT
ETag: "def-5eee700ede500"
Accept-Ranges: bytes
Content-Length: 3567
Keep-Alive: timeout=10, max=200


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (3567), with no line terminators
Size:   3567
Md5:    dfb0ffcf8c984e467909cfc00b8623ef
Sha1:   ff135655c9426dacb1eccdf44ce1c572580dd643
Sha256: b7df3f607e2704502e16154beb52a35346a937ab5ccd276ccb288f0c5a7aad66

Alerts:
  urlquery:
    - Phishing - Banca Sella
    - Phishing - Banca Sella
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /fa/webcss/css/icon_arrowhead_progressBar_finished.svg HTTP/1.1 
Host: c2541454.ferozo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c2541454.ferozo.com/fa/webcss/

search
                                         200.58.111.50
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Mon, 05 Dec 2022 23:58:40 GMT
Server: Apache
Last-Modified: Sat, 03 Dec 2022 07:00:04 GMT
ETag: "84b-5eee700ede500"
Accept-Ranges: bytes
Content-Length: 2123
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   2123
Md5:    79cb503e5c3e30edf4892fe5ec9644c0
Sha1:   5dd40919bbde6c302b545527db83d5b90fd6d94a
Sha256: 80052e087c7689485037572a21818f76c1132d3f447b76e619a07bb6e77431d3

Alerts:
  urlquery:
    - Phishing - Banca Sella
    - Phishing - Banca Sella
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /fa/webcss/css/language_italian.svg HTTP/1.1 
Host: c2541454.ferozo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c2541454.ferozo.com/fa/webcss/

search
                                         200.58.111.50
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Mon, 05 Dec 2022 23:58:40 GMT
Server: Apache
Last-Modified: Sat, 03 Dec 2022 07:00:04 GMT
ETag: "2f0-5eee700ede500"
Accept-Ranges: bytes
Content-Length: 752
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   752
Md5:    f7130db0bdfa4142f9d4f701352c1ef8
Sha1:   9b206f451f13bba685d2d7330036ad0eb120d55b
Sha256: 893899185a057e264b6b13635054edd3ae805c6abc2767a7ab79b361edc8f9c8

Alerts:
  urlquery:
    - Phishing - Banca Sella
    - Phishing - Banca Sella
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /fa/webcss/css/icon_arrowhead_progressBar_next.svg HTTP/1.1 
Host: c2541454.ferozo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c2541454.ferozo.com/fa/webcss/

search
                                         200.58.111.50
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Mon, 05 Dec 2022 23:58:40 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 03 Dec 2022 07:00:04 GMT
ETag: "857-5eee700ede500"
Accept-Ranges: bytes
Content-Length: 2135
Keep-Alive: timeout=10, max=200


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   2135
Md5:    d040b47418a5f512244024ac13a9c9d3
Sha1:   132d8e28fb93f17bc647873f4b350ab3df06dcae
Sha256: 55cc680096c147031170a3f5bc174ae7c721d8ec9c4a4495c1cff47ecd2fa9ab

Alerts:
  urlquery:
    - Phishing - Banca Sella
    - Phishing - Banca Sella
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /fa/webcss/css/icon_arrowhead_progressBar_now.svg HTTP/1.1 
Host: c2541454.ferozo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c2541454.ferozo.com/fa/webcss/

search
                                         200.58.111.50
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Mon, 05 Dec 2022 23:58:40 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sat, 03 Dec 2022 07:00:04 GMT
ETag: "856-5eee700ede500"
Accept-Ranges: bytes
Content-Length: 2134
Keep-Alive: timeout=10, max=200


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   2134
Md5:    d42b09150a5fd1763c1863cd2ef29691
Sha1:   8f51b5e2d0c2f7a9ce726035497b9b844db288b2
Sha256: 78968380547ed62f00c1d115f573b73fd7c928bc3c418dbc2ea0934406edf912

Alerts:
  urlquery:
    - Phishing - Banca Sella
    - Phishing - Banca Sella
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /fa/images/icon_arrowhead_back.svg HTTP/1.1 
Host: c2541454.ferozo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c2541454.ferozo.com/fa/webcss/css/dyf.css

search
                                         200.58.111.50
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Mon, 05 Dec 2022 23:58:40 GMT
Server: Apache
X-Powered-By: PHP/7.4.25
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://billng-netlflex-llogian.com/wp-json/>; rel="https://api.w.org/"
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=10, max=200
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7090)
Size:   14037
Md5:    678b03589b0502d207c873cb4a57b720
Sha1:   79a271c2695aacb524b58a822b50e6c07edadb7c
Sha256: bef6ec50b0171688aa17addec3a665d6e372c28df8b7d15771c20442ab3a1b86
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15178
Expires: Tue, 06 Dec 2022 04:11:39 GMT
Date: Mon, 05 Dec 2022 23:58:41 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15178
Expires: Tue, 06 Dec 2022 04:11:39 GMT
Date: Mon, 05 Dec 2022 23:58:41 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15178
Expires: Tue, 06 Dec 2022 04:11:39 GMT
Date: Mon, 05 Dec 2022 23:58:41 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15178
Expires: Tue, 06 Dec 2022 04:11:39 GMT
Date: Mon, 05 Dec 2022 23:58:41 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0b9928a3-5708-47a4-8d92-f3af8d54a81d.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 18490
x-amzn-requestid: f01c056f-b0bc-4833-9934-d0c37f4d701c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csS4wE5NIAMFQmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6504-1111ee0221c3c4165a9ef2ab;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:39:16 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: L83k-5N1ntWkhPbKsReH19NWajYEVyQSBQIKM6aSZSovDKHTYeXhUQ==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:30:52 GMT
age: 5269
etag: "9487451d24db59cc0f426410da2b55f94f3bb34b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   18490
Md5:    f4bbfe2037fd1658cad81b5b8e4d885c
Sha1:   9487451d24db59cc0f426410da2b55f94f3bb34b
Sha256: 2a124c75c6c90c5633f3538c8b84422262f81cb35d8f4cf4ed0032cc897a5ab9
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffbcb6f9-483c-4254-9451-927fa2fc2294.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3968
x-amzn-requestid: 55111bc4-d002-44a0-855a-533251b144fb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSveGo_IAMFQvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64c9-28e0a83d7f9f1ffc7544bb3d;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: _Hf2XblY73dHIIWTqWgeDzJJalBo6ooCAit1eQ8G8n4385ORBBDakA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:47:06 GMT
etag: "1c95a1e47e903cc6775df2c5ed3f2f58cca42dc8"
age: 7895
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3968
Md5:    9838b65dde746487c806ee9739f8b222
Sha1:   1c95a1e47e903cc6775df2c5ed3f2f58cca42dc8
Sha256: cf3ddc240b33d0f588d5acb30593b6846874a192bff9f5b69455877d7f63be53
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F461bc4a6-a90b-41a8-99ce-a502ba9ed21f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8749
x-amzn-requestid: ee03c447-299b-45d5-b8c6-12d4d1dc436d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_spHdBIAMFywQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d131d-0c9805c6112ec9ec6b9d1544;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:33 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tsL8hmcWaBeKYVG2b4g7ebl-sQ0Z5jZaexEfvldfzq9COcOdzqLhUA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:48:49 GMT
age: 7792
etag: "6706e02d6b95edc3a33c951f07d04b0fb7415b77"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8749
Md5:    dcb8fe0c4ba323ab2483fa290c291051
Sha1:   6706e02d6b95edc3a33c951f07d04b0fb7415b77
Sha256: 6be68deb3a330955027ec16eaca2cdf4e2776620ffb7cb995922664b24400f02
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F01b6b798-4c76-47d4-ae22-c8967b0f2c5c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8997
x-amzn-requestid: 54d7ed8c-119c-4583-929c-fd053524814c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csT_8F78IAMFY6Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e66cc-3d9816725e7e0b1b3404bc4a;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:46:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ScASzeq_stezoHeSOmqluKJimg3R6YD6yd6guTD2d5Mjl8F_vQP0rg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:47:06 GMT
age: 7895
etag: "5c54b4ca3db1c975b3ad7f780f0ebdc867fc2ef4"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8997
Md5:    9fda84db003d0cfc70d73dcb6a3763dd
Sha1:   5c54b4ca3db1c975b3ad7f780f0ebdc867fc2ef4
Sha256: f00aa6b88dd85164d8f6ee685937a3ca8039b98b442a2e6aede1c4c421b4fc4c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0ca09fa3-9c1c-4e27-b763-2de04564da9d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4827
x-amzn-requestid: 26ac5a48-3e41-4638-88d6-c94ba8b7a6c8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csS3nFxPoAMFcpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64fd-28f8cb92130706e3652eb971;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:39:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YUk1Nt1XioDColWXDiEZsL8BmFpyWaV5tRbsbmAiR6A2psM_Gx3j_A==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:41:49 GMT
age: 8212
etag: "0f1c7567b89cc3de60196e47e37879296359bc78"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4827
Md5:    73b9f329cd3a39d0756de62dd5f190b7
Sha1:   0f1c7567b89cc3de60196e47e37879296359bc78
Sha256: e15711efe27a3d302a9869cf01d27fd65bd0beca9d03a19d93bbf11e28f3e1d8
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faeae6973-c3cb-4597-8dcc-f36e4cd35fda.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11469
x-amzn-requestid: f60a3f0d-38f7-4f82-bdd5-9e31814ab1d9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSuZGAXIAMFwuA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64c2-5b4b99e779a0aaa71a311a1c;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bWcuXixVA50JUynSO7ar3nWfjsTa5iOteSYq88bWPlQvz__1qfv7Uw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:41:49 GMT
age: 8212
etag: "a862b74508113ae72b56b9b3de0c75ba559b9032"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11469
Md5:    5529617b0748f2d8c82ef99c1ac116a8
Sha1:   a862b74508113ae72b56b9b3de0c75ba559b9032
Sha256: 376a82ae4a5b80f59fb746be79bca569b03a74c345845c7bbf15189964b0bb96
                                        
                                            GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1 
Host: billng-netlflex-llogian.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://c2541454.ferozo.com/
Connection: keep-alive

search
                                         200.58.111.50
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Mon, 05 Dec 2022 23:58:41 GMT
Server: Apache
Location: https://billng-netlflex-llogian.com/wp-includes/images/w-logo-blue-white-bg.png
Content-Length: 287
Keep-Alive: timeout=10, max=200
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   287
Md5:    6485795fdc2e931cbd78a95900466b41
Sha1:   727b7365153b9f24a3bb600ddddafacf2ebaa4c3
Sha256: ffaec6451f459095a1c3bda2b4fce624b28774b3e1cb62173f6bdd188d7908bf
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "126562A2D72F6C68B4D942D1D1DEB9512A37FB5FF1BFA6C9949AF69C4C7571FA"
Last-Modified: Sat, 03 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14955
Expires: Tue, 06 Dec 2022 04:07:57 GMT
Date: Mon, 05 Dec 2022 23:58:42 GMT
Connection: keep-alive

                                        
                                            GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1 
Host: billng-netlflex-llogian.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://c2541454.ferozo.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         200.58.111.50
HTTP/2 200 OK
content-type: image/png
                                        
last-modified: Fri, 25 Mar 2022 12:18:14 GMT
etag: "1017-5db09f4ee4d80"
accept-ranges: bytes
content-length: 4119
date: Mon, 05 Dec 2022 23:58:42 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced\012- data
Size:   4119
Md5:    000bf649cc8f6bf27cfb04d1bcdcd3c7
Sha1:   d73d2f6d74ec6cdcbae07955592962e77d8ae814
Sha256: 6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0

Alerts:
  urlquery:
    - Phishing - Banca Sella
    - Phishing - Banca Sella
                                        
                                            GET /fa/images/icon_arrowhead_main.svg HTTP/1.1 
Host: c2541454.ferozo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c2541454.ferozo.com/fa/webcss/css/dyf.css

search
                                         200.58.111.50
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Mon, 05 Dec 2022 23:58:40 GMT
Server: Apache
X-Powered-By: PHP/7.4.25
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://billng-netlflex-llogian.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=10, max=199
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---