Overview

URL ftp.info-nexi-key.myddns.com/
IP45.125.66.70
ASNTele Asia Limited
Location Lithuania
Report completed2022-09-01 22:13:01 UTC
StatusLoading report..
urlquery Alerts DynDNS domain detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
mnemonic secure dns  No alerts detected
Quad9 DNS
Scan Date Severity Indicator Comment
2022-09-01 2 ns1.name Sinkholed
2022-09-01 2 ns1.name Sinkholed
2022-09-01 2 ns1.name Sinkholed


Files

No files detected



Passive DNS (11)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-01 05:02:40 UTC 35.80.175.197
mnemonic passive DNS img-getpocket.cdn.mozilla.net (7) 1631 2017-09-01 03:40:57 UTC 2022-09-01 15:19:00 UTC 34.120.237.76
mnemonic passive DNS r3.o.lencr.org (9) 344 2020-12-02 08:52:13 UTC 2022-09-01 04:47:54 UTC 23.36.77.32
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-01 04:48:38 UTC 34.117.237.239
mnemonic passive DNS www.app-utente.ddns.ms (34) 0 2022-09-01 16:49:42 UTC 2022-09-01 19:15:35 UTC 45.125.66.70 Domain (ddns.ms) ranked at: 807725
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-01 14:38:39 UTC 93.184.220.29
mnemonic passive DNS i.imgur.com (1) 5110 2012-05-21 08:09:36 UTC 2022-09-01 05:13:04 UTC 151.101.84.193
mnemonic passive DNS panelumeu.ns1.name (3) 0 2022-08-22 12:19:23 UTC 2022-09-01 10:48:47 UTC 45.125.66.95 Unknown ranking
mnemonic passive DNS ftp.info-nexi-key.myddns.com (1) 0 2022-08-30 10:18:42 UTC 2022-09-01 15:58:14 UTC 45.125.66.70 Domain (myddns.com) ranked at: 396550
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-01 13:57:28 UTC 143.204.55.27
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-01 04:51:03 UTC 143.204.55.25


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 45.125.66.70

Date UQ / IDS / BL URL IP
2022-09-02 20:06:42 +0000
39 - 0 - 56 nexipaymobilekey.dns04.com/ 45.125.66.70
2022-09-02 18:54:27 +0000
39 - 0 - 61 info-pay-nexi-key.port25.biz/ 45.125.66.70
2022-09-02 08:44:55 +0000
2 - 0 - 1 ftp.info-pay-nexi-key.port25.biz/ 45.125.66.70
2022-09-02 08:36:31 +0000
2 - 0 - 0 app-utente.ddns.ms/ 45.125.66.70
2022-09-02 04:48:39 +0000
2 - 0 - 0 ftp.info-nexi-key.myddns.com/ 45.125.66.70

Last 5 reports on ASN: Tele Asia Limited

Date UQ / IDS / BL URL IP
2022-11-04 13:11:22 +0000
4 - 0 - 0 area-personale.is-gone.com/persone-e-famiglie/ 45.125.66.85
2022-11-01 04:17:42 +0000
4 - 0 - 1 titulare.likescandy.com/persone-e-famiglie/ 45.125.66.85
2022-10-27 10:45:33 +0000
0 - 0 - 0 45.123.188.178 45.123.188.178
2022-10-20 19:32:54 +0000
0 - 0 - 1 mahjongline.com/ 45.125.65.66
2022-09-24 08:49:50 +0000
0 - 0 - 3 logininfoutete.dubya.net/ 45.125.66.85

Last 5 reports on domain: myddns.com

Date UQ / IDS / BL URL IP
2022-11-24 19:27:29 +0000
12 - 0 - 0 auth00secure001124.myddns.com/account/index 198.204.229.178
2022-11-09 22:53:58 +0000
13 - 0 - 0 www.auth-secure087.myddns.com/ 198.204.229.178
2022-11-02 07:40:01 +0000
13 - 0 - 0 vpnamn.myddns.com/helpdesk/Login/LogOn 116.193.175.49
2022-10-05 19:25:09 +0000
3 - 0 - 0 autho01.myddns.com/login.php?online_id=7f7bad (...) 13.92.135.141
2022-10-05 18:35:33 +0000
3 - 0 - 0 www.autho01.myddns.com/login.php?online_id=de (...) 13.92.135.141

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-10-29 06:36:22 +0000
4 - 0 - 0 www.key-client-titolare.is-leet.com/txt/ 54.209.165.232
2022-09-16 16:00:59 +0000
4 - 0 - 22 www.titolare-key-nexxi.iamallama.com/pay_nexa (...) 45.125.66.101
2022-09-02 20:06:42 +0000
39 - 0 - 56 nexipaymobilekey.dns04.com/ 45.125.66.70
2022-09-02 18:54:27 +0000
39 - 0 - 61 info-pay-nexi-key.port25.biz/ 45.125.66.70
2022-09-01 10:48:56 +0000
39 - 0 - 3 nexi-ticket.mrface.com/ 45.125.66.70


JavaScript

Executed Scripts (12)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (61)


Request Response
                                        
                                            GET / HTTP/1.1 
Host: ftp.info-nexi-key.myddns.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 01 Sep 2022 22:12:50 GMT
Server: Apache/2.4.18 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 137
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   137
Md5:    1d11fd5b84311470ba11de08ef6deaec
Sha1:   f0992f55a63d7a0e3ab57b9f77ece9f4b9077548
Sha256: 4aecd120992eefc52a1ac6a7e5dbbe5abd1b58fb67fb64a2b1c36493ad74962e

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "9B43EC48B16F96449208A0094C4D660806A2A2D344B5862DBFF4C393BF3F9F9F"
Last-Modified: Thu, 01 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6875
Expires: Fri, 02 Sep 2022 00:07:25 GMT
Date: Thu, 01 Sep 2022 22:12:50 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 01 Sep 2022 21:41:25 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 8ddb6d7670d8c5a85c04a10525a71b90.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: -DKlRBxvxka4XylOjb-QhPYswkrme8GPk6pu19gPdIW5UYdcL7phGw==
Age: 1885


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    b593eb39329cfe060d55be5e4a5405e2
Sha1:   78e46c1028e9f94f8569303ad2d90d7df13a059a
Sha256: 08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.25
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
date: Thu, 01 Sep 2022 01:15:17 GMT
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
etag: "742edb4038f38bc533514982f3d2e861"
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: i_P7t5b91ZwvRZvJIzzDEMyaobnRk3afsXXGJcunZ7EIOS9cBW_imw==
age: 75454
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    742edb4038f38bc533514982f3d2e861
Sha1:   cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
Sha256: b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Thu, 01 Sep 2022 22:12:50 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF266BA4D6FEB11DFB86369171B565C577A7A72C2FCF0FA5BBB28FC54748779D"
Last-Modified: Thu, 01 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10138
Expires: Fri, 02 Sep 2022 01:01:48 GMT
Date: Thu, 01 Sep 2022 22:12:50 GMT
Connection: keep-alive

                                        
                                            GET /titulare.mobile.appkey.it?https://www.nexi.it/privati/servizi/area-personale.html HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         45.125.66.70
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Thu, 01 Sep 2022 22:12:50 GMT
Server: Apache/2.4.18 (Ubuntu)
Location: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/?https://www.nexi.it/privati/servizi/area-personale.html
Content-Length: 410
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   410
Md5:    77f5b47eac0a476af0a4da82136b0508
Sha1:   ca3845241ef7fe7620cf0cc7a578d5a8a1f12920
Sha256: 082324c1f0d239e82a547a91bbe8c5205b0eda1e975c668b797a854eed3ff9ff

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /titulare.mobile.appkey.it/?https://www.nexi.it/privati/servizi/area-personale.html HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 01 Sep 2022 22:12:50 GMT
Server: Apache/2.4.18 (Ubuntu)
Set-Cookie: real=OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 348
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   348
Md5:    245d8e69059dbdec5441b62d26ff2c64
Sha1:   577af40528d92a6d4382a3813e9d16c9562d8e81
Sha256: 59334eec17b491c5823e116c84d8b6afc688c6d1ac3d43b34126efc8e07f17e7

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Cache-Control, Pragma, Backoff, Last-Modified, ETag, Expires, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Thu, 01 Sep 2022 21:57:05 GMT
Cache-Control: max-age=3600
Expires: Thu, 01 Sep 2022 22:02:48 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 8l72ErDSC3DUsJgqB-VPQ80w0DnDy-TEhgq9H0ilA6-vzh6FfDpOSg==
Age: 945


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/?https://www.nexi.it/privati/servizi/area-personale.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Thu, 01 Sep 2022 22:12:50 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Length: 285
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   285
Md5:    4e390e411563d80348c4a98e95da10c5
Sha1:   9aeead57c05dee8cdb8f6a1bbcc04df51a45ddae
Sha256: c3f509f0a5a01224e5057a8836850f12222d7becaeedc205675432ecb1964391

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6576
Cache-Control: 'max-age=158059'
Date: Thu, 01 Sep 2022 22:12:51 GMT
Last-Modified: Thu, 01 Sep 2022 20:23:15 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 7aJr/sah/Dcj2GOA4nUCDw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         35.80.175.197
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Olz6hQLyqub6ft1eUnpSeaWND4A=

                                        
                                            GET /titulare.mobile.appkey.it/a1b2c3/c4bf667921000f0cedf1dc4392bfee3e?https://www.nexi.it/privati/servizi/area-personale.html HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Thu, 01 Sep 2022 22:12:51 GMT
Server: Apache/2.4.18 (Ubuntu)
Location: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/a1b2c3/c4bf667921000f0cedf1dc4392bfee3e/?https://www.nexi.it/privati/servizi/area-personale.html
Content-Length: 450
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   450
Md5:    37c91a8d7e44c486db48eb78cd998122
Sha1:   9a2829bbfdfb7161fc68f11ef70e18b956452596
Sha256: 132b944a30efb12939ef79b89edeb14fd1c2e0a8ae081ad51679c54992f4727e

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /titulare.mobile.appkey.it/a1b2c3/c4bf667921000f0cedf1dc4392bfee3e/?https://www.nexi.it/privati/servizi/area-personale.html HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/?https://www.nexi.it/privati/servizi/area-personale.html
Connection: keep-alive
Cookie: real=OK
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 01 Sep 2022 22:12:51 GMT
Server: Apache/2.4.18 (Ubuntu)
Set-Cookie: bid=c4bf667921000f0cedf1dc4392bfee3e; expires=Sat, 01-Oct-2022 22:12:51 GMT; Max-Age=2592000; path=/
location: login/?https://www.nexi.it/privati/servizi/area-personale.html
Content-Length: 0
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /titulare.mobile.appkey.it/a1b2c3/c4bf667921000f0cedf1dc4392bfee3e/login/?https://www.nexi.it/privati/servizi/area-personale.html HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/?https://www.nexi.it/privati/servizi/area-personale.html
Connection: keep-alive
Cookie: real=OK; bid=c4bf667921000f0cedf1dc4392bfee3e
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 01 Sep 2022 22:12:51 GMT
Server: Apache/2.4.18 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5097
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2815)
Size:   5097
Md5:    112cc4604b1e61bfc39e13de58e21249
Sha1:   ee6e882f007826c721860e6bfa6a0a5905ed881c
Sha256: 8d0e2c7144405b2701091d370e997eefb0fb320ba57386883da080d073ed9f98

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /titulare.mobile.appkey.it/bower_components/jquery/dist/jquery.min.js HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/a1b2c3/c4bf667921000f0cedf1dc4392bfee3e/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=c4bf667921000f0cedf1dc4392bfee3e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 01 Sep 2022 22:12:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Mon, 05 Jun 2017 03:55:06 GMT
ETag: "15283-5512e77ee3a80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 30138
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (32058)
Size:   30138
Md5:    3430607b4301113ad9394c9260eef3f0
Sha1:   8c4db68b161b17e31be300e968a30ab0116b3193
Sha256: 31e4d11375322cd6f94dba7338570426f2412d6c5fa670427966d45c3648098c

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /titulare.mobile.appkey.it/bower_components/ua-parser-js/dist/ua-parser.min.js HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/a1b2c3/c4bf667921000f0cedf1dc4392bfee3e/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=c4bf667921000f0cedf1dc4392bfee3e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 01 Sep 2022 22:12:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 12 Oct 2017 08:16:24 GMT
ETag: "4298-55b5527f0e600-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6063
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (16817)
Size:   6063
Md5:    14da93cff6d49885bf214d2503f614db
Sha1:   04d64d738cd0fd2b4eee3b8abc5326dfda3f1dea
Sha256: 49e584e9a0aee55b81771b9e010ccf1da6278da03fb8ddba07ef7a1f0a126732

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /titulare.mobile.appkey.it/bower_components/font-awesome/css/font-awesome.min.css HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/a1b2c3/c4bf667921000f0cedf1dc4392bfee3e/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=c4bf667921000f0cedf1dc4392bfee3e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 01 Sep 2022 22:12:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Sun, 09 Apr 2017 04:29:24 GMT
ETag: "7918-54cb44da47100-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7053
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (30837)
Size:   7053
Md5:    52f1a8a2ce85fa8432308b33bc1a2e79
Sha1:   fd80917af5371c8ecad0198592a1e7cce4b77b0e
Sha256: 07bd6a9ea0213e20f362485aadc17a88c486ecfb394004b41b8b38db6e6a35f6

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /titulare.mobile.appkey.it/core/form/core_form.js HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/a1b2c3/c4bf667921000f0cedf1dc4392bfee3e/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=c4bf667921000f0cedf1dc4392bfee3e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 01 Sep 2022 22:12:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Fri, 08 Nov 2019 20:10:31 GMT
ETag: "3fda-596db5fb11bc0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4019
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   4019
Md5:    7c8bd0c35f152ecc839349fc096a7316
Sha1:   172c05793d2b4a32b983b2183d290df61348144e
Sha256: e3513e4ff663a665d9fa2b474c902444341024828a1bda4521edf660418aa2d1

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /titulare.mobile.appkey.it/core/token/core_token.js HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/a1b2c3/c4bf667921000f0cedf1dc4392bfee3e/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=c4bf667921000f0cedf1dc4392bfee3e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 01 Sep 2022 22:12:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Fri, 08 Nov 2019 20:08:32 GMT
ETag: "22fd-596db58995000-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1431
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   1431
Md5:    715880a9d6da7f01e624f6669fcc99bf
Sha1:   fa51999ee6bfbfe9361d2248b5429c260f205194
Sha256: 3b31e617e97a433067b65cf16dd953c5e04e9746a342a4284f9e3b3beba04a11

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /titulare.mobile.appkey.it/core/form/core_form.css HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/a1b2c3/c4bf667921000f0cedf1dc4392bfee3e/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=c4bf667921000f0cedf1dc4392bfee3e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 01 Sep 2022 22:12:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Fri, 08 Nov 2019 07:58:11 GMT
ETag: "a9b-596d124a9eac0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 665
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   665
Md5:    268653a679c54f58ddfbd3a1dea26e81
Sha1:   9cdfb1a2f3fa2498d5c477ca47f6b20b59a041cf
Sha256: 7cfe7376e45f6f27808c9313a426d2361eae0dc005983111dde6a5e88d00a7ed

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /titulare.mobile.appkey.it/login/form/css.css HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/a1b2c3/c4bf667921000f0cedf1dc4392bfee3e/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=c4bf667921000f0cedf1dc4392bfee3e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 01 Sep 2022 22:12:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Fri, 08 Nov 2019 20:43:05 GMT
ETag: "90-596dbd428c840-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 121
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   121
Md5:    388da9932145e417adb96e2e88a9c1bd
Sha1:   6add9b7f63d23638b807662588944a01a57a5ae9
Sha256: faebec4e15b72ea3d0c455f14f1e48a08bf5cf26462eb078f2d7b4d19d098d1b

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /titulare.mobile.appkey.it/login/style.css HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/a1b2c3/c4bf667921000f0cedf1dc4392bfee3e/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=c4bf667921000f0cedf1dc4392bfee3e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 01 Sep 2022 22:12:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 07 Nov 2019 18:39:00 GMT
ETag: "4452-596c5fa8fb900-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3431
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   3431
Md5:    319ebfc54b48fd3b3cf2613ad74c03ac
Sha1:   22ceec21aaf2f6bbbd0705fc5c785dbbb6890b5b
Sha256: d82bd0b8e4e0d03d38826b2603b22f773575ff9068faff1f5187cfe509d3e360

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /titulare.mobile.appkey.it/login/css.css HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/a1b2c3/c4bf667921000f0cedf1dc4392bfee3e/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=c4bf667921000f0cedf1dc4392bfee3e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 01 Sep 2022 22:12:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 07 Nov 2019 18:38:58 GMT
ETag: "10ec-596c5fa713480-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 602
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   602
Md5:    0be73f2e004f675f5b54b4630bd826df
Sha1:   1809f06b66415c6782c92e4acbc897857b543f22
Sha256: c942be2806f9a69273d5983195617ee3e3eb3799245e2f8012382318442abca3

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /titulare.mobile.appkey.it/login/form/form.js?v=63112e6424d52 HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/a1b2c3/c4bf667921000f0cedf1dc4392bfee3e/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=c4bf667921000f0cedf1dc4392bfee3e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 01 Sep 2022 22:12:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Sun, 22 Sep 2019 09:13:10 GMT
ETag: "a49-59320b6489580-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 626
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   626
Md5:    c0328e89fb60d267fbbb17f437914c3b
Sha1:   8cfdbf9752314ade4ffc65f933f8a04917aaa958
Sha256: ddd5d1ad5bfe667d81b83760d5f0fe6cc80e8d2546698f97a70fc577e41479c4

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /titulare.mobile.appkey.it/bower_components/angular/angular.min.js HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/a1b2c3/c4bf667921000f0cedf1dc4392bfee3e/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=c4bf667921000f0cedf1dc4392bfee3e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 01 Sep 2022 22:12:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Fri, 18 Aug 2017 14:37:28 GMT
ETag: "2937c-5570811783a00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  ASCII text, with very long lines (552)
Size:   58946
Md5:    ef8273bb5f21cf02cdb9ccd56513e7c1
Sha1:   0de400b680cfc9a05f3d182ea010b4ecb6166f7a
Sha256: 369f26576626b7705342e67ae37363858a5655c66755ddff450054dfe9c70bc4

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /titulare.mobile.appkey.it/login/ng/ng.js?v=63112e6424d8d HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/a1b2c3/c4bf667921000f0cedf1dc4392bfee3e/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=c4bf667921000f0cedf1dc4392bfee3e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 01 Sep 2022 22:12:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Fri, 08 Nov 2019 20:43:50 GMT
ETag: "c50-596dbd6d76d80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1107
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   1107
Md5:    678d911920b638e0348fe1d1221bc98d
Sha1:   254a44adf9d27886ebae3416410f2cc9ca41e1e1
Sha256: a2d2430fdc89c9d502c5115a37dc26d1f409cdb86ab243187643783cabd1d3d1

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /titulare.mobile.appkey.it/login/token/token.js?v=63112e6424dc4 HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/a1b2c3/c4bf667921000f0cedf1dc4392bfee3e/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=c4bf667921000f0cedf1dc4392bfee3e
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 01 Sep 2022 22:12:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Fri, 08 Nov 2019 20:23:09 GMT
ETag: "4be-596db8cdf4540-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 516
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   516
Md5:    618403e922584d493d90e88a9a151cda
Sha1:   f44949bed024bdb5d49eda5d16f8252eeb09f691
Sha256: d2c7111a465a323d5a08768fe787b09c8858c764de8ee7c8c95570b08012e8ce

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /titulare.mobile.appkey.it/login/style-1.css HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/a1b2c3/c4bf667921000f0cedf1dc4392bfee3e/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=c4bf667921000f0cedf1dc4392bfee3e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 01 Sep 2022 22:12:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 07 Nov 2019 18:39:02 GMT
ETag: "88aed-596c5faae3d80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  ASCII text, with very long lines (685), with CRLF, LF line terminators
Size:   69737
Md5:    127eedd202127bf5d5a05cc076b2c6b2
Sha1:   673b466dad34317249322691e040c747e23d4de1
Sha256: 5854f5eaff334ab480506c2ea7661d7a9592ca0e63a1cfa3862f2528b69ac7fb

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /titulare.mobile.appkey.it/login/index.css HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/a1b2c3/c4bf667921000f0cedf1dc4392bfee3e/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=c4bf667921000f0cedf1dc4392bfee3e
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 01 Sep 2022 22:12:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Fri, 08 Nov 2019 20:45:09 GMT
ETag: "3f39b-596dbdb8cdf40-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 23231
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (1484)
Size:   23231
Md5:    e46b8b7cc0017119514cb5c9fda219bb
Sha1:   b0e856124b2a2104387a44f312180d6db5834644
Sha256: a732c4026f1b3f957b8d7c1adc46a77dd4f0f6da10c864f3a43eeed5c9c4f793

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /titulare.mobile.appkey.it/login/google_play.svg HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/a1b2c3/c4bf667921000f0cedf1dc4392bfee3e/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=c4bf667921000f0cedf1dc4392bfee3e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Thu, 01 Sep 2022 22:12:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 07 Nov 2019 18:38:58 GMT
ETag: "62ff-596c5fa713480"
Accept-Ranges: bytes
Content-Length: 25343
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (24914)
Size:   25343
Md5:    9f366adad75cc2c3bf7d704939967a7b
Sha1:   54264a40ad66760e85e4a7407f78a94ccfe754d1
Sha256: ed313341bbd73a61ddacf268f494c9f85cb84e46f8954bde8a5260e21174f340

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /titulare.mobile.appkey.it/login/icon-phone-warning-white.svg HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/a1b2c3/c4bf667921000f0cedf1dc4392bfee3e/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=c4bf667921000f0cedf1dc4392bfee3e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Thu, 01 Sep 2022 22:12:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 07 Nov 2019 18:38:58 GMT
ETag: "f29-596c5fa713480"
Accept-Ranges: bytes
Content-Length: 3881
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   3881
Md5:    8ca4186994be106eea6423d4f2d9af10
Sha1:   4963eaacbdf6ba1cf7c529694ec488eea950bc92
Sha256: c8e1f312e86564f3d293bb04806f55d4296cc3342321655bb738d7d61eeeef22

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /titulare.mobile.appkey.it/login/icon-blocked.svg HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/a1b2c3/c4bf667921000f0cedf1dc4392bfee3e/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=c4bf667921000f0cedf1dc4392bfee3e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Thu, 01 Sep 2022 22:12:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 07 Nov 2019 18:38:58 GMT
ETag: "3a7-596c5fa713480"
Accept-Ranges: bytes
Content-Length: 935
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   935
Md5:    c3034188332fd8391df588c244a10a55
Sha1:   8a95344a40342edf303b04b994f1787dd2207efb
Sha256: 92751c1749c593c1ad2a7b61ff640b0dbb1a4c32db1981a523e5432cc35a029f

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /titulare.mobile.appkey.it/login/app_store.svg HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/a1b2c3/c4bf667921000f0cedf1dc4392bfee3e/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=c4bf667921000f0cedf1dc4392bfee3e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Thu, 01 Sep 2022 22:12:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 07 Nov 2019 18:38:58 GMT
ETag: "3dc8-596c5fa713480"
Accept-Ranges: bytes
Content-Length: 15816
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1295)
Size:   15816
Md5:    d11b30ed05c8b249efe85b47532305c4
Sha1:   e2be0738062a412e6a31b6bc67ea983b1db98732
Sha256: 5e3c6b5c51b5fbf7691fa5d0adbcd05be694548d5f03aee7d59d7a8b092b5d27

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /titulare.mobile.appkey.it/login/icon-close.svg HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/a1b2c3/c4bf667921000f0cedf1dc4392bfee3e/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=c4bf667921000f0cedf1dc4392bfee3e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Thu, 01 Sep 2022 22:12:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 07 Nov 2019 18:38:58 GMT
ETag: "628-596c5fa713480"
Accept-Ranges: bytes
Content-Length: 1576
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   1576
Md5:    6a2b6418343e69fd866ebb827f33a2d6
Sha1:   4b6842649792e108920c211c2dca658e6f429734
Sha256: f1926ee7a205ed96afdd1b8a74d845d21a64dadb6ef76e672558e5b84b58274c

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /titulare.mobile.appkey.it/login/icon-close-white.svg HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/a1b2c3/c4bf667921000f0cedf1dc4392bfee3e/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=c4bf667921000f0cedf1dc4392bfee3e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Thu, 01 Sep 2022 22:12:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 07 Nov 2019 18:38:58 GMT
ETag: "637-596c5fa713480"
Accept-Ranges: bytes
Content-Length: 1591
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   1591
Md5:    e61ea756f9b2ae7f774048dfbc85f1df
Sha1:   d50555f8f6e6882e1031332a76a48ab9709f13b1
Sha256: 32cde70fcb4ed6949904cec5ef9065adce2196b3e8216bb5874019a9efe96edd

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11846
Expires: Fri, 02 Sep 2022 01:30:18 GMT
Date: Thu, 01 Sep 2022 22:12:52 GMT
Connection: keep-alive

                                        
                                            GET /titulare.mobile.appkey.it/login/icon-phone.svg HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/a1b2c3/c4bf667921000f0cedf1dc4392bfee3e/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=c4bf667921000f0cedf1dc4392bfee3e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Thu, 01 Sep 2022 22:12:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 07 Nov 2019 18:38:58 GMT
ETag: "fb0-596c5fa713480"
Accept-Ranges: bytes
Content-Length: 4016
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   4016
Md5:    ba155a06b6ed2efff975f38208ca03a7
Sha1:   e75f40d95197f19c38d900ac7c749857fbdb93f7
Sha256: 7e6f9ccce4ea514b53fb258d72b5682c74d1e81ef9148d3c406fbd03cfd56919

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11846
Expires: Fri, 02 Sep 2022 01:30:18 GMT
Date: Thu, 01 Sep 2022 22:12:52 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11846
Expires: Fri, 02 Sep 2022 01:30:18 GMT
Date: Thu, 01 Sep 2022 22:12:52 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11846
Expires: Fri, 02 Sep 2022 01:30:18 GMT
Date: Thu, 01 Sep 2022 22:12:52 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11846
Expires: Fri, 02 Sep 2022 01:30:18 GMT
Date: Thu, 01 Sep 2022 22:12:52 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8cc83cf-4aef-486b-b775-ed3cb57c8e2a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9642
x-amzn-requestid: 52c698d7-6419-4614-9c53-68a265266337
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzLjbEvgoAMFkKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112615-547a72850cce71da013383f5;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:37:25 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: I3pDTq3EeJJtzJFsAFaym7cV5nCrwFailDRzgA3QkAFOYj3xV43v2w==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 21:37:26 GMT
age: 2126
etag: "67192f5be476ac4dada66dc9fbe26469d62e2d78"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9642
Md5:    d0c1e7f6c9e17585905fdbe9ae4da50b
Sha1:   67192f5be476ac4dada66dc9fbe26469d62e2d78
Sha256: 21ca880b36bbb7791f8df2bf9830f11a960692123dd6dde5be42bda004dc428b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6b23082-fe08-4f5d-b709-47175510cf45.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6196
x-amzn-requestid: a7d6ce70-06d7-498c-8024-80185a3fc3e4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzLyLFmVIAMFkcQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112674-3fad622927177e9236d7c50a;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:39:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: wLezqM4_yKqtOR7D43beBqm8TAD5y8eQ7xHOxjDJdHchCpyusuzMuQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 21:55:46 GMT
etag: "ec65cb47d86488f734c945a210d5f636a40fea2c"
age: 1026
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6196
Md5:    5e05660322f0368dd2bf8067d7e4554d
Sha1:   ec65cb47d86488f734c945a210d5f636a40fea2c
Sha256: 98875230ec45766102191bdc4180742fa3b8f3ad5ad1a128d12437105f86247e
                                        
                                            GET /titulare.mobile.appkey.it/login/logo--light-double.svg HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/a1b2c3/c4bf667921000f0cedf1dc4392bfee3e/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=c4bf667921000f0cedf1dc4392bfee3e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Thu, 01 Sep 2022 22:12:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 07 Nov 2019 18:38:58 GMT
ETag: "5c4-596c5fa713480"
Accept-Ranges: bytes
Content-Length: 1476
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   1476
Md5:    77ef18d95472ac80e6e86cf40daf8d4e
Sha1:   9289a4e6397fb8374db9532c00b684d0568c9e2c
Sha256: c37a1253313f01ecf7b8d5ac83025a8059d161d955ecbe5254c99d4edf6989fc

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F43d94e54-2c67-403b-b94b-ef5e36cb5e26.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7156
x-amzn-requestid: e2b38429-0492-4319-9c72-5a1619c78420
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzMO2EKcoAMFrrA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6311272b-69d66f695cf1a07f0fae433c;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:42:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 7Tv0bNle7nahMFTDVzCbyK9BpyTmt7QOwq5zfH7niru7P1wxYy0Dog==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 21:52:20 GMT
age: 1232
etag: "d3fda6718ab89268e82bde16b06a96354fa3d57b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7156
Md5:    14e82032ab44011167c9d2d9695a3198
Sha1:   d3fda6718ab89268e82bde16b06a96354fa3d57b
Sha256: 2f073e250e9956e82038d29df1de50df864e2c22e4604bbd78d1e62188ae9197
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff072eb8c-1ad5-404f-85b3-2242f38757f6.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4924
x-amzn-requestid: 89f18b72-50e3-4e1a-9a4a-e1e61d078fba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XW1o-GO2IAMFyxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6305cfd2-0987c8217bfd77c91f107265;Sampled=0
x-amzn-remapped-date: Wed, 24 Aug 2022 07:14:26 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: F4gQvi_hdsdDXSys6Sv0-5XWXE-nMH6H-qb5jRvuln8o_r7SKdqU7g==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 21:43:47 GMT
age: 1745
etag: "3f7dbd409d7d110b135ee32b8ebcdb9ac3591e66"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4924
Md5:    ae78f10cef02197bf19d5ff1d2703fdf
Sha1:   3f7dbd409d7d110b135ee32b8ebcdb9ac3591e66
Sha256: b5c74c5cea04e6da2d3e886dd26adc83af98bb881aa134b7fa0693dbf8b90a52
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c0ef483-e545-4a1f-b9b9-88778330d881.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10435
x-amzn-requestid: 813ec4ca-243d-46cb-a6a6-8ec58e5dd9f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzLjdHwnIAMFhzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112615-4733cfb83cf0e8734abc5716;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:37:25 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: n6DJbsUGTdXT42cNLTDq6Uz28H2SDhwq6drdKP4axAHsBz471X7r_g==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 21:37:26 GMT
age: 2126
etag: "4c70d27f7c51b7fcae1d8a883bfc2e67a551ae6c"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10435
Md5:    955f2a35bd6b3802670e7fa8a7cda833
Sha1:   4c70d27f7c51b7fcae1d8a883bfc2e67a551ae6c
Sha256: 2fb517039f0704d2f6fe2fa78eae47c71c645add1c2276f8726248184ae45760
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9de9889-f1f6-417e-954b-af2056b62982.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12204
x-amzn-requestid: 5293c66e-68d3-472a-a6d2-69f161262f26
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzMLDGK6oAMFTzw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112713-66d01d9c2d12d55c465c5108;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:41:39 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 6b6K6qPPzI8g3_MADZH84JtcPaDP00roz3A-6QEpbUY3boLIPOatjg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 21:49:06 GMT
age: 1426
etag: "63cff2232383d9d7f2371d1f60cf7923b629fc82"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12204
Md5:    e10519422b7ff91c72bcf2234cea36cf
Sha1:   63cff2232383d9d7f2371d1f60cf7923b629fc82
Sha256: 71a4bfc0031e0f6152c441f4bf413c6e953f38a587a95900f3a6c63beecafb4b
                                        
                                            GET /lQNIz8H.png HTTP/1.1 
Host: i.imgur.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.84.193
HTTP/2 200 OK
content-type: image/png
                                        
last-modified: Fri, 08 Nov 2019 07:55:56 GMT
etag: "c8ec33a7f60d9bf2bd70fe2096c58aac"
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Thu, 01 Sep 2022 22:12:52 GMT
age: 2032569
x-served-by: cache-iad-kiad7000031-IAD, cache-bma1671-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 1
x-timer: S1662070373.765627,VS0,VE1
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 4119
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 385 x 131, 8-bit colormap, non-interlaced\012- data
Size:   4119
Md5:    c8ec33a7f60d9bf2bd70fe2096c58aac
Sha1:   2dc66c21fdd555ccac7742177acd3e75677c3d34
Sha256: c12490d726ef93f69ec5c1368ab7b34269e9dd4e784f2e09a6e590a9002e3e0b
                                        
                                            GET /titulare.mobile.appkey.it/login/karbon-medium-webfont.woff HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/login/style-1.css
Cookie: real=OK; bid=c4bf667921000f0cedf1dc4392bfee3e; lng=it
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: application/font-woff
                                        
Date: Thu, 01 Sep 2022 22:12:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 07 Nov 2019 18:38:58 GMT
ETag: "617c-596c5fa713480"
Accept-Ranges: bytes
Content-Length: 24956
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 24956, version 1.0\012- data
Size:   24956
Md5:    034fa219154a0eed22d6ef6ebd89c3a9
Sha1:   c8574cf3bfc69f53392d916aef929ccc882a9386
Sha256: 4061275193aa1a5245941f7768b307219fc0f86f44dc1cf4d293168b93a72259

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /titulare.mobile.appkey.it/login/karbon-semibold-webfont.woff HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/login/style-1.css
Cookie: real=OK; bid=c4bf667921000f0cedf1dc4392bfee3e; lng=it
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: application/font-woff
                                        
Date: Thu, 01 Sep 2022 22:12:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 07 Nov 2019 18:38:58 GMT
ETag: "61c8-596c5fa713480"
Accept-Ranges: bytes
Content-Length: 25032
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 25032, version 1.0\012- data
Size:   25032
Md5:    4e893a43d47ba798763b8990f9e07180
Sha1:   9ac339e30beac18d0a4aaecce5b66a723ec46532
Sha256: 0696904b24ea3bdaf9ee857ded71391ccd44d40b84334571a5c5e71f93b4a0c6

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /titulare.mobile.appkey.it/login/karbon-regular-webfont.woff HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/login/style-1.css
Cookie: real=OK; bid=c4bf667921000f0cedf1dc4392bfee3e; lng=it
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: application/font-woff
                                        
Date: Thu, 01 Sep 2022 22:12:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 07 Nov 2019 18:38:58 GMT
ETag: "5ef4-596c5fa713480"
Accept-Ranges: bytes
Content-Length: 24308
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 24308, version 1.0\012- data
Size:   24308
Md5:    e6b850dccbd545df306ea2f25452a124
Sha1:   08bdf0f61b8316130f85a2725dcbd7eb5a6dc750
Sha256: ade827343407a2a81168acb91cabc1ed7d83de7010966dd1b7f06f4e0344b9e6

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F36128481B3F21BE44388C8F69221304182A8C3FAA464FFE081325212017EA67"
Last-Modified: Thu, 01 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21550
Expires: Fri, 02 Sep 2022 04:12:03 GMT
Date: Thu, 01 Sep 2022 22:12:53 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F36128481B3F21BE44388C8F69221304182A8C3FAA464FFE081325212017EA67"
Last-Modified: Thu, 01 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21591
Expires: Fri, 02 Sep 2022 04:12:44 GMT
Date: Thu, 01 Sep 2022 22:12:53 GMT
Connection: keep-alive

                                        
                                            GET /panelumeu1/uadmin/gate.php?pl=token&link=nexi_it&bid=c4bf667921000f0cedf1dc4392bfee3e&callback=jQuery32107494324279090459_1662070371683&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1662070371684 HTTP/1.1 
Host: panelumeu.ns1.name
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         45.125.66.95
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 01 Sep 2022 22:12:53 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Length: 57
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   57
Md5:    81442a3595a271f5b6494741d1b1a7fd
Sha1:   480dc6354b37e9f624e592090a16a45a5c1cc1ce
Sha256: ad415727c57ca0302b92801677967b8e7fd8b1fe146c1c45d5a1cb6b35bc8e25

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /panelumeu1/uadmin/gate.php?pl=token&link=nexi_it&bid=c4bf667921000f0cedf1dc4392bfee3e&callback=jQuery32107494324279090459_1662070371681&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1662070371682 HTTP/1.1 
Host: panelumeu.ns1.name
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         45.125.66.95
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 01 Sep 2022 22:12:53 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Length: 57
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   57
Md5:    ae27fe17d0f04ba67e3e9e6817bbc816
Sha1:   c3aa971d6816a288629af006465f830262c9742b
Sha256: 337faa496c5b0334375ab77343c1f1ec65a76518ae0d13b79342ba81e075bac7

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /titulare.mobile.appkey.it/login/form/newloader.gif HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/a1b2c3/c4bf667921000f0cedf1dc4392bfee3e/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=c4bf667921000f0cedf1dc4392bfee3e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 01 Sep 2022 22:12:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Mon, 16 Sep 2019 06:51:55 GMT
ETag: "88042-592a60a1618c0"
Accept-Ranges: bytes
Content-Length: 557122
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 480 x 480\012- data
Size:   557122
Md5:    ef8d4e6b20b0cf0d68713fb2f6069042
Sha1:   d62bb4b1a169c88879de3bd2f5c4292b6259a952
Sha256: 32bfc673211421c1a5a33acc98291840183582f11d15490954b42a81d79d4630

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /titulare.mobile.appkey.it/login/placeholder_login_portale_privati.png HTTP/1.1 
Host: www.app-utente.ddns.ms
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/titulare.mobile.appkey.it/a1b2c3/c4bf667921000f0cedf1dc4392bfee3e/login/?https://www.nexi.it/privati/servizi/area-personale.html
Cookie: real=OK; bid=c4bf667921000f0cedf1dc4392bfee3e; lng=it
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         45.125.66.70
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Thu, 01 Sep 2022 22:12:52 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 07 Nov 2019 18:38:58 GMT
ETag: "13b53f-596c5fa713480"
Accept-Ranges: bytes
Content-Length: 1291583
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 1440 x 1024, 8-bit/color RGBA, non-interlaced\012- data
Size:   1291583
Md5:    a0e51a5d24b4401c9297341ad69c7405
Sha1:   18da1c5fdf6547e7390f72427fccbc2667490f32
Sha256: 861a4758d8d84ee664daa9cebfccf9aa3ab671f213484cb1f5e9ce586670a89b

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /panelumeu1/uadmin/gate.php?pl=token&link=nexi_it&bid=c4bf667921000f0cedf1dc4392bfee3e&callback=jQuery32107494324279090459_1662070371681&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1662070371685 HTTP/1.1 
Host: panelumeu.ns1.name
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.app-utente.ddns.ms/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         45.125.66.95
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Thu, 01 Sep 2022 22:12:57 GMT
Server: Apache/2.4.18 (Ubuntu)
Content-Length: 57
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   57
Md5:    ae27fe17d0f04ba67e3e9e6817bbc816
Sha1:   c3aa971d6816a288629af006465f830262c9742b
Sha256: 337faa496c5b0334375ab77343c1f1ec65a76518ae0d13b79342ba81e075bac7

Alerts:
  urlquery:
    - DynDNS domain detected
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F409dfca9-6638-46e3-bd6c-98a42f043bc4.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9040
x-amzn-requestid: 24ba8357-3dbc-4609-8998-a358d3b4c4cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzLleHKxIAMFqFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63112622-2b67e5bd14e08d5c3ccf352f;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 21:37:38 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Ot2ovRarFg0nSndNjtz8HZJjZ4zlgAoCZvQY1QLbjAaNUSzf7A4tVQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 ead78c395f4bede3ec6cd7ea180e3d3a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Sep 2022 21:38:30 GMT
age: 2069
etag: "05e3b1ca0471c4a754beefd5fa5cf88b8d86c141"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9040
Md5:    a6c03a9391cf529bf7354ef49730bf29
Sha1:   05e3b1ca0471c4a754beefd5fa5cf88b8d86c141
Sha256: c0f03851ec2bb7dce175820e2d89112d4149c2bedee10b82ea7a751ca0fdc134