Report - nxtgain.com/356volp/login.php

Report Overview

Submitted URL
nxtgain.com/356volp/login.php
IP
65.20.75.226
ASN
#20473 AS-CHOOPA
Submitted
2022-12-04 02:45:19
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
34

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
www.nxtgain.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	7.9 kB	743 kB	65.20.75.226
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.148.213.75
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.33.119.27
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.6 kB	93.184.220.29
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	477 B	1.9 kB	142.250.74.106
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	67 kB	34.120.237.76
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
nxtgain.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	360 B	392 B	65.20.75.226

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-04	medium	nxtgain.com/356volp/login.php	Phishing
2022-12-04	medium	www.nxtgain.com/356volp/login.php	Phishing
2022-12-04	medium	www.nxtgain.com/wp-includes/css/dist/block-library/style.min.css?ver=5.4.12	Phishing
2022-12-04	medium	www.nxtgain.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.3	Phishing
2022-12-04	medium	www.nxtgain.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.0.5	Phishing
2022-12-04	medium	www.nxtgain.com/wp-content/themes/nxtgain/css/ionicon.css?ver=5.4.12	Phishing
2022-12-04	medium	www.nxtgain.com/wp-content/themes/nxtgain/css/slick.css?ver=5.4.12	Phishing
2022-12-04	medium	www.nxtgain.com/wp-content/themes/nxtgain/css/slick-theme.css?ver=5.4.12	Phishing
2022-12-04	medium	www.nxtgain.com/wp-content/themes/nxtgain/css/magnific-popup.css?ver=5.4.12	Phishing
2022-12-04	medium	www.nxtgain.com/wp-content/themes/nxtgain/css/royal-preload.css?ver=5.4.12	Phishing
2022-12-04	medium	www.nxtgain.com/wp-content/themes/nxtgain/style.css?ver=5.4.12	Phishing
2022-12-04	medium	www.nxtgain.com/wp-content/themes/nxtgain/js/royal_preloader.min.js?ver=1.0	Phishing
2022-12-04	medium	www.nxtgain.com/wp-includes/js/wp-emoji-release.min.js?ver=5.4.12	Phishing
2022-12-04	medium	www.nxtgain.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.0.5	Phishing
2022-12-04	medium	www.nxtgain.com/wp-content/plugins/revslider/public/assets/js/revolution.tools.min.js?ver=6.0	Phishing
2022-12-04	medium	www.nxtgain.com/wp-content/uploads/2022/07/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCvr70w9.woff	Phishing
2022-12-04	medium	www.nxtgain.com/wp-content/uploads/2022/08/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0C4k.woff	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	www.nxtgain.com/wp-content/plugins/revslider/public/assets/js/revolution.tools.min.js?ver=6.0	150 kB	2023-03-07	2024-05-08
Pretty URL www.nxtgain.com/wp-content/plugins/revslider/public/assets/js/revolution.tools.min.js?ver=6.0 IP 65.20.75.226 ASN #20473 AS-CHOOPA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:14 Last Seen2024-05-08 15:19:11 Times Seen1137 Hash ebd0333ce098728f0fdb1ba98e8ee078 63588df93d3e0eadfc9aa12650dd3cd0614c242b 45012f93c4cbd739c51f4043a3a1d3c8377272ef606dd39e51a6a81e02dad594 Loading...

	www.nxtgain.com/356volp/login.php	1.5 kB	2023-03-07	2024-05-10
Pretty URL www.nxtgain.com/356volp/login.php IP 65.20.75.226 ASN #20473 AS-CHOOPA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:03 Last Seen2024-05-10 01:26:15 Times Seen828 Hash 277de2c9c1d98efc6863c652f37902af 424e4284bf6a3003eddaa440ba9c4952a554a839 95e11bad493e4243bc2c826d979414127bf865c760b9c82e3f41525afcaee744 Loading...

	www.nxtgain.com/356volp/login.php	2.2 kB	2023-03-08	2023-03-08
Pretty URL www.nxtgain.com/356volp/login.php IP 65.20.75.226 ASN #20473 AS-CHOOPA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:46:43 Last Seen2023-03-08 15:46:43 Times Seen1 Hash 8c4912fd013a3e6c33070bf0dd6dd4d4 82998f6a8176976ded3ffa4b751f521247c0c7c5 75818e821be02707b6d6e62963116dfa40ab0b853f7f350e3083b51b27c1099e Loading...

	www.nxtgain.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1	10 kB	2023-03-07	2024-05-10
Pretty URL www.nxtgain.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 IP 65.20.75.226 ASN #20473 AS-CHOOPA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:37 Last Seen2024-05-10 06:50:32 Times Seen37680 Hash 7121994eec5320fbe6586463bf9651c2 90532aff6d4121954254cdf04994d834f7ec169b 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d Loading...

	www.nxtgain.com/wp-content/themes/nxtgain/js/royal_preloader.min.js?ver=1.0	9.3 kB	2023-03-07	2024-05-03
Pretty URL www.nxtgain.com/wp-content/themes/nxtgain/js/royal_preloader.min.js?ver=1.0 IP 65.20.75.226 ASN #20473 AS-CHOOPA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:29:17 Last Seen2024-05-03 19:15:14 Times Seen204 Hash 9c7eade410d7d0b62f22cad5a3e51bb4 dc796b2bb98ac3e7310de3e446e2463637b94c7a b737f1a4d6e09fca8021cafd76e87faa8fea2daf86193b0fe7075cd371ed84ba Loading...

	www.nxtgain.com/wp-includes/js/wp-emoji-release.min.js?ver=5.4.12	14 kB	2023-03-07	2024-05-09
Pretty URL www.nxtgain.com/wp-includes/js/wp-emoji-release.min.js?ver=5.4.12 IP 65.20.75.226 ASN #20473 AS-CHOOPA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:18 Last Seen2024-05-09 15:01:18 Times Seen2911 Hash c8d5a4cd14632bc2bdf15b5e45ca9d4d cdf210b710c2792eda450a1a11e5dc1f8dae8594 956fa56f513e1a8025bc85f9314a1747eb061d434403393591145e4ae898c694 Loading...

	www.nxtgain.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp	97 kB	2023-03-07	2024-05-10
Pretty URL www.nxtgain.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp IP 65.20.75.226 ASN #20473 AS-CHOOPA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:38 Last Seen2024-05-10 06:26:43 Times Seen17927 Hash 49edccea2e7ba985cadc9ba0531cbed1 f8747f8ee704d9af31d0950015e01d3f9635b070 1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df Loading...

	www.nxtgain.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.0.5	266 kB	2023-03-07	2024-05-10
Pretty URL www.nxtgain.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.0.5 IP 65.20.75.226 ASN #20473 AS-CHOOPA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:07:29 Last Seen2024-05-10 01:26:15 Times Seen74 Hash 476e7f90c78a1d13d576df5b34a9d9f7 c3f657cda99c0fed92cff9ac4ef225fed604594a b35efa9c4745e69410a219f1a1eb9e95057695f6fbed51babf5f76adfe3c9511 Loading...

HTTP Transactions (44)

URL IP Response Size

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13895
Expires: Sun, 04 Dec 2022 06:36:43 GMT
Date: Sun, 04 Dec 2022 02:45:08 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
67e9370f1bf3e4946a01f346eeae8966
aaab391d1134302d718de7a0d5edbedf884633e6
27a8654fb14db88d4b2bb3b45c1b197fc498cd94143d4a68687742fa48a41358

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3187
Cache-Control: max-age=117551
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 02:45:08 GMT
Etag: "638b2570-1d7"
Expires: Mon, 05 Dec 2022 11:24:19 GMT
Last-Modified: Sat, 03 Dec 2022 10:31:12 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 04 Dec 2022 02:18:21 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1607
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3282
Expires: Sun, 04 Dec 2022 03:39:50 GMT
Date: Sun, 04 Dec 2022 02:45:08 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 8KUyLG9FMPItNV1SBfgTAlfTDjMNbLe5+Lk7E2W6J1xo8xaWx6YuXIcchR4uwSRjTLUg3/JwTno=
x-amz-request-id: J12125AVYX5K0SVQ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 04 Dec 2022 01:46:47 GMT
age: 3501
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

nxtgain.com/356volp/login.php

65.20.75.226

301 Moved Permanently

0 B

URL HTTP/1.1
nxtgain.com/356volp/login.php
IP
65.20.75.226:0
ASN
#20473 AS-CHOOPA

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /356volp/login.php HTTP/1.1
Host: nxtgain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: http://www.nxtgain.com/356volp/login.php
content-length: 0
date: Sun, 04 Dec 2022 02:45:08 GMT
server: LiteSpeed
vary: User-Agent

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 02:45:09 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 04 Dec 2022 02:08:58 GMT
cache-control: public,max-age=3600
age: 2171
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

www.nxtgain.com/356volp/login.php

65.20.75.226

404 Not Found

3.8 kB

URL HTTP/1.1
www.nxtgain.com/356volp/login.php
IP
65.20.75.226:0
ASN
#20473 AS-CHOOPA

File type
HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1902), with CRLF, LF line terminators
Size
3.8 kB (3798 bytes)
Hash
853bef44a0b78e1a5ab2c67aeee34a26
b0cd94e61caf821afa82d56bba0d21d68add1653
0bae30130a67771a5c6765b7b38b9f3728a0557e2eb56958e7b6a4ec0235efcf

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /356volp/login.php HTTP/1.1
Host: www.nxtgain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.nxtgain.com/wp-json/>; rel="https://api.w.org/"
transfer-encoding: chunked
content-encoding: gzip
vary: Accept-Encoding,User-Agent
date: Sun, 04 Dec 2022 02:45:09 GMT
server: LiteSpeed

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
a151c326c67e1abb747847c1427db76f
80885d30ef8ba867bf33c40b861976958a27493a
de2b573ee1c8af980e593352e0c331b2595f62bd4499300ace30821d20814760

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3180
Cache-Control: max-age=112482
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 02:45:09 GMT
Etag: "638b11ab-1d7"
Expires: Mon, 05 Dec 2022 09:59:51 GMT
Last-Modified: Sat, 03 Dec 2022 09:06:51 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471

fonts.googleapis.com/css?family=Montserrat%3A100%2C100i%2C300%2C300i%2C400%2C400i%2C500%2C500i%2C600%2C600i%2C700%2C700i%2C800%2C800i%7COpen+Sans%3A400%2C400i%2C600%2C600i%2C700%2C700i&subset=latin%2Clatin-ext

142.250.74.106

200 OK

1.4 kB

URL HTTP/1.1
fonts.googleapis.com/css?family=Montserrat%3A100%2C100i%2C300%2C300i%2C400%2C400i%2C500%2C500i%2C600%2C600i%2C700%2C700i%2C800%2C800i%7COpen+Sans%3A400%2C400i%2C600%2C600i%2C700%2C700i&subset=latin%2Clatin-ext
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
1.4 kB (1368 bytes)
Hash
96538070ba81e568d331cb22d474da07
c0727a416ee8fcdfa3ba0160c0ab6bfe01b8a87a
65c2191d2b8ffc52f7f83d288e5b9bb3c9507b7ffe11b4fea8ea4805a836a541

HTTP Headers

GET /css?family=Montserrat%3A100%2C100i%2C300%2C300i%2C400%2C400i%2C500%2C500i%2C600%2C600i%2C700%2C700i%2C800%2C800i%7COpen+Sans%3A400%2C400i%2C600%2C600i%2C700%2C700i&subset=latin%2Clatin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.nxtgain.com/

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sun, 04 Dec 2022 02:45:09 GMT
Date: Sun, 04 Dec 2022 02:45:09 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff

www.nxtgain.com/wp-includes/css/dist/block-library/style.min.css?ver=5.4.12

65.20.75.226

200 OK

7.6 kB

URL HTTP/1.1
www.nxtgain.com/wp-includes/css/dist/block-library/style.min.css?ver=5.4.12
IP
65.20.75.226:0
ASN
#20473 AS-CHOOPA

File type
ASCII text, with very long lines (28088)
Size
7.6 kB (7624 bytes)
Hash
8352f5522fd5f4be771cfdc668ef4000
ced844dc9a8941ce3a3001a338d1922b596194e0
7ca12fd9f2da9640c5645bce572d39f193f686929ef14f5acef17a16bfb7ef8c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=5.4.12 HTTP/1.1
Host: www.nxtgain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.nxtgain.com/356volp/login.php

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 02:45:09 GMT
content-type: text/css
last-modified: Fri, 24 Apr 2020 21:02:14 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 7624
date: Sun, 04 Dec 2022 02:45:09 GMT
server: LiteSpeed

www.nxtgain.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.3

65.20.75.226

200 OK

657 B

URL HTTP/1.1
www.nxtgain.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.3
IP
65.20.75.226:0
ASN
#20473 AS-CHOOPA

File type
ASCII text
Size
657 B (657 bytes)
Hash
05693f8e3634eaa294f415f241b633b6
8136e661102dfe848f2ce6bf384b9aba8e2829cc
550c7691a7e68e174472d3b68b3b147e40cdfe90335e9cd441cffeece9f9dfc4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.3 HTTP/1.1
Host: www.nxtgain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.nxtgain.com/356volp/login.php

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 02:45:09 GMT
content-type: text/css
last-modified: Mon, 22 Jul 2019 02:22:08 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 657
date: Sun, 04 Dec 2022 02:45:09 GMT
server: LiteSpeed

www.nxtgain.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.0.5

65.20.75.226

200 OK

12 kB

URL HTTP/1.1
www.nxtgain.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.0.5
IP
65.20.75.226:0
ASN
#20473 AS-CHOOPA

File type
Unicode text, UTF-8 text, with very long lines (12602), with CRLF line terminators
Size
12 kB (11717 bytes)
Hash
293f7c8967bef2327f0a06447f369a32
ac5953a9ec158550b9feab55ce4437a74930cd89
f738169a709fed12fdf3dd4d14815b315092fc77a50e4c04ae4ced3b80189c08

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.0.5 HTTP/1.1
Host: www.nxtgain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.nxtgain.com/356volp/login.php

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 02:45:09 GMT
content-type: text/css
last-modified: Mon, 22 Jul 2019 02:22:15 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 11717
date: Sun, 04 Dec 2022 02:45:09 GMT
server: LiteSpeed

www.nxtgain.com/wp-content/themes/nxtgain/css/bootstrap.css?ver=4.0

65.20.75.226

200 OK

2.9 kB

URL HTTP/1.1
www.nxtgain.com/wp-content/themes/nxtgain/css/bootstrap.css?ver=4.0
IP
65.20.75.226:0
ASN
#20473 AS-CHOOPA

File type
ASCII text, with very long lines (11782), with CRLF line terminators
Size
2.9 kB (2861 bytes)
Hash
d0244ad133cf03d3ec682f72aea53b2d
d28d473d7447ed61c746a04eb3b74315ab96ba11
2470798145fcabb35557a490bd0399e3a47177a468da8dbb99e02129c898709c

HTTP Headers

GET /wp-content/themes/nxtgain/css/bootstrap.css?ver=4.0 HTTP/1.1
Host: www.nxtgain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.nxtgain.com/356volp/login.php

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 02:45:09 GMT
content-type: text/css
last-modified: Thu, 21 Feb 2019 11:14:30 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 2861
date: Sun, 04 Dec 2022 02:45:09 GMT
server: LiteSpeed

www.nxtgain.com/wp-content/themes/nxtgain/css/font-awesome.css?ver=5.4.12

65.20.75.226

200 OK

7.4 kB

URL HTTP/1.1
www.nxtgain.com/wp-content/themes/nxtgain/css/font-awesome.css?ver=5.4.12
IP
65.20.75.226:0
ASN
#20473 AS-CHOOPA

File type
troff or preprocessor input, ASCII text, with very long lines (372), with CRLF line terminators
Size
7.4 kB (7432 bytes)
Hash
217f0cd80d51d12709faa5a5197f1b65
4e75f8877d2b26428ddd6fb7656f4e5593a6ea07
d2d3b1a7c06748a7a3383c55248506ab1e22a78f258155d5ff7e88c30d1b15c0

HTTP Headers

GET /wp-content/themes/nxtgain/css/font-awesome.css?ver=5.4.12 HTTP/1.1
Host: www.nxtgain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.nxtgain.com/356volp/login.php

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 02:45:09 GMT
content-type: text/css
last-modified: Thu, 21 Feb 2019 05:48:20 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 7432
date: Sun, 04 Dec 2022 02:45:09 GMT
server: LiteSpeed

push.services.mozilla.com/

54.148.213.75

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.148.213.75:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: N7SH1VOZWguxMF3qHHAaKg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: FPuRiHErkED0MkCIcO7hfYfcNvk=

www.nxtgain.com/wp-content/themes/nxtgain/css/ionicon.css?ver=5.4.12

65.20.75.226

200 OK

7.9 kB

URL HTTP/1.1
www.nxtgain.com/wp-content/themes/nxtgain/css/ionicon.css?ver=5.4.12
IP
65.20.75.226:0
ASN
#20473 AS-CHOOPA

File type
Unicode text, UTF-8 text, with very long lines (46105), with CRLF line terminators
Size
7.9 kB (7897 bytes)
Hash
0a519e7ebbd0a194fd8eb6d3cf340031
d1593d962080a1e92242e5e12fd019ff91aec965
14edff9fa7a737abce6501e79d887760c84e3fed1e88a566a42dd2cc6a8c7285

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/nxtgain/css/ionicon.css?ver=5.4.12 HTTP/1.1
Host: www.nxtgain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.nxtgain.com/356volp/login.php

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 02:45:09 GMT
content-type: text/css
last-modified: Tue, 02 Apr 2019 10:02:14 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 7897
date: Sun, 04 Dec 2022 02:45:09 GMT
server: LiteSpeed

www.nxtgain.com/wp-content/themes/nxtgain/css/slick.css?ver=5.4.12

65.20.75.226

200 OK

569 B

URL HTTP/1.1
www.nxtgain.com/wp-content/themes/nxtgain/css/slick.css?ver=5.4.12
IP
65.20.75.226:0
ASN
#20473 AS-CHOOPA

File type
ASCII text
Size
569 B (569 bytes)
Hash
c376472f2243e213233ca051a7424bdc
9e69720160e3d4a1fa76d6a14c4e1aef1c1c3979
02b0c992d0bce436f0f24aaa70cfb894ff5cb27b61c50a412431a19ee7bcea98

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/nxtgain/css/slick.css?ver=5.4.12 HTTP/1.1
Host: www.nxtgain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.nxtgain.com/356volp/login.php

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 02:45:09 GMT
content-type: text/css
last-modified: Mon, 12 Nov 2018 10:30:16 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 569
date: Sun, 04 Dec 2022 02:45:09 GMT
server: LiteSpeed

www.nxtgain.com/wp-content/themes/nxtgain/css/slick-theme.css?ver=5.4.12

65.20.75.226

200 OK

802 B

URL HTTP/1.1
www.nxtgain.com/wp-content/themes/nxtgain/css/slick-theme.css?ver=5.4.12
IP
65.20.75.226:0
ASN
#20473 AS-CHOOPA

File type
Unicode text, UTF-8 text
Size
802 B (802 bytes)
Hash
caee8a103955b0e4c0c5b2f656c90550
bcc45c9d1e6b792ca548739cef6f26f8e7be28ab
779f1a1d644924a4c9a6ff0371fca7f93c6e423dc504cdd142a7b19160e4ba76

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/nxtgain/css/slick-theme.css?ver=5.4.12 HTTP/1.1
Host: www.nxtgain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.nxtgain.com/356volp/login.php

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 02:45:10 GMT
content-type: text/css
last-modified: Wed, 24 Apr 2019 08:13:44 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 802
date: Sun, 04 Dec 2022 02:45:10 GMT
server: LiteSpeed

www.nxtgain.com/wp-content/themes/nxtgain/css/magnific-popup.css?ver=5.4.12

65.20.75.226

200 OK

1.8 kB

URL HTTP/1.1
www.nxtgain.com/wp-content/themes/nxtgain/css/magnific-popup.css?ver=5.4.12
IP
65.20.75.226:0
ASN
#20473 AS-CHOOPA

File type
ASCII text, with very long lines (5877), with CRLF line terminators
Size
1.8 kB (1826 bytes)
Hash
7e6142e3df7dfb91aaacaa67799d3873
a335181f17c7e5f2bb8fecdb43f6223764f83176
22e5969a3a8aa06466b31acc503d75d1f1650f1c2979564e20011ef43118983c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/nxtgain/css/magnific-popup.css?ver=5.4.12 HTTP/1.1
Host: www.nxtgain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.nxtgain.com/356volp/login.php

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 02:45:10 GMT
content-type: text/css
last-modified: Wed, 08 May 2019 05:56:44 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 1826
date: Sun, 04 Dec 2022 02:45:10 GMT
server: LiteSpeed

www.nxtgain.com/wp-content/themes/nxtgain/css/royal-preload.css?ver=5.4.12

65.20.75.226

200 OK

1.4 kB

URL HTTP/1.1
www.nxtgain.com/wp-content/themes/nxtgain/css/royal-preload.css?ver=5.4.12
IP
65.20.75.226:0
ASN
#20473 AS-CHOOPA

File type
ASCII text, with CRLF line terminators
Size
1.4 kB (1418 bytes)
Hash
f52d45d57f1054b0d52cf33c7e188bdf
7a159ecff6cbeee4ee03096ea2321e5e82c2d433
36dc53795f740be5643152ce85bb6f0c7ffa54bee70e86456e2a3d4120a40b0f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/nxtgain/css/royal-preload.css?ver=5.4.12 HTTP/1.1
Host: www.nxtgain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.nxtgain.com/356volp/login.php

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 02:45:10 GMT
content-type: text/css
last-modified: Fri, 12 Apr 2019 11:46:52 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 1418
date: Sun, 04 Dec 2022 02:45:10 GMT
server: LiteSpeed

www.nxtgain.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1

65.20.75.226

200 OK

4.0 kB

URL HTTP/1.1
www.nxtgain.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
IP
65.20.75.226:0
ASN
#20473 AS-CHOOPA

File type
ASCII text, with very long lines (9959)
Size
4.0 kB (4034 bytes)
Hash
2f89b08855471c7476435ce0bec33ba7
970533f152623df03b5fc6fb793b21889e4e0349
d200586b6dd1ff779b6c30947361ff736e076d8c7d502505ab3174ca33455ea0

HTTP Headers

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1
Host: www.nxtgain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.nxtgain.com/356volp/login.php

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 02:45:10 GMT
content-type: application/javascript
last-modified: Fri, 20 May 2016 11:41:28 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 4034
date: Sun, 04 Dec 2022 02:45:10 GMT
server: LiteSpeed

www.nxtgain.com/wp-content/themes/nxtgain/style.css?ver=5.4.12

65.20.75.226

200 OK

16 kB

URL HTTP/1.1
www.nxtgain.com/wp-content/themes/nxtgain/style.css?ver=5.4.12
IP
65.20.75.226:0
ASN
#20473 AS-CHOOPA

File type
Unicode text, UTF-8 text, with very long lines (483)
Size
16 kB (16436 bytes)
Hash
ee0520d0c2fef56aec3612e532532948
a81cc91954f18145b014a89d07a37255ca542b52
0bc49c6126d02c551377ca4bf07ea6dc6cd547bffd64e21a02f91734e134a574

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/nxtgain/style.css?ver=5.4.12 HTTP/1.1
Host: www.nxtgain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.nxtgain.com/356volp/login.php

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 02:45:10 GMT
content-type: text/css
last-modified: Mon, 03 Jun 2019 15:34:46 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 16436
date: Sun, 04 Dec 2022 02:45:10 GMT
server: LiteSpeed

www.nxtgain.com/wp-content/themes/nxtgain/js/royal_preloader.min.js?ver=1.0

65.20.75.226

200 OK

2.7 kB

URL HTTP/1.1
www.nxtgain.com/wp-content/themes/nxtgain/js/royal_preloader.min.js?ver=1.0
IP
65.20.75.226:0
ASN
#20473 AS-CHOOPA

File type
ASCII text, with very long lines (550), with CRLF line terminators
Size
2.7 kB (2718 bytes)
Hash
9480c91dbe7f48f4b0d0d0c4e5aeb487
f23d2df33d95d9767ac276058a7227789f493431
53492cd6c4db7f9c4b56273703f462b7026a7fd571b1006f1774e2e804626d27

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/nxtgain/js/royal_preloader.min.js?ver=1.0 HTTP/1.1
Host: www.nxtgain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.nxtgain.com/356volp/login.php

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 02:45:10 GMT
content-type: application/javascript
last-modified: Wed, 03 Apr 2019 11:28:12 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 2718
date: Sun, 04 Dec 2022 02:45:10 GMT
server: LiteSpeed

www.nxtgain.com/wp-includes/js/wp-emoji-release.min.js?ver=5.4.12

65.20.75.226

200 OK

4.7 kB

URL HTTP/1.1
www.nxtgain.com/wp-includes/js/wp-emoji-release.min.js?ver=5.4.12
IP
65.20.75.226:0
ASN
#20473 AS-CHOOPA

File type
ASCII text, with very long lines (10927)
Size
4.7 kB (4655 bytes)
Hash
6d2660ddf1328851cc8b3ebf018a6a3b
d5dd0b74984ec56d7ce608dfbadc62d1b368d39d
38412119e2c14432fed8388c668e128a92c2f94ddfee23c43cca96e4ad03b13b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js?ver=5.4.12 HTTP/1.1
Host: www.nxtgain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.nxtgain.com/356volp/login.php

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 02:45:10 GMT
content-type: application/javascript
last-modified: Fri, 05 Feb 2021 08:42:12 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 4655
date: Sun, 04 Dec 2022 02:45:10 GMT
server: LiteSpeed

www.nxtgain.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

65.20.75.226

200 OK

34 kB

URL HTTP/1.1
www.nxtgain.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
IP
65.20.75.226:0
ASN
#20473 AS-CHOOPA

File type
ASCII text, with very long lines (31997)
Size
34 kB (33836 bytes)
Hash
167b4b3aef1415384a1d72a851584464
7edb972190b2048300fb5eb1668e54ec049b91a2
2d29b6f8700dbeda5b83991887d89ef850f3d570946b8eef360a86b9adcb0fb3

HTTP Headers

GET /wp-includes/js/jquery/jquery.js?ver=1.12.4-wp HTTP/1.1
Host: www.nxtgain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.nxtgain.com/356volp/login.php

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 02:45:10 GMT
content-type: application/javascript
last-modified: Fri, 17 May 2019 09:55:54 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 33836
date: Sun, 04 Dec 2022 02:45:10 GMT
server: LiteSpeed

www.nxtgain.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.0.5

65.20.75.226

200 OK

68 kB

URL HTTP/1.1
www.nxtgain.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.0.5
IP
65.20.75.226:0
ASN
#20473 AS-CHOOPA

File type
ASCII text, with very long lines (64288)
Size
68 kB (67497 bytes)
Hash
7229c4efcbfb09e4ddc8209891191424
202cc194fb521846e80627eabe8eb07e38cf86f9
a2dcb6d3a7b167ff57d010bc42d4c836e2ac46234f76b2fa9aa164c2fadf5572

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.0.5 HTTP/1.1
Host: www.nxtgain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.nxtgain.com/356volp/login.php

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 02:45:10 GMT
content-type: application/javascript
last-modified: Mon, 22 Jul 2019 02:22:15 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 67497
date: Sun, 04 Dec 2022 02:45:10 GMT
server: LiteSpeed

www.nxtgain.com/wp-content/plugins/revslider/public/assets/js/revolution.tools.min.js?ver=6.0

65.20.75.226

200 OK

51 kB

URL HTTP/1.1
www.nxtgain.com/wp-content/plugins/revslider/public/assets/js/revolution.tools.min.js?ver=6.0
IP
65.20.75.226:0
ASN
#20473 AS-CHOOPA

File type
ASCII text, with very long lines (32005), with CRLF line terminators
Size
51 kB (50898 bytes)
Hash
47d0dc3e0914d7aa3f250cdafe8c92e0
d39806cb1c6e75151d1574f99f000e5f969070ab
2f73d0e9a4d8e9d41ad4813b956c9705c8b758435a7164615e38e9c86945ac8e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/revslider/public/assets/js/revolution.tools.min.js?ver=6.0 HTTP/1.1
Host: www.nxtgain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.nxtgain.com/356volp/login.php

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 02:45:10 GMT
content-type: application/javascript
last-modified: Mon, 22 Jul 2019 02:22:15 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 50898
date: Sun, 04 Dec 2022 02:45:10 GMT
server: LiteSpeed

www.nxtgain.com/wp-content/uploads/2022/07/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCvr70w9.woff

65.20.75.226

200 OK

51 kB

URL HTTP/1.1
www.nxtgain.com/wp-content/uploads/2022/07/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCvr70w9.woff
IP
65.20.75.226:0
ASN
#20473 AS-CHOOPA

File type
Web Open Font Format, TrueType, length 51140, version 1.1\012- data
Size
51 kB (51140 bytes)
Hash
7e62f035488c204b8c4132650fdb51e3
77f9adf90b2241ba4a5acdaeb8531b982ff8a2f1
6c9aadcccf72e7f54b34bdfb7cc5a637b8e5593242c54bc8e1acf3a34318923a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/uploads/2022/07/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCvr70w9.woff HTTP/1.1
Host: www.nxtgain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.nxtgain.com/356volp/login.php

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 02:45:10 GMT
content-type: font/woff
last-modified: Fri, 15 Jul 2022 02:10:08 GMT
accept-ranges: bytes
content-length: 51140
date: Sun, 04 Dec 2022 02:45:10 GMT
server: LiteSpeed
vary: User-Agent

www.nxtgain.com/wp-content/uploads/2022/08/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0C4k.woff

65.20.75.226

200 OK

71 kB

URL HTTP/1.1
www.nxtgain.com/wp-content/uploads/2022/08/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0C4k.woff
IP
65.20.75.226:0
ASN
#20473 AS-CHOOPA

File type
Web Open Font Format, TrueType, length 70856, version 1.1\012- data
Size
71 kB (70856 bytes)
Hash
3fd233b6831dfcb1d57b957d521e7cb6
c2ee85b43984d41ce7d8ef14f23a78123065989e
17d899f5cfdbf624b2a124d0b2b8404e331424ece648c5c5c0e7b3d03ccc6a40

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/uploads/2022/08/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0C4k.woff HTTP/1.1
Host: www.nxtgain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.nxtgain.com/356volp/login.php

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 02:45:10 GMT
content-type: font/woff
last-modified: Tue, 16 Aug 2022 02:37:21 GMT
accept-ranges: bytes
content-length: 70856
date: Sun, 04 Dec 2022 02:45:10 GMT
server: LiteSpeed
vary: User-Agent

www.nxtgain.com/wp-content/themes/nxtgain/images/404-error.png

65.20.75.226

200 OK

384 kB

URL HTTP/1.1
www.nxtgain.com/wp-content/themes/nxtgain/images/404-error.png
IP
65.20.75.226:0
ASN
#20473 AS-CHOOPA

File type
PNG image data, 576 x 836, 8-bit/color RGBA, non-interlaced\012- data
Size
384 kB (384435 bytes)
Hash
af6e18cd1b01fa81df676b7adaa6d75a
0e7b3773dfdb20dd9d7aa50d7459dfbbcdb5dc16
9dd7afdd1abc67f9099c9a567f21ce76eb72498f17af3e6e5a02584597afcd00

HTTP Headers

GET /wp-content/themes/nxtgain/images/404-error.png HTTP/1.1
Host: www.nxtgain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.nxtgain.com/356volp/login.php

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 11 Dec 2022 02:45:10 GMT
content-type: image/png
last-modified: Thu, 14 Mar 2019 09:46:10 GMT
accept-ranges: bytes
content-length: 384435
date: Sun, 04 Dec 2022 02:45:10 GMT
server: LiteSpeed
vary: User-Agent

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2537
Expires: Sun, 04 Dec 2022 03:27:28 GMT
Date: Sun, 04 Dec 2022 02:45:11 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2537
Expires: Sun, 04 Dec 2022 03:27:28 GMT
Date: Sun, 04 Dec 2022 02:45:11 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2537
Expires: Sun, 04 Dec 2022 03:27:28 GMT
Date: Sun, 04 Dec 2022 02:45:11 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2537
Expires: Sun, 04 Dec 2022 03:27:28 GMT
Date: Sun, 04 Dec 2022 02:45:11 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2537
Expires: Sun, 04 Dec 2022 03:27:28 GMT
Date: Sun, 04 Dec 2022 02:45:11 GMT
Connection: keep-alive

www.nxtgain.com/favicon.ico

65.20.75.226

404 Not Found

1.2 kB

URL HTTP/1.1
www.nxtgain.com/favicon.ico
IP
65.20.75.226:0
ASN
#20473 AS-CHOOPA

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.nxtgain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.nxtgain.com/356volp/login.php

HTTP/1.1 404 Not Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Sun, 04 Dec 2022 02:45:11 GMT
server: LiteSpeed
vary: User-Agent

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F826f887d-ca78-40db-9b7d-6c693667c155.jpeg

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F826f887d-ca78-40db-9b7d-6c693667c155.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7503 bytes)
Hash
c1a6f4805f59db44f9d3520d88701a58
6a0258e8c97ce09f1723382c8a16d9682b7dc50c
ae120df5e96352c6998c24c69c709dfd2b01a7ff8a7b935d496757fd7661f2f5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F826f887d-ca78-40db-9b7d-6c693667c155.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7503
x-amzn-requestid: a4120308-c51e-4cff-99c2-90e86018b05d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cgZjCGkVIAMFpsw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6389a2e0-6fdf362a6d32449239476155;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 07:01:52 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dy619jlSTwCjwDhGuLmwTMcmuYj1Kg2oLA7xORyAYX8IHWimhNo6pw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 07:16:04 GMT
age: 70147
etag: "6a0258e8c97ce09f1723382c8a16d9682b7dc50c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb8cb98e4-6956-416c-82e2-269c1c3a9ea7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.4 kB (9447 bytes)
Hash
95358bd2d700ee56273f5c03bb1b0ec9
3382013402b80585d811e8df916e32c055e559b7
9bdcf882b96fbbac533a799269480cc1af0e1dd891854939e1500adf2a5d1c10

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb8cb98e4-6956-416c-82e2-269c1c3a9ea7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9447
x-amzn-requestid: 7f33035c-70b3-4efd-9bbe-0975847cb21a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltmLExfoAMFwYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc2f4-20c26c902a341f7a00b62316;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:43:16 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1A8SX9QrxHL-wxtsIqbpgSd5p9kN1dQgj1tqBqjB_Hu5nsQhMYwLYA==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:56:59 GMT
age: 17292
etag: "3382013402b80585d811e8df916e32c055e559b7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (16143 bytes)
Hash
14dcca2a9c4792d835ee709bcd947402
1d702df3a64258628f4124eafd580695f2d350af
da01dcd8fef7c50bdb6f7a8a6a4955694092f479df3dba72f7fa69d7280d07b2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 16143
x-amzn-requestid: dc86fad4-4e53-42c9-9b0a-5e4d2cfcd087
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGyLGqmoAMFnaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a7-0ea324b31e8c6578098b8ab9;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kRs3oBWnSs5asyPdvz6kkooy7pqm2Yr8R_2x8EXCVn3dBz_aEJurRQ==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 07:26:43 GMT
age: 69508
etag: "1d702df3a64258628f4124eafd580695f2d350af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10431 bytes)
Hash
2636f91bb8fa4d9bb7bef114c248a9ae
8637105f41058bc0d2b259d462b560881928adb6
3d93fd8fcf1af31d00ccbd453142dbea5f2b91d7f58373095943ed40a31ed1f7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10431
x-amzn-requestid: f79ab5e7-8c1b-4827-a531-aaa19c1d80aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsCGEwxIAMF34g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc073-6358d2950955884c470c0a89;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PQ7xh995cd1UVi3z42EVZGjQjHLLvtAP5BBC-xLEEGr4mEiXS6fC-w==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:47:06 GMT
age: 17885
etag: "8637105f41058bc0d2b259d462b560881928adb6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f00caab-057c-4cc2-a163-fd0bb4d0b5f7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11482 bytes)
Hash
1521243a6fc065bb631bfbde22886fa2
527220e4e8cd1065ce05fcd0694d0d703d817e2e
b83ebf768bbfb34f49d5467f3dfb43ceb3ca3d30d3454e6f37db9aef72d7689a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f00caab-057c-4cc2-a163-fd0bb4d0b5f7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11482
x-amzn-requestid: d1db05ab-bd5d-4ad4-96b4-8f439152e435
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clssNEeAoAMFh_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc181-0221c53842a2f5ef071e8071;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:37:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: t1vmY4fBoLpFjqHbLyMewgUrpvRjqG4QTAuA4BeB4Gl2jqbxI0gYQA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:50:08 GMT
age: 17703
etag: "527220e4e8cd1065ce05fcd0694d0d703d817e2e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5681 bytes)
Hash
43309032a892c486f9985ef520df696e
36f4682ca6a33ff80ee02129c77e6f27e996ede0
24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Uz-wJTZjej3sjP-O68BQ4hB_kkAecG0o7GkeZUan90ZgV87g0Cg_ZA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:52:38 GMT
age: 17553
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations