Overview

URL hanasasansor.com/test/:/dir/
IP94.102.7.219
ASNNetinternet Bilisim Teknolojileri AS
Location Turkey
Report completed2022-09-28 20:42:19 UTC
StatusLoading report..
urlquery Alerts Phishing - DHL


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish
Scan Date Severity Indicator Comment
2022-09-28 2 hanasasansor.com/test/:/dir/ DHL Airways, Inc.
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-28 2 hanasasansor.com/test/:/dir/ Phishing
2022-09-28 2 hanasasansor.com/test/:/dir/173be1ff4139348d1da2de576203f6cf/execution.html (...) Phishing
2022-09-28 2 hanasasansor.com/test/:/dir/dist/js.cookie.js Phishing
2022-09-28 2 hanasasansor.com/test/:/dir/dist/jquery-lang.js Phishing
2022-09-28 2 hanasasansor.com/test/:/dir/dist/load.php Phishing
2022-09-28 2 hanasasansor.com/test/:/dir/dist/DHL_head.html Phishing
2022-09-28 2 hanasasansor.com/test/:/dir/dist/DHL_footer.html Phishing
2022-09-28 2 hanasasansor.com/test/:/dir/dist/fonts/default-274a65bae9742377aaf010bb1a7d (...) Phishing
2022-09-28 2 hanasasansor.com/test/:/dir/dist/fonts/iconfont-e7bece496cd0e6d60e456bc2b48 (...) Phishing
2022-09-28 2 hanasasansor.com/test/:/dir/dist/fonts/default-815fcbb4d2c57901701125d768f0 (...) Phishing
2022-09-28 2 hanasasansor.com/test/:/dir/dist/fonts/default-3e828e80f6e985c352eba4474518 (...) Phishing
2022-09-28 2 hanasasansor.com/test/:/dir/dist/DHL_track.html Phishing
2022-09-28 2 hanasasansor.com/test/:/dir/dist/jquery.validate.min.js Phishing
2022-09-28 2 hanasasansor.com/test/:/dir/dist/fonts/default-5a6dd86f272b304a8b83f7df61f1 (...) Phishing
2022-09-28 2 hanasasansor.com/test/:/dir/dist/langpack/en.json Phishing
2022-09-28 2 hanasasansor.com/test/:/dir/dist/langpack/en.json Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (14)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-28 16:15:39 UTC 93.184.220.29
mnemonic passive DNS ipinfo.io (4) 8136 2015-02-06 06:58:53 UTC 2022-09-28 10:12:53 UTC 34.117.59.81
mnemonic passive DNS ajax.googleapis.com (1) 12905 2013-08-16 09:51:31 UTC 2022-09-28 16:18:43 UTC 142.250.74.42
mnemonic passive DNS code.jquery.com (1) 634 2012-05-21 17:28:02 UTC 2022-09-28 04:38:15 UTC 69.16.175.10
mnemonic passive DNS ocsp.globalsign.com (1) 2075 2012-05-25 06:20:55 UTC 2022-09-28 04:39:17 UTC 104.18.20.226
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-28 17:26:30 UTC 2022-09-28 12:06:36 UTC 143.204.55.36
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-28 04:36:06 UTC 34.117.237.239
mnemonic passive DNS hanasasansor.com (19) 0 2017-12-26 01:11:22 UTC 2022-09-28 20:23:45 UTC 94.102.7.219 Unknown ranking
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-28 05:02:28 UTC 52.40.161.235
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-28 05:13:47 UTC 143.204.55.49
mnemonic passive DNS ocsp.pki.goog (2) 175 2017-06-14 07:23:31 UTC 2022-09-28 04:36:20 UTC 142.250.74.3
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-28 08:06:38 UTC 34.120.237.76
mnemonic passive DNS r3.o.lencr.org (4) 344 2020-12-02 08:52:13 UTC 2022-09-28 04:36:09 UTC 23.36.76.226
mnemonic passive DNS cdn.jsdelivr.net (2) 439 2012-09-30 00:15:09 UTC 2022-09-28 04:37:53 UTC 151.101.85.229


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 94.102.7.219

Date UQ / IDS / BL URL IP
2022-10-06 22:23:59 +0000
6 - 0 - 16 hanasasansor.com/test/:/dir/d4e96698b7200f2f0 (...) 94.102.7.219
2022-10-06 22:16:21 +0000
6 - 0 - 16 hanasasansor.com/test/:/dir/817b16420b5593a45 (...) 94.102.7.219
2022-10-06 05:00:34 +0000
8 - 0 - 17 hanasasansor.com/test/:/dir/817b16420b5593a45 (...) 94.102.7.219
2022-10-05 16:42:53 +0000
6 - 0 - 17 hanasasansor.com/test/:/dir/202202.php 94.102.7.219
2022-09-28 20:42:19 +0000
6 - 0 - 17 hanasasansor.com/test/:/dir/ 94.102.7.219

Last 5 reports on ASN: Netinternet Bilisim Teknolojileri AS

Date UQ / IDS / BL URL IP
2022-12-06 00:26:29 +0000
0 - 0 - 2 maadcap.com/track/su73052SaWbm7780245Eakt2009 (...) 185.174.29.222
2022-12-05 15:50:39 +0000
0 - 0 - 3 pancakeswapt.com/ 95.173.190.220
2022-12-05 15:34:22 +0000
0 - 0 - 3 pancakesawpes.com/ 95.173.190.220
2022-12-05 13:39:58 +0000
0 - 0 - 3 pancakesawpes.com/ 95.173.190.220
2022-12-02 17:38:15 +0000
0 - 0 - 2 nazilli.murategitim.com/app-nickel/CLIqWDoKsR (...) 89.43.67.170

Last 5 reports on domain: hanasasansor.com

Date UQ / IDS / BL URL IP
2022-10-06 22:23:59 +0000
6 - 0 - 16 hanasasansor.com/test/:/dir/d4e96698b7200f2f0 (...) 94.102.7.219
2022-10-06 22:16:21 +0000
6 - 0 - 16 hanasasansor.com/test/:/dir/817b16420b5593a45 (...) 94.102.7.219
2022-10-06 05:00:34 +0000
8 - 0 - 17 hanasasansor.com/test/:/dir/817b16420b5593a45 (...) 94.102.7.219
2022-10-05 16:42:53 +0000
6 - 0 - 17 hanasasansor.com/test/:/dir/202202.php 94.102.7.219
2022-09-28 20:42:19 +0000
6 - 0 - 17 hanasasansor.com/test/:/dir/ 94.102.7.219

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-12-04 23:29:52 +0000
9 - 0 - 16 aliatici.av.tr/tmp/_/track/c25c6449efa32a1e64 (...) 31.169.67.50
2022-12-04 18:36:12 +0000
9 - 0 - 16 aliatici.av.tr/tmp/_/track/c25c6449efa32a1e64 (...) 31.169.67.50
2022-12-04 17:10:46 +0000
9 - 0 - 16 aliatici.av.tr/tmp/_/track/c25c6449efa32a1e64 (...) 31.169.67.50
2022-12-04 15:35:55 +0000
9 - 0 - 16 aliatici.av.tr/tmp/_/track/c25c6449efa32a1e64 (...) 31.169.67.50
2022-12-04 14:24:08 +0000
9 - 0 - 16 aliatici.av.tr/tmp/_/track/c25c6449efa32a1e64 (...) 31.169.67.50


JavaScript

Executed Scripts (15)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (46)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "9FE6BEB1CB3851018168765A243B6DE69EC71D30770F8C2DCC57CAE7D9978CC1"
Last-Modified: Wed, 28 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3851
Expires: Wed, 28 Sep 2022 21:46:19 GMT
Date: Wed, 28 Sep 2022 20:42:08 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 28 Sep 2022 20:15:39 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: fEObjWC0ALzufvbF6jpQPf0dcgguAldjYPSBoF1whF21v-tqA4eYXQ==
Age: 1589


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.49
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 28 Sep 2022 09:24:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ZfAfdmjRnjLwjpg2VRk3phpJgF0tcTmPHxY8DjN32vwj5SUyRy1YhQ==
age: 54822
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 28 Sep 2022 20:42:08 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 28 Sep 2022 20:29:34 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Wed, 28 Sep 2022 21:10:59 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: uCWTdvR3-2q0joz9rNkS9K3Jjzg9mhlEU0NAe-svo6y_fjWWOeQQ5A==
Age: 755


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4443
Cache-Control: 'max-age=158059'
Date: Wed, 28 Sep 2022 20:42:09 GMT
Last-Modified: Wed, 28 Sep 2022 19:28:06 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /test/:/dir/ HTTP/1.1 
Host: hanasasansor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         94.102.7.219
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Wed, 28 Sep 2022 20:42:06 GMT
Server: Apache
X-Powered-By: PHP/7.3.25, PleskLin
Content-Length: 569
Connection: close


--- Additional Info ---
Magic:  HTML document, ASCII text, with CRLF line terminators
Size:   569
Md5:    6205f07e3eb8ea8f7da25eaeebabe619
Sha1:   6f7323230d886cf837f79b87aa6015272e037118
Sha256: d9bdf00078ed946fc4b6b46eb2c9a9a84fc97eacee9cbb19b8b31ba621b29edb

Alerts:
  Blocklists:
    - openphish: DHL Airways, Inc.
    - fortinet: Phishing
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: jVRzBmILvZ/OfjN7bMtE8g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         52.40.161.235
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: dhiBo9dMbbH7GYFqMfiAs/Ozue4=

                                        
                                            GET /country HTTP/1.1 
Host: ipinfo.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://hanasasansor.com/
Origin: http://hanasasansor.com
Connection: keep-alive

                                         
                                         34.117.59.81
HTTP/1.1 302 Found
content-type: text/plain; charset=utf-8
                                        
access-control-allow-origin: *
location: https://ipinfo.io/country
vary: Accept, Accept-Encoding
date: Wed, 28 Sep 2022 20:42:09 GMT
x-envoy-upstream-service-time: 1
strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: gzip
transfer-encoding: chunked
Via: 1.1 google


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   72
Md5:    b79f12127b13f3298b65130f55033eea
Sha1:   0c5df3d4734c5d754f78df4dd08f329ce38ab901
Sha256: 76d7f55bf215f2132f41391f47b4efd048f7c3b61db2b650e2a0a9b4a02d79f0
                                        
                                            POST /s/gts1d4/5QlTZKzjgCw HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 20:42:09 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /country HTTP/1.1 
Host: ipinfo.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: http://hanasasansor.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.59.81
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-length: 3
date: Wed, 28 Sep 2022 20:42:10 GMT
x-envoy-upstream-service-time: 2
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   3
Md5:    19541a2746e08a6b8f5145bdbaa23e45
Sha1:   00b970928589b6bdb02743a4bb8400e429e26abe
Sha256: cfe72034a9f298fb79a6c1f2302673bb449c826d446b3efafdde95e6c48dc3ca
                                        
                                            POST /s/gts1d4/5QlTZKzjgCw HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 20:42:10 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /favicon.ico HTTP/1.1 
Host: hanasasansor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hanasasansor.com/test/:/dir/

                                         
                                         94.102.7.219
HTTP/1.1 200 OK
Content-Type: image/vnd.microsoft.icon
                                        
Date: Wed, 28 Sep 2022 20:42:08 GMT
Server: Apache
Last-Modified: Tue, 15 Jun 2021 06:43:36 GMT
ETag: "42e6b-1bfc3-5c4c84b2570db"
Accept-Ranges: bytes
Content-Length: 114627
X-Powered-By: PleskLin
Connection: close


--- Additional Info ---
Magic:  MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel\012- data
Size:   51846
Md5:    a38f16e5f42fa5fe5503a4e3238fa87b
Sha1:   bcf0850b81a9f9c50cc8fc34d2461daa3f81e8aa
Sha256: 740699eb8a41ad98a19c3bc868652c3968e7fced95a8b9b5bd9e2a0026b695c7
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12828
Expires: Thu, 29 Sep 2022 00:15:58 GMT
Date: Wed, 28 Sep 2022 20:42:10 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12828
Expires: Thu, 29 Sep 2022 00:15:58 GMT
Date: Wed, 28 Sep 2022 20:42:10 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "6449BF062DBB79683071F367CA142C175EF304485CB4D3711FEB4763146E4FA7"
Last-Modified: Wed, 28 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12828
Expires: Thu, 29 Sep 2022 00:15:58 GMT
Date: Wed, 28 Sep 2022 20:42:10 GMT
Connection: keep-alive

                                        
                                            GET /test/:/dir/173be1ff4139348d1da2de576203f6cf/execution.html?validation=e1s1 HTTP/1.1 
Host: hanasasansor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://hanasasansor.com/test/:/dir/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         94.102.7.219
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Wed, 28 Sep 2022 20:42:08 GMT
Server: Apache
Last-Modified: Wed, 28 Sep 2022 20:42:08 GMT
ETag: W/"48c3a-1f52-5e9c2cb63c834"
Accept-Ranges: bytes
Content-Length: 8018
X-Powered-By: PleskLin
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   8018
Md5:    e9bb5045993f47e94abe95ed8a6dd09c
Sha1:   cf36b8ecf43c58664fbb5b3c079eccab4296e487
Sha256: b47449d7c5ea58ab75f5244df83e8344efd70f2a7f40d49b7eb91ebd093edbca

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8ffa6dde-b51e-43f8-bfcb-3f442d674928.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8500
x-amzn-requestid: af82c8d6-950c-4933-87e3-7bbb15cb1ac8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e3HOaoAMFoPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5e-77e0ecc522de575e40f429b3;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: rD5LsVDLQkaomG1nCGZGihbdlWKMCjUYNC2kRyAjJesJEOEBSj8Q3A==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:47:03 GMT
age: 82507
etag: "9c4692ea64832895fbd107d91f879728b6a440c7"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8500
Md5:    6139c878a7d2bd32c61fc8287996eb5b
Sha1:   9c4692ea64832895fbd107d91f879728b6a440c7
Sha256: 3839df92f0a10c1433d5b576df50c9f7953912ae4f425012262f08ee8a59ce2e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0369629e-f44d-439f-a279-b5ae6ecc0cf1.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 14464
x-amzn-requestid: 6627e07e-034b-432e-ab9e-afe035fa0b9a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e9HgIoAMFxUA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5f-7f34c3f6454379724a7ac413;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: J27vcANRhkMUuGwTZjXkO0EF0-UjN-MODVQRKgsc7hJI2S-UPF8Ctw==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:40:53 GMT
age: 82877
etag: "bc214d60be395d4cf753216ff8f9691c33d25e75"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   14464
Md5:    aa5cad224dbddd71881bd07255beb4da
Sha1:   bc214d60be395d4cf753216ff8f9691c33d25e75
Sha256: 82935e52aa59929a448d17a5a2d58fda86bb5c25bf6628a05bd904f82517dada
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad593ee0-d404-46e3-b129-229e09b263b0.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12016
x-amzn-requestid: ec1b3715-5d0f-4045-aa5b-b70a55c81d72
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3e3EtyIAMFdZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c5e-201dd1ef1426a09965c68dab;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:34:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: y3DefdcXJyoDHpJXwz460gfWcv2JUboOFExNQmTFgy30B4mn54Xvuw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:44:30 GMT
age: 82660
etag: "a54803cca7d3c509c195f65961e1110c8ec56f55"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12016
Md5:    4b794c6812cb546de0295e087ebe66a7
Sha1:   a54803cca7d3c509c195f65961e1110c8ec56f55
Sha256: 6a207f75eb3951f3dea5252bc8d185cd604d3d657f15b838774e8087e91f37f5
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79631135-a10c-43bf-85d2-fa2236b96883.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13213
x-amzn-requestid: fe9ec409-2757-4910-8443-5b4d3be7efd3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFlATEp8oAMFd9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321b9b-3230e97a4fe34413285eb578;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:37:31 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: rV80hKsopWPf_A8hKw0kwTOjVN4Bq-5f8oXDP2wluyGwof5yXFe2Bw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:42:47 GMT
age: 82763
etag: "3d4fa8701f17e8818c25584ef5f04bfbee8440cd"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13213
Md5:    62e68c3cd08dd94d910507512a67e85f
Sha1:   3d4fa8701f17e8818c25584ef5f04bfbee8440cd
Sha256: 058d798963f83f5fb88ab728185f755c5353fa981d93e1b6ff869089f501586b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9a3b058-92c9-490e-9cbb-736f7e46510d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7455
x-amzn-requestid: e99c9f33-b72a-4070-80cf-06fb4a87d1df
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZG4S6EcAoAMFX1A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6332a0df-04122b4a345dbc3f3918af98;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 07:06:07 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Di1kDUlYEc1rv31fHM-OquU_W_LggEzDCTVME5iFJ5KffZcQyN6i2A==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Wed, 28 Sep 2022 07:31:39 GMT
age: 47431
etag: "b383135e2ebc23fe80eb0d594b198cb8c89327a5"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7455
Md5:    ea3890e460356d6ecc3ba4e405ac2e9e
Sha1:   b383135e2ebc23fe80eb0d594b198cb8c89327a5
Sha256: 8fcff053ce6e5750136bf876bad5b2916935f13ea039912d977928b086f0a48b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F693de74c-173e-4d9b-8317-35601f30ffd7.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13299
x-amzn-requestid: 926df8b6-beec-470d-b0b3-33be326cd379
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZI3UPF8YIAMF3Nw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63336c1a-343e91e735af43d01fc83ddd;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 21:33:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: KmVkKXoPqZmnwFtpKhuox1kJNDoSxMEmYE39_zVPyaeoU4sPqq-_wA==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 21:44:23 GMT
age: 82667
etag: "651600f2ef18cecc2e38370069bbb5e1d86f68e0"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13299
Md5:    ad84ed0c5b2090df7996007514cf1984
Sha1:   651600f2ef18cecc2e38370069bbb5e1d86f68e0
Sha256: a3d0729e1d43afeadd2dd8273c858b8839d9e476f773c8ec9d96b5969a9e0b4a
                                        
                                            GET /ajax/libs/jquery/1.10.2/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hanasasansor.com/

                                         
                                         142.250.74.42
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 32954
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 28 Sep 2022 06:14:25 GMT
Expires: Thu, 28 Sep 2023 06:14:25 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Age: 52065


--- Additional Info ---
Magic:  ASCII text, with very long lines (32072)
Size:   32954
Md5:    d38e2944bbc9ae54b8947a2bd0b9a932
Sha1:   782a825679b248d38979c2d7ecae257873344437
Sha256: 65a0917567cb7037612cf420629873f2f3594d2e741aaadf90d893d07d8f5fdd
                                        
                                            GET /jquery-3.5.1.min.js HTTP/1.1 
Host: code.jquery.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://hanasasansor.com
Connection: keep-alive
Referer: http://hanasasansor.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         69.16.175.10
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Wed, 28 Sep 2022 20:42:10 GMT
content-encoding: gzip
content-length: 30879
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-15d84"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1664397730.dop205.sk1.t,1664397730.cds246.sk1.hn,1664397730.cds208.sk1.c
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   30879
Md5:    3700d0b271343804b9b9aa1c13efa521
Sha1:   3d6b03dbd74872ca3dfbb0529f6c80943788f918
Sha256: fda7541f8e4cf921d20bcd0dc1d0efe69644c79bd18a0be4ce2f34246c83603e
                                        
                                            GET /test/:/dir/dist/js.cookie.js HTTP/1.1 
Host: hanasasansor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hanasasansor.com/test/:/dir/173be1ff4139348d1da2de576203f6cf/execution.html?validation=e1s1

                                         
                                         94.102.7.219
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Wed, 28 Sep 2022 20:42:09 GMT
Server: Apache
Last-Modified: Sun, 25 Sep 2022 00:00:41 GMT
ETag: "48aec-d60-5e9751a18e14c"
Accept-Ranges: bytes
Content-Length: 3424
X-Powered-By: PleskLin
Connection: close


--- Additional Info ---
Magic:  ASCII text
Size:   3424
Md5:    19d988c6d1e7cd9d601639a616dc769b
Sha1:   2cf3f170a083a3e4538a6f55b1064eaf737f6180
Sha256: 9df6e8c4bc8ea670d2f4da40a35a41772cc8857aca288a77acfa891cf1a54c36

Alerts:
  urlquery:
    - Phishing - DHL
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /test/:/dir/dist/jquery-lang.js HTTP/1.1 
Host: hanasasansor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hanasasansor.com/test/:/dir/173be1ff4139348d1da2de576203f6cf/execution.html?validation=e1s1

                                         
                                         94.102.7.219
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Wed, 28 Sep 2022 20:42:09 GMT
Server: Apache
Last-Modified: Sun, 25 Sep 2022 00:00:41 GMT
ETag: "48ae7-6c2d-5e9751a18d594"
Accept-Ranges: bytes
Content-Length: 27693
X-Powered-By: PleskLin
Connection: close


--- Additional Info ---
Magic:  ASCII text
Size:   27693
Md5:    1062fb1e2ffb1b8b6c596da423b9aef6
Sha1:   e0f54f2cdfce6d3861506744d6c52fbc23f612e9
Sha256: 67829a15eafd08a53376a78dc3574724e4bf87455bdc7b52c9b01828df272ca2

Alerts:
  urlquery:
    - Phishing - DHL
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /test/:/dir/dist/dhl.css HTTP/1.1 
Host: hanasasansor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hanasasansor.com/test/:/dir/173be1ff4139348d1da2de576203f6cf/execution.html?validation=e1s1

                                         
                                         94.102.7.219
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Wed, 28 Sep 2022 20:42:09 GMT
Server: Apache
Last-Modified: Sun, 25 Sep 2022 00:00:41 GMT
ETag: "48ad6-15b189-5e9751a187fa4"
Accept-Ranges: bytes
Content-Length: 1421705
X-Powered-By: PleskLin
Connection: close


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (1148), with CRLF line terminators
Size:   1421705
Md5:    edc1d740fd431bde301167129b27c429
Sha1:   8bc3af8787353af01e3c435588cb0a3fb4484ee6
Sha256: 6b452c628f8e71255d2f8fdbabe178594bf915b2ff15ada033e94f13a8e7b6a5
                                        
                                            GET /test/:/dir/dist/load.php HTTP/1.1 
Host: hanasasansor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://hanasasansor.com/test/:/dir/173be1ff4139348d1da2de576203f6cf/execution.html?validation=e1s1

                                         
                                         94.102.7.219
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Wed, 28 Sep 2022 20:42:10 GMT
Server: Apache
X-Powered-By: PHP/7.3.25, PleskLin
Connection: close
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document, ASCII text, with CRLF line terminators
Size:   4846
Md5:    a2fb3bf316cedcf86157ba3b718e34aa
Sha1:   dba222a89ce89e2f6e4548ab53de2a548b970983
Sha256: b332366c284ca97fc1e69f7b66810942e1623373de507ab574405a86a3079d97

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /test/:/dir/dist/favicon.ico HTTP/1.1 
Host: hanasasansor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hanasasansor.com/test/:/dir/173be1ff4139348d1da2de576203f6cf/execution.html?validation=e1s1

                                         
                                         94.102.7.219
HTTP/1.1 200 OK
Content-Type: image/vnd.microsoft.icon
                                        
Date: Wed, 28 Sep 2022 20:42:10 GMT
Server: Apache
Last-Modified: Sun, 25 Sep 2022 00:00:41 GMT
ETag: "48add-47e-5e9751a188b5c"
Accept-Ranges: bytes
Content-Length: 1150
X-Powered-By: PleskLin
Connection: close


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size:   1150
Md5:    d8106bf3a1d00ab43b01e6e3c92500eb
Sha1:   202b5e8654ab1b28351378293bca3b9d844cc29b
Sha256: 9ada5709e264c31b04a05bd85448a9bd5e91925e8d83df5cef0762ec97cc283e
                                        
                                            GET /test/:/dir/dist/DHL_head.html HTTP/1.1 
Host: hanasasansor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://hanasasansor.com/test/:/dir/173be1ff4139348d1da2de576203f6cf/execution.html?validation=e1s1

                                         
                                         94.102.7.219
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Wed, 28 Sep 2022 20:42:10 GMT
Server: Apache
Last-Modified: Sun, 25 Sep 2022 00:00:41 GMT
ETag: "48ad8-2d05-5e9751a18838c"
Accept-Ranges: bytes
Content-Length: 11525
X-Powered-By: PleskLin
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (1836)
Size:   11525
Md5:    c8525e0f6ae698c64fc8b1796d666c9f
Sha1:   83bad258f74533fc8cfdfbec774d8fd4066638d9
Sha256: 875a6adcb7b15d7f9b5f27e157ad7d7b3733dbf8879e28cc3d7066dff64eb30b

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /test/:/dir/dist/DHL_footer.html HTTP/1.1 
Host: hanasasansor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://hanasasansor.com/test/:/dir/173be1ff4139348d1da2de576203f6cf/execution.html?validation=e1s1

                                         
                                         94.102.7.219
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Wed, 28 Sep 2022 20:42:10 GMT
Server: Apache
Last-Modified: Sun, 25 Sep 2022 00:00:41 GMT
ETag: "48ad7-3c69-5e9751a18838c"
Accept-Ranges: bytes
Content-Length: 15465
X-Powered-By: PleskLin
Connection: close


--- Additional Info ---
Magic:  exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (2591)
Size:   15465
Md5:    80c931b5fcfe1c4b48205c363fc519fe
Sha1:   59b38bfd2f8fcf8d3c27878161ade7381d1c3215
Sha256: 29dba8134751ae7ad77faf1612255270f0544f264734829d2ab167a72936e3cb

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /test/:/dir/dist/fonts/default-274a65bae9742377aaf010bb1a7de971.woff HTTP/1.1 
Host: hanasasansor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://hanasasansor.com/test/:/dir/dist/dhl.css

                                         
                                         94.102.7.219
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Date: Wed, 28 Sep 2022 20:42:10 GMT
Server: Apache
Last-Modified: Sun, 25 Sep 2022 00:00:41 GMT
ETag: "48ae0-a07c-5e9751a18ae84"
Accept-Ranges: bytes
Content-Length: 41084
X-Powered-By: PleskLin
Connection: close


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 41084, version 1.66\012- data
Size:   41084
Md5:    03f859bf58e4d37841070de34be7d978
Sha1:   3436d4fa17e7ee470c3d62b08787cfa7de408408
Sha256: 5af5c3746b03792640b9cafdabddfb2c5407f72988e128541a88fa439607d940

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /test/:/dir/dist/fonts/iconfont-e7bece496cd0e6d60e456bc2b48c9446.woff HTTP/1.1 
Host: hanasasansor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://hanasasansor.com/test/:/dir/dist/dhl.css

                                         
                                         94.102.7.219
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Date: Wed, 28 Sep 2022 20:42:10 GMT
Server: Apache
Last-Modified: Sun, 25 Sep 2022 00:00:41 GMT
ETag: "48ae4-2464-5e9751a18ba3c"
Accept-Ranges: bytes
Content-Length: 9316
X-Powered-By: PleskLin
Connection: close


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 9316, version 1.0\012- data
Size:   9316
Md5:    9355df62a665ef9249036bbccad8c54c
Sha1:   6b7779a10187a1a7473f604fbe3db96350868c6a
Sha256: 6d051536af97fbd33fae0683a1b6ce3749757ab43c8ee8c89295755fd4595807

Alerts:
  urlquery:
    - Phishing - DHL
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /country HTTP/1.1 
Host: ipinfo.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://hanasasansor.com/
Origin: http://hanasasansor.com
Connection: keep-alive

                                         
                                         34.117.59.81
HTTP/1.1 302 Found
content-type: text/plain; charset=utf-8
                                        
access-control-allow-origin: *
location: https://ipinfo.io/country
vary: Accept, Accept-Encoding
date: Wed, 28 Sep 2022 20:42:12 GMT
x-envoy-upstream-service-time: 1
strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: gzip
transfer-encoding: chunked
Via: 1.1 google


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   72
Md5:    b79f12127b13f3298b65130f55033eea
Sha1:   0c5df3d4734c5d754f78df4dd08f329ce38ab901
Sha256: 76d7f55bf215f2132f41391f47b4efd048f7c3b61db2b650e2a0a9b4a02d79f0
                                        
                                            GET /test/:/dir/dist/fonts/default-815fcbb4d2c57901701125d768f09d67.woff HTTP/1.1 
Host: hanasasansor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://hanasasansor.com/test/:/dir/dist/dhl.css

                                         
                                         94.102.7.219
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Date: Wed, 28 Sep 2022 20:42:10 GMT
Server: Apache
Last-Modified: Sun, 25 Sep 2022 00:00:41 GMT
ETag: "48ae3-a170-5e9751a18b654"
Accept-Ranges: bytes
Content-Length: 41328
X-Powered-By: PleskLin
Connection: close


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 41328, version 1.66\012- data
Size:   41328
Md5:    e39bd2e2657ce5dd6f9c33df18529233
Sha1:   6db81ebb91bfa67cef8f2f870f03046150568799
Sha256: 19d0bda83ecbc986620468801adf000c77c3c38398650903c63fac8dcbac4383

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /country HTTP/1.1 
Host: ipinfo.io
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: http://hanasasansor.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.117.59.81
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-length: 3
date: Wed, 28 Sep 2022 20:42:12 GMT
x-envoy-upstream-service-time: 2
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   3
Md5:    19541a2746e08a6b8f5145bdbaa23e45
Sha1:   00b970928589b6bdb02743a4bb8400e429e26abe
Sha256: cfe72034a9f298fb79a6c1f2302673bb449c826d446b3efafdde95e6c48dc3ca
                                        
                                            GET /test/:/dir/dist/fonts/default-3e828e80f6e985c352eba4474518978d.woff HTTP/1.1 
Host: hanasasansor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://hanasasansor.com/test/:/dir/dist/dhl.css

                                         
                                         94.102.7.219
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Date: Wed, 28 Sep 2022 20:42:10 GMT
Server: Apache
Last-Modified: Sun, 25 Sep 2022 00:00:41 GMT
ETag: "48ae1-ace4-5e9751a18b26c"
Accept-Ranges: bytes
Content-Length: 44260
X-Powered-By: PleskLin
Connection: close


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 44260, version 1.66\012- data
Size:   44260
Md5:    4a350e02a03ac62e72e9ea575b31ce84
Sha1:   d47b03b96b6e7034a1473a293bb594e597a41dc2
Sha256: 87c40e3961e21f759770615ae67568a3de3ec6e0735f1238a6aae062f4ea15d5

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /test/:/dir/dist/DHL_track.html HTTP/1.1 
Host: hanasasansor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://hanasasansor.com/test/:/dir/173be1ff4139348d1da2de576203f6cf/execution.html?validation=e1s1

                                         
                                         94.102.7.219
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Wed, 28 Sep 2022 20:42:12 GMT
Server: Apache
Last-Modified: Sun, 25 Sep 2022 00:00:41 GMT
ETag: "48adc-196f-5e9751a188774"
Accept-Ranges: bytes
Content-Length: 6511
X-Powered-By: PleskLin
Connection: close


--- Additional Info ---
Magic:  HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (356)
Size:   6511
Md5:    b92995056746bd4a38dcc9efb8b5104a
Sha1:   a4f80401d2375fde013afad5409f6aedeb655af2
Sha256: d252b700aed5e55bb771d5aefba0f52a419916b1236f56e36d1af2185bd890ec

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /test/:/dir/dist/jquery.validate.min.js HTTP/1.1 
Host: hanasasansor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://hanasasansor.com/test/:/dir/173be1ff4139348d1da2de576203f6cf/execution.html?validation=e1s1

                                         
                                         94.102.7.219
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Wed, 28 Sep 2022 20:42:12 GMT
Server: Apache
Last-Modified: Sun, 25 Sep 2022 00:00:41 GMT
ETag: "48aeb-5f38-5e9751a18e14c"
Accept-Ranges: bytes
Content-Length: 24376
X-Powered-By: PleskLin
Connection: close


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (24237)
Size:   24376
Md5:    8a25965d822705f957a243443d219787
Sha1:   0da4c535b50bdb4dffa3b5fae3e999aeee137cb5
Sha256: b0f074179d185032b4a2d0e7b1f3476b0626039334a638d47f84ef44990616b2

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /npm/popper.js@1.16.1/dist/umd/popper.min.js HTTP/1.1 
Host: cdn.jsdelivr.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hanasasansor.com/

                                         
                                         151.101.85.229
HTTP/1.1 301 Moved Permanently
                                        
Server: Varnish
Retry-After: 0
Location: https://cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js
Content-Length: 0
Accept-Ranges: bytes
Date: Wed, 28 Sep 2022 20:42:14 GMT
Connection: close
X-Served-By: cache-bma1656-BMA
X-Cache: HIT

                                        
                                            GET /npm/popper.js@1.16.1/dist/umd/popper.min.js HTTP/1.1 
Host: cdn.jsdelivr.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://hanasasansor.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.85.229
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 1.16.1
x-jsd-version-type: version
etag: W/"52f1-MTeJyg4xtlR4TbuosPg/Nk+Gg7Q"
content-encoding: gzip
accept-ranges: bytes
date: Wed, 28 Sep 2022 20:42:14 GMT
age: 10687940
x-served-by: cache-fra19126-FRA, cache-bma1663-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 7503
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (21060)
Size:   7503
Md5:    1f61c1b15b25ba046056238766ff3a43
Sha1:   2b8db740e4e913e9dc87a6060dea2a6b17ad0ec8
Sha256: fe78a2c604b4757dd5d114e0efb7e74c8f4acfe840bf6b6c01517205744a7648
                                        
                                            GET /test/:/dir/dist/fonts/default-5a6dd86f272b304a8b83f7df61f11c2f.woff HTTP/1.1 
Host: hanasasansor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://hanasasansor.com/test/:/dir/dist/dhl.css

                                         
                                         94.102.7.219
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Date: Wed, 28 Sep 2022 20:42:12 GMT
Server: Apache
Last-Modified: Sun, 25 Sep 2022 00:00:41 GMT
ETag: "48ae2-a188-5e9751a18b654"
Accept-Ranges: bytes
Content-Length: 41352
X-Powered-By: PleskLin
Connection: close


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 41352, version 1.66\012- data
Size:   41352
Md5:    4e23ecf085132857bdb54b4da7373151
Sha1:   a50215c22a591536b21e509100d1707c6886ffd6
Sha256: b033eff45e6e8ecd5c5bccd8ef9a96c4dc37325adc64c5aed8b1d909b24c4eb4

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 28 Sep 2022 20:42:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "D3B63C95CA4D03BF5602611F1A67336D32CF0E9C"
Expires: Thu, 29 Sep 2022 07:00:00 GMT
Last-Modified: Wed, 28 Sep 2022 19:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 3476
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 751f4dee5c440afa-OSL


--- Additional Info ---
Magic:  data
Size:   1462
Md5:    9a5f40134eef38301c9ec6c42e3e9f88
Sha1:   233d49b11a88c322a50988ed95844fc7b6250e04
Sha256: 5d82f5c50b017aa273529ea0eb55348e5a11a7705cebda6d8e4935eb306d13a5
                                        
                                            GET /test/:/dir/dist/langpack/en.json HTTP/1.1 
Host: hanasasansor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://hanasasansor.com/test/:/dir/173be1ff4139348d1da2de576203f6cf/execution.html?validation=e1s1

                                         
                                         94.102.7.219
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Date: Wed, 28 Sep 2022 20:42:12 GMT
Server: Apache
Last-Modified: Sun, 25 Sep 2022 00:00:41 GMT
ETag: "48af0-202-5e9751a19085c"
Accept-Ranges: bytes
Content-Length: 514
X-Powered-By: PleskLin
Connection: close


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   514
Md5:    e5111c3d242107acc93f71f9c9182079
Sha1:   c648da6b0a6c4f9b89dbee1027cf9a7be36217ca
Sha256: 86f9abd216bc64ead1404975e2b6132aebc42ebd106e5be0f660b7e5852051a3

Alerts:
  urlquery:
    - Phishing - DHL
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /test/:/dir/dist/langpack/en.json HTTP/1.1 
Host: hanasasansor.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://hanasasansor.com/test/:/dir/173be1ff4139348d1da2de576203f6cf/execution.html?validation=e1s1

                                         
                                         94.102.7.219
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Date: Wed, 28 Sep 2022 20:42:12 GMT
Server: Apache
Last-Modified: Sun, 25 Sep 2022 00:00:41 GMT
ETag: "48af0-202-5e9751a19085c"
Accept-Ranges: bytes
Content-Length: 514
X-Powered-By: PleskLin
Connection: close


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   514
Md5:    e5111c3d242107acc93f71f9c9182079
Sha1:   c648da6b0a6c4f9b89dbee1027cf9a7be36217ca
Sha256: 86f9abd216bc64ead1404975e2b6132aebc42ebd106e5be0f660b7e5852051a3

Alerts:
  urlquery:
    - Phishing - DHL
  Blocklists:
    - fortinet: Phishing