Report - aggridenergy.com/2Off/24496317388f40cbbf0031a7ec753521/Login0.php

Report Overview

URL

aggridenergy.com/2Off/24496317388f40cbbf0031a7ec753521/Login0.php
IP

209.182.193.5

ASN

#22611 INMOTION
Submitted

2023-03-20T15:54:13Z

Access

public
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

14

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
img-getpocket.cdn.mozilla.net (6)	1631	2018-06-22T01:36:00Z	2023-03-26T05:09:08Z	3245	57562	34.120.237.76
www.google.com (1)	7	2015-05-10T13:11:19Z	2023-03-25T21:05:45Z	331	1052	142.250.74.164
maps.google.com (1)	1899	2012-09-11T01:07:43Z	2023-03-26T05:22:07Z	480	60846	142.250.74.46
fonts.googleapis.com (2)	8877	2013-06-10T22:14:26Z	2023-03-26T06:22:54Z	874	335242	216.58.207.202
fonts.gstatic.com (5)	unknown	2014-09-09T02:40:21Z	2023-03-25T22:19:37Z	2452	119669	142.250.74.35
r3.o.lencr.org (7)	344	2020-12-02T09:52:13Z	2023-03-25T18:12:03Z	2366	6202	23.36.76.226
firefox.settings.services.mozilla.com (2)	867	2020-06-04T22:08:41Z	2023-03-25T18:14:26Z	782	2374	35.241.9.150
aggridenergy.com (71)	unknown	2017-04-04T10:42:08Z	2023-03-24T16:34:06Z	33901	5087491	209.182.193.5
ocsp.comodoca.com (1)	1696	2012-05-21T09:01:17Z	2023-03-26T05:10:10Z	341	1013	172.64.155.188
ocsp.pki.goog (8)	175	2018-07-01T08:43:07Z	2023-03-26T05:10:41Z	2744	6087	142.250.74.163
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03T13:26:46Z	2023-03-26T05:11:12Z	413	5880	34.160.144.191
contile.services.mozilla.com (1)	1114	2021-05-27T20:32:35Z	2023-03-26T05:11:59Z	333	391	34.117.237.239
push.services.mozilla.com (1)	2140	2014-10-24T10:27:06Z	2023-03-26T05:10:29Z	606	127	34.208.209.112

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-03-20	medium	aggridenergy.com/2Off/24496317388f40cbbf0031a7ec753521/Login0.php	Phishing
2023-03-20	medium	aggridenergy.com/2Off/24496317388f40cbbf0031a7ec753521/Login0.php	Phishing
2023-03-20	medium	aggridenergy.com/	Phishing
2023-03-20	medium	aggridenergy.com/wp-content/cache/wpfc-minified/g2qoble5/4532g.js	Phishing
2023-03-20	medium	aggridenergy.com/wp-content/cache/wpfc-minified/212eixb4/4532g.js	Phishing
2023-03-20	medium	aggridenergy.com/wp-content/cache/wpfc-minified/llgsfqer/4532g.js	Phishing
2023-03-20	medium	aggridenergy.com/wp-content/cache/wpfc-minified/2mbnl9m9/4532g.js	Phishing
2023-03-20	medium	aggridenergy.com/wp-content/cache/wpfc-minified/7o13zqx0/4532g.js	Phishing
2023-03-20	medium	aggridenergy.com/wp-content/cache/wpfc-minified/m03mv26a/4532g.js	Phishing
2023-03-20	medium	aggridenergy.com/wp-content/cache/wpfc-minified/1fs19zbk/4532g.js	Phishing
2023-03-20	medium	aggridenergy.com/wp-content/cache/wpfc-minified/7jtj7t5r/4532g.js	Phishing
2023-03-20	medium	aggridenergy.com/wp-content/themes/betheme/fonts/mfn-icons.woff?23391439	Phishing
2023-03-20	medium	aggridenergy.com/wp-content/plugins/popups/public/assets/fonts/spufont.woff?sze5my	Phishing
2023-03-20	medium	aggridenergy.com/wp-content/plugins/revslider/public/assets/fonts/revicons/revicons.woff?5510888	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

HTTP Transactions (107)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

ec332b81a27117ce9c16b67a5a8e4fac

b6d2afa2c859d000ad830d3d8d73f57bac6ffce2

1dc32c78e4e850303813338fd4e9616a41c8c05d1063748a1e76a92c397a5e8f

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1DC32C78E4E850303813338FD4E9616A41C8C05D1063748A1E76A92C397A5E8F"
Last-Modified: Mon, 20 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5625
Expires: Mon, 20 Mar 2023 17:27:47 GMT
Date: Mon, 20 Mar 2023 15:54:02 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

00e304a3fc0c2f01af0e94fcefe0ca40

833969e75e5e13e823c8d97ee59a9821eb157ee3

c2b7f7ae4861f2dd16867de54c7e47d95582de77887f523841d9683a369d20a7

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2B7F7AE4861F2DD16867DE54C7E47D95582DE77887F523841D9683A369D20A7"
Last-Modified: Sun, 19 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2893
Expires: Mon, 20 Mar 2023 16:42:15 GMT
Date: Mon, 20 Mar 2023 15:54:02 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

5285a032a285729d3e4a546310ed052d

d370c14bbc2d168cc3703bcb6b94ea0ece26e69d

a811aac1eb89de0666a7de8d3eda1dc3affa7ce5353219211a1beee1211536b5

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A811AAC1EB89DE0666A7DE8D3EDA1DC3AFFA7CE5353219211A1BEEE1211536B5"
Last-Modified: Mon, 20 Mar 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6993
Expires: Mon, 20 Mar 2023 17:50:35 GMT
Date: Mon, 20 Mar 2023 15:54:02 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

84db75194692d4afe13196bda6f22da8

4c1f49bc973a4917f146d93c8d598344edc021f6

a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Alert, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 20 Mar 2023 15:14:55 GMT
content-type: application/json
age: 2347
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

e7bace7c1e04d44012e37ddffe36e5d5

3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2

6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: WKvijN/fKgVUNay6Ajgh8ZYcEPyJi3XFu56YVxXnYU2V3sIubBUEA6mpa6TZFIfYv2gsh+4bDM8=
x-amz-request-id: 8C2197F4PM4QHM24
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 20 Mar 2023 15:52:49 GMT
age: 73
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Mon, 20 Mar 2023 15:54:02 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Last-Modified, Content-Length, Pragma, Expires, ETag, Backoff, Alert, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 20 Mar 2023 15:14:32 GMT
age: 2370
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

4c195a3fc0c2abb831630cef1dcfa770

eda338de3063640556177b9db364c33193d7f6dc

c22eb0537cd79666b82fe61dd77fe9b0b3c059a4c65d405412acfc2c6800b444

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C22EB0537CD79666B82FE61DD77FE9B0B3C059A4C65D405412ACFC2C6800B444"
Last-Modified: Sun, 19 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5705
Expires: Mon, 20 Mar 2023 17:29:08 GMT
Date: Mon, 20 Mar 2023 15:54:03 GMT
Connection: keep-alive

push.services.mozilla.com/

34.208.209.112

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

34.208.209.112:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: /ORi+VSBIL8IvjHBWhzEIg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 78EwtAaS72Bmld8m8UFjKWzOnxY=

aggridenergy.com/2Off/24496317388f40cbbf0031a7ec753521/Login0.php

209.182.193.5

301 Moved Permanently

URL HTTP/1.1

aggridenergy.com/2Off/24496317388f40cbbf0031a7ec753521/Login0.php
IP

209.182.193.5:0
ASN

#22611 INMOTION

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /2Off/24496317388f40cbbf0031a7ec753521/Login0.php HTTP/1.1
Host: aggridenergy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 301 Moved Permanently
Date: Mon, 20 Mar 2023 15:54:02 GMT
Server: Apache
Pragma: no-cache
Expires: Mon, 20 Mar 2023 16:54:03 GMT
Cache-Control: max-age=3600
X-Redirect-By: WordPress
Set-Cookie: PHPSESSID=d28a06baa0f58532bb835b9ce78016a3; path=/
Strict-Transport-Security: max-age=63072000; includeSubDomains
Location: https://aggridenergy.com/2Off/24496317388f40cbbf0031a7ec753521/Login0.php
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Permissions-Policy: geolocation 'self'; vibrate 'none'
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

ocsp.comodoca.com/

172.64.155.188

200 OK

472

URL HTTP/1.1

ocsp.comodoca.com/
IP

172.64.155.188:0
ASN

#13335 CLOUDFLARENET

Magic

data

Size

472
Hash

8bb20928d5a5ee44c5952df8885a69dd

28bb3cc44d88cf693b5199c1102f8b1cd12a0de4

7184a1281b5e926bcd5a6f2606b6adeab4ed6c87b76414430df93f15ac4d806c

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.comodoca.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Mon, 20 Mar 2023 15:54:04 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 20 Mar 2023 08:44:47 GMT
Expires: Mon, 27 Mar 2023 08:44:46 GMT
Etag: "28bb3cc44d88cf693b5199c1102f8b1cd12a0de4"
Cache-Control: max-age=592654,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7aaf21b198a50b61-OSL

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

de95776582936b8e129e876cf6d80fa8

0233251e1cf0123f1260d980d7c8ef92718723f9

49c07da2ab4ebd66bd166bf0e20dd084b38973cd40c79f85eb283d15a1ccac36

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "49C07DA2AB4EBD66BD166BF0E20DD084B38973CD40C79F85EB283D15A1CCAC36"
Last-Modified: Sun, 19 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5765
Expires: Mon, 20 Mar 2023 17:30:09 GMT
Date: Mon, 20 Mar 2023 15:54:04 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

de95776582936b8e129e876cf6d80fa8

0233251e1cf0123f1260d980d7c8ef92718723f9

49c07da2ab4ebd66bd166bf0e20dd084b38973cd40c79f85eb283d15a1ccac36

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "49C07DA2AB4EBD66BD166BF0E20DD084B38973CD40C79F85EB283D15A1CCAC36"
Last-Modified: Sun, 19 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5765
Expires: Mon, 20 Mar 2023 17:30:09 GMT
Date: Mon, 20 Mar 2023 15:54:04 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

de95776582936b8e129e876cf6d80fa8

0233251e1cf0123f1260d980d7c8ef92718723f9

49c07da2ab4ebd66bd166bf0e20dd084b38973cd40c79f85eb283d15a1ccac36

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "49C07DA2AB4EBD66BD166BF0E20DD084B38973CD40C79F85EB283D15A1CCAC36"
Last-Modified: Sun, 19 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5765
Expires: Mon, 20 Mar 2023 17:30:09 GMT
Date: Mon, 20 Mar 2023 15:54:04 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7963a1ee-914e-454a-a5e7-9466ab707e33.jpeg

34.120.237.76

200 OK

7695

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7963a1ee-914e-454a-a5e7-9466ab707e33.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

7695
Hash

302595cc68fe8cf12121d0f652b3194d

e5532a3fed552246e8a63ea2ba75e174273a7b9f

6ca3599a9af06f51d4dc205d4ebd8f7f8b38c54864b6b478eac8c0d1adbc97c6

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7963a1ee-914e-454a-a5e7-9466ab707e33.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 7695
x-amzn-requestid: 1009077b-14aa-42e5-86f1-de94b8b2aba0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CDETIHf8oAMFxEA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641780e0-07bbb0376f1c1941731e00ba;Sampled=0
x-amzn-remapped-date: Sun, 19 Mar 2023 21:38:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: v9Nl9e72FJH0vW19kOEzsw_ibM-64AdrJlcg7sFRiOWKDDZoHJYbjA==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 0906d4887f6625f4a4467d8d4fd268d2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 19 Mar 2023 21:49:05 GMT
age: 65099
etag: "e5532a3fed552246e8a63ea2ba75e174273a7b9f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10338

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8afa2cdb-a5f3-4c78-a2ab-132c8b752b4b.png
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

10338
Hash

78453ba98b72eff3879ef163b59c86ed

80519bb3726ee1f9f211344cd433cefaed3a7f2e

61adfeff11af9583355ac7d1500e8a8d97357b2846f151f2421001994fb06655

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8afa2cdb-a5f3-4c78-a2ab-132c8b752b4b.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 10338
x-amzn-requestid: 9f880b5b-056c-44bb-a811-36ea27c232aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BvSgFGENoAMFuVw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-640f9799-2318d444248f7610300c658f;Sampled=0
x-amzn-remapped-date: Mon, 13 Mar 2023 21:37:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: bka10YWXvoKBRkwgvJNMzm1SSv_J1USzdugO9lPduHxe2uYFYkXh4w==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 e11ee4e3208082d534c251b36bbee268.cloudfront.net (CloudFront), 1.1 google
date: Mon, 20 Mar 2023 04:25:44 GMT
age: 41300
etag: "80519bb3726ee1f9f211344cd433cefaed3a7f2e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8195

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3db1704b-1ecd-4198-a98e-0353d4671a5c.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

8195
Hash

2a940b362660fdee25faaa51e08c439b

85fa91b5c4e6ddc1f3cf45eb6a4a3facfc6ad68c

18b99e3e890fdc959421c895ce343b8b3ed88819c83fa0009823e8ded23458f1

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3db1704b-1ecd-4198-a98e-0353d4671a5c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 8195
x-amzn-requestid: c6844a50-a6b2-4ef4-ad28-f1a0fbcec14f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CDFESEDGoAMFQ8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6417821b-22fa560d4b7811c233fe07fa;Sampled=0
x-amzn-remapped-date: Sun, 19 Mar 2023 21:43:55 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: WZ5MqPZ-MEjDt3N53EIx1XrerDmUkyvK-5FUXAmI29GXlGe6AaPqEg==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 219e8f088c8c2a564bdacafe44be620a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 19 Mar 2023 22:07:00 GMT
age: 64024
etag: "85fa91b5c4e6ddc1f3cf45eb6a4a3facfc6ad68c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7249

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1c8c491-aa6d-4268-a72a-1f4233962425.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

7249
Hash

4e5aa79770d71507827e79149031b5cf

338ee74f53fac2b19a90981bc4b02a3c3722a1fa

81df6f2312df6e488ae91c172ecf872d694497ffe80500f71eb97e6c06ff5f5f

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1c8c491-aa6d-4268-a72a-1f4233962425.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 7249
x-amzn-requestid: dfaf4924-b8c3-4b6b-a079-7c3903fdf4fb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CDDVjGJyIAMFS9w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64177f56-6379351b215dc2d9638de9ea;Sampled=0
x-amzn-remapped-date: Sun, 19 Mar 2023 21:32:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 6SrsIy07rGzqwuej2lpFFp0PdFnuWcen4ItGcBrNd_AXSWlU1vObSg==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 28fdf6e146f70e7372911f118404fb20.cloudfront.net (CloudFront), 1.1 google
date: Sun, 19 Mar 2023 21:46:54 GMT
age: 65230
etag: "338ee74f53fac2b19a90981bc4b02a3c3722a1fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12424

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bd8451-f062-4a29-9566-2fa60e012de2.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

12424
Hash

e1533684819dcbf9e77684c19eb86465

489f8f036efd23ce36085af127af7d6c794fe00b

9154a471013bd0972fad93ea4eeaf4b23f66dd1534e0d9cc302263aca0f94bd1

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67bd8451-f062-4a29-9566-2fa60e012de2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 12424
x-amzn-requestid: 64a89fbe-4ac0-4059-a481-37c30ae36928
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B8eOuEG2oAMF1Qw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6414dd91-0492160f3e8196a23fc53eda;Sampled=0
x-amzn-remapped-date: Fri, 17 Mar 2023 21:37:21 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: gzTYtxwUI2nKJ--UVjLZS9_wctY0mnZMGtIw8-T_FvkQFoaBe_K5pA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 31dfa94142c6eaf975b0e5454c00340a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 20 Mar 2023 02:06:31 GMT
age: 49653
etag: "489f8f036efd23ce36085af127af7d6c794fe00b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5311

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffb155f3-4b60-4d8c-879f-3b7bd1c5c129.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

5311
Hash

07289211ce045b31693c7bb59c06f338

210abec1182bb94b9d0e48827ecb8023611c4489

808b7bfa4b75cfb91e003d6375802da7d2719de29d4f64776dea57992b7632c4

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffb155f3-4b60-4d8c-879f-3b7bd1c5c129.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 5311
x-amzn-requestid: 3e000f36-3e2a-4008-950b-2e9f83306e51
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B_w3eFmtIAMF7EA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64162e95-1b9e4cc8033920ea365de22f;Sampled=0
x-amzn-remapped-date: Sat, 18 Mar 2023 21:35:17 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: D-ozN3h77HmOeQlqbHfQ5U-L26pifGyxPwnvJuwtRsfS2paMlt4eWg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 219e8f088c8c2a564bdacafe44be620a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 19 Mar 2023 21:45:57 GMT
age: 65287
etag: "210abec1182bb94b9d0e48827ecb8023611c4489"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

aggridenergy.com/2Off/24496317388f40cbbf0031a7ec753521/Login0.php

209.182.193.5

302 Found

URL HTTP/1.1

aggridenergy.com/2Off/24496317388f40cbbf0031a7ec753521/Login0.php
IP

209.182.193.5:0
ASN

#22611 INMOTION

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /2Off/24496317388f40cbbf0031a7ec753521/Login0.php HTTP/1.1
Host: aggridenergy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                        HTTP/1.1 302 Found
Date: Mon, 20 Mar 2023 15:54:04 GMT
Server: Apache
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://aggridenergy.com/wp-json/>; rel="https://api.w.org/"
Set-Cookie: PHPSESSID=bb85d16fbfe4222a31ff57536024cadb; path=/
Strict-Transport-Security: max-age=63072000; includeSubDomains
Location: /
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Permissions-Policy: geolocation 'self'; vibrate 'none'
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.163:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

e8fc65c8ed6ea66df6d6f044d7636fe2

da5b32e7c3fb8dddbd1466e4733cab6e35a66f8c

733e51b02cac5aca153e462118e12f623b0be034bb5488eb021c09a4b41744dc

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 20 Mar 2023 15:54:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/recaptcha/api.js

142.250.74.164

200 OK

554

URL HTTP/2

www.google.com/recaptcha/api.js
IP

142.250.74.164:0
ASN

#15169 GOOGLE

Magic

ASCII text, with very long lines (850), with no line terminators

Size

554
Hash

7a61332e081c1df94aee6da79ccab5cf

9a1b52aef388542cfa62d685399669420b8998ee

3edecdbe2c8dbe6ff85c45d382f9f608ed30a6618fa62b18282e03d866dc6dd7

HTTP Headers

                                        GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
expires: Mon, 20 Mar 2023 15:54:07 GMT
date: Mon, 20 Mar 2023 15:54:07 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 554
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

472

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.163:0
ASN

#15169 GOOGLE

Magic

data

Size

472
Hash

d2b91b87a3060a36d0002f6338924521

b216a0ae0e118f942207ae6c51a5309393fe79f4

835446923abce8bde27c74317de5388462f43f7cbf93293a15891a2a2554e406

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 20 Mar 2023 15:54:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.163:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

7b9696c5a484fe48a260ec0ac6f4c2dc

5fa72a6aae12370de4d88d0aa205f293e5a85c5b

578156cb0f02ebb0d6472976aa7186f70b49dfad8623edd5595b740ff1559d2c

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 20 Mar 2023 15:54:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.163:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

7b9696c5a484fe48a260ec0ac6f4c2dc

5fa72a6aae12370de4d88d0aa205f293e5a85c5b

578156cb0f02ebb0d6472976aa7186f70b49dfad8623edd5595b740ff1559d2c

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 20 Mar 2023 15:54:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.163:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

3ac4671deeca3302950bd5fce7f4ce3f

62b5d0c548949ee8d932231fcd01196cefc896aa

e4adf52f426f89cbc5a61507b21d33c817e5b8cee1e2709fe3ffecc1ec0c8731

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 20 Mar 2023 15:54:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

aggridenergy.com/

209.182.193.5

200 OK

210081

URL HTTP/1.1

aggridenergy.com/
IP

209.182.193.5:0
ASN

#22611 INMOTION

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (32830)

Size

210081
Hash

e3d2844aa7b2313d7f23e0e507d38759

1a62ab21da67a4aab569c7f3cc856f3b53f0049a

e0107c4a5e92f0f41cb6e619a0ea5842af36b747a67e16ab1bb559605684bc7f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET / HTTP/1.1
Host: aggridenergy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: PHPSESSID=bb85d16fbfe4222a31ff57536024cadb
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                        HTTP/1.1 200 OK
Date: Mon, 20 Mar 2023 15:54:06 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Strict-Transport-Security: max-age=63072000; includeSubDomains
Last-Modified: Mon, 13 Feb 2023 07:25:53 GMT
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Permissions-Policy: geolocation 'self'; vibrate 'none'
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

965

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

142.250.74.163:0
ASN

#15169 GOOGLE

Magic

gzip compressed data, max compression\012- data

Size

965
Hash

8dbd5a8e908adc15d1caef4753f2d455

ca824e6378bad37f0f0dee8a50dc5d81aa230e8e

03e9703b56c9f70cfec8faff8f165d3c9bca648985279aa19b7b32207359eeec

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 20 Mar 2023 15:54:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

aggridenergy.com/wp-content/cache/wpfc-minified/g2qoble5/4532g.js

209.182.193.5

200 OK

36699

URL HTTP/1.1

aggridenergy.com/wp-content/cache/wpfc-minified/g2qoble5/4532g.js
IP

209.182.193.5:0
ASN

#22611 INMOTION

Magic

ASCII text, with very long lines (36699), with no line terminators

Size

36699
Hash

a5bb24d70ef443d94ca6902e73aebe2d

da54888bdd526f7f4fcc0d9475fcf3fdc96c732c

ff0644b46d81e5e4b4aa0d241e7ca1e4483ee400c92a3cf7119df5165870c2d2

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /wp-content/cache/wpfc-minified/g2qoble5/4532g.js HTTP/1.1
Host: aggridenergy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://aggridenergy.com/
Connection: keep-alive
Cookie: PHPSESSID=bb85d16fbfe4222a31ff57536024cadb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Date: Mon, 20 Mar 2023 15:54:08 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains
Last-Modified: Wed, 01 Feb 2023 08:26:00 GMT
Accept-Ranges: bytes
Content-Length: 36699
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Permissions-Policy: geolocation 'self'; vibrate 'none'
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

maps.google.com/maps/api/js?key=AIzaSyC6lz5mPRvG759MZR98CfIeNjal9d3DsDA&libraries=geometry%2Cplaces%2Cweather%2Cpanoramio%2Cdrawing&language=en&ver=a0969dbb23be18b5e723a0d08e6c1c36

142.250.74.46

200 OK

60383

URL HTTP/2

maps.google.com/maps/api/js?key=AIzaSyC6lz5mPRvG759MZR98CfIeNjal9d3DsDA&libraries=geometry%2Cplaces%2Cweather%2Cpanoramio%2Cdrawing&language=en&ver=a0969dbb23be18b5e723a0d08e6c1c36
IP

142.250.74.46:0
ASN

#15169 GOOGLE

Magic

ASCII text, with very long lines (2397)

Size

60383
Hash

103ce520a4a4a55557d396e77bbb904b

35baa2181ce7fca0be07552f68055ee4a9f11574

5ac1e7870fc6c902275d518f5929045c539bc95d20468969c5803bb17342aeb3

HTTP Headers

                                        GET /maps/api/js?key=AIzaSyC6lz5mPRvG759MZR98CfIeNjal9d3DsDA&libraries=geometry%2Cplaces%2Cweather%2Cpanoramio%2Cdrawing&language=en&ver=a0969dbb23be18b5e723a0d08e6c1c36 HTTP/1.1
Host: maps.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
date: Mon, 20 Mar 2023 15:54:08 GMT
expires: Mon, 20 Mar 2023 16:24:08 GMT
cache-control: public, max-age=1800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-encoding: gzip
server: mafe
content-length: 60383
x-xss-protection: 0
x-frame-options: SAMEORIGIN
server-timing: gfet4t7; dur=32
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

aggridenergy.com/wp-content/cache/wpfc-minified/m0xj0zmv/4532g.css

209.182.193.5

200 OK

55276

URL HTTP/1.1

aggridenergy.com/wp-content/cache/wpfc-minified/m0xj0zmv/4532g.css
IP

209.182.193.5:0
ASN

#22611 INMOTION

Magic

ASCII text, with very long lines (12669)

Size

55276
Hash

195e75386497b37a51b44b76a03ea842

80a755e9a95a857a7aefb9578e20813f5b179867

0e704b0f2ba468d481cd6998a9242a92875a8be0a124950c2da2613acfe0a633

HTTP Headers

                                        GET /wp-content/cache/wpfc-minified/m0xj0zmv/4532g.css HTTP/1.1
Host: aggridenergy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://aggridenergy.com/
Connection: keep-alive
Cookie: PHPSESSID=bb85d16fbfe4222a31ff57536024cadb
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Date: Mon, 20 Mar 2023 15:54:08 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains
Last-Modified: Wed, 01 Feb 2023 08:26:00 GMT
Accept-Ranges: bytes
Content-Length: 55276
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Permissions-Policy: geolocation 'self'; vibrate 'none'
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

aggridenergy.com/wp-content/cache/wpfc-minified/fpuyhwtw/4532g.css

209.182.193.5

200 OK

94843

URL HTTP/1.1

aggridenergy.com/wp-content/cache/wpfc-minified/fpuyhwtw/4532g.css
IP

209.182.193.5:0
ASN

#22611 INMOTION

Magic

ASCII text, with very long lines (65517)

Size

94843
Hash

637d4fb4a8b2f0870e9b8e49255e592c

03cba1d70f6390b9f4f71010d54bf084f74af190

2d985ee6abbe22e18b1f004237b8d017126b6f803ab54ca51070c72dc55985bd

HTTP Headers

                                        GET /wp-content/cache/wpfc-minified/fpuyhwtw/4532g.css HTTP/1.1
Host: aggridenergy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://aggridenergy.com/
Connection: keep-alive
Cookie: PHPSESSID=bb85d16fbfe4222a31ff57536024cadb
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Date: Mon, 20 Mar 2023 15:54:08 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains
Last-Modified: Wed, 01 Feb 2023 08:26:00 GMT
Accept-Ranges: bytes
Content-Length: 94843
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Permissions-Policy: geolocation 'self'; vibrate 'none'
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

aggridenergy.com/wp-content/cache/wpfc-minified/212eixb4/4532g.js

209.182.193.5

200 OK

100717

URL HTTP/1.1

aggridenergy.com/wp-content/cache/wpfc-minified/212eixb4/4532g.js
IP

209.182.193.5:0
ASN

#22611 INMOTION

Magic

ASCII text, with very long lines (65536), with no line terminators

Size

100717
Hash

dec1e834aeadd19e474683c6b7cc349f

3b121faf96d995e811e7acc9e7c104ebdac29ff9

755cec52be387eead7cfa494890d811d0f0350be65b950c768ce0c0e9c5c4dc9

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /wp-content/cache/wpfc-minified/212eixb4/4532g.js HTTP/1.1
Host: aggridenergy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://aggridenergy.com/
Connection: keep-alive
Cookie: PHPSESSID=bb85d16fbfe4222a31ff57536024cadb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Date: Mon, 20 Mar 2023 15:54:08 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains
Last-Modified: Wed, 01 Feb 2023 08:26:00 GMT
Accept-Ranges: bytes
Content-Length: 100717
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Permissions-Policy: geolocation 'self'; vibrate 'none'
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

aggridenergy.com/wp-content/cache/wpfc-minified/llgsfqer/4532g.js

209.182.193.5

200 OK

648853

URL HTTP/1.1

aggridenergy.com/wp-content/cache/wpfc-minified/llgsfqer/4532g.js
IP

209.182.193.5:0
ASN

#22611 INMOTION

Magic

ASCII text, with very long lines (42887)

Size

648853
Hash

36703c1a2aeb0bc91a50ce31c7e6b3cd

da29d461e48662e0d20d619b95f7dcca96d78b0e

3717636c010503f9794864f31efd6adbdb5bbaff1d17934dc483f55c3cb47a94

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /wp-content/cache/wpfc-minified/llgsfqer/4532g.js HTTP/1.1
Host: aggridenergy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://aggridenergy.com/
Connection: keep-alive
Cookie: PHPSESSID=bb85d16fbfe4222a31ff57536024cadb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Date: Mon, 20 Mar 2023 15:54:08 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains
Last-Modified: Wed, 01 Feb 2023 08:26:00 GMT
Accept-Ranges: bytes
Content-Length: 648853
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Permissions-Policy: geolocation 'self'; vibrate 'none'
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

aggridenergy.com/wp-content/cache/wpfc-minified/2mbnl9m9/4532g.js

209.182.193.5

200 OK

117261

URL HTTP/1.1

aggridenergy.com/wp-content/cache/wpfc-minified/2mbnl9m9/4532g.js
IP

209.182.193.5:0
ASN

#22611 INMOTION

Magic

ASCII text, with very long lines (42887)

Size

117261
Hash

8e26fe90d00872292bff8c429afe2cde

b816fb615eef674e1695bebbd3f4fb500053c77b

19b130ee716eab9027e32d6587813230390c062596f8af1a00e2597b0b167dcf

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

                                        GET /wp-content/cache/wpfc-minified/2mbnl9m9/4532g.js HTTP/1.1
Host: aggridenergy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://aggridenergy.com/
Connection: keep-alive
Cookie: PHPSESSID=bb85d16fbfe4222a31ff57536024cadb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Date: Mon, 20 Mar 2023 15:54:08 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains
Last-Modified: Wed, 01 Feb 2023 08:26:00 GMT
Accept-Ranges: bytes
Content-Length: 117261
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Permissions-Policy: geolocation 'self'; vibrate 'none'
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

aggridenergy.com/wp-content/cache/wpfc-minified/gpd2hm6/4532g.css

209.182.193.5

200 OK

657

URL HTTP/1.1

aggridenergy.com/wp-content/cache/wpfc-minified/gpd2hm6/4532g.css
IP

209.182.193.5:0
ASN

#22611 INMOTION

Magic

ASCII text

Size

657
Hash

eb26ab4f14f0984d3ab97db731ef0596

000d0369be40c48e8695d0f7f7894926020eea49

671b43fc3673c3ee03cfd5f01a8e7223db3008fb0b26aba09035a173754f749b

HTTP Headers

                                        GET /wp-content/cache/wpfc-minified/gpd2hm6/4532g.css HTTP/1.1
Host: aggridenergy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://aggridenergy.com/
Connection: keep-alive
Cookie: PHPSESSID=bb85d16fbfe4222a31ff57536024cadb
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                        HTTP/1.1 200 OK
Date: Mon, 20 Mar 2023 15:54:08 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains
Last-Modified: Wed, 01 Feb 2023 08:26:00 GMT
Accept-Ranges: bytes
Content-Length: 657
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Permissions-Policy: geolocation 'self'; vibrate 'none'
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

aggridenergy.com/wp-content/cache/wpfc-minified/7o13zqx0/4532g.js

209.182.193.5

200 OK

14872

URL HTTP/1.1

aggridenergy.com/wp-content/cache/wpfc-minified/7o13zqx0/4532g.js
IP

209.182.193.5:0
ASN

#22611 INMOTION

Magic

HTML document textAlgol 68 source text\012- Pascal source, ASCII text, with very long lines (12650)

Size

14872
Hash

547f75c63218ddce74042d541dbf218e

5baff16831cf1856faa7b17000a5c1e6619c6fd1

2b299ec3fe37deddf9d126adcc35b38d34bf1b8e08e263e6049078b23164bf55

Detections

Analyzer	Verdict	Alert

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (40)

#1 JS:Script (size: 1121)

#2 JS:Script (size: 346)

#3 JS:Script (size: 1851)

#4 JS:Script (size: 387681)

#5 JS:Script (size: 369)

#6 JS:Script (size: 2364)

#7 JS:Script (size: 360)

#8 JS:Script (size: 1024)

#9 JS:Script (size: 14872)

#10 JS:Script (size: 333523)

#11 JS:Script (size: 1164)

#12 JS:Script (size: 280)

#13 JS:Script (size: 417)

#14 JS:Script (size: 1136)

#15 JS:Script (size: 173781)

#16 JS:Script (size: 357)

#17 JS:Script (size: 1106)

#18 JS:Script (size: 588)

#19 JS:Script (size: 100717)

#20 JS:Script (size: 1461)

#21 JS:Script (size: 23492)

#22 JS:Script (size: 2357)

#23 JS:Script (size: 2357)

#24 JS:Script (size: 11015)

#25 JS:Script (size: 3057)

#26 JS:Script (size: 1121)

#27 JS:Script (size: 745)

#28 JS:Script (size: 100)

#29 JS:Script (size: 850)

#30 JS:Script (size: 907)

#31 JS:Script (size: 185005)

#32 JS:Script (size: 117261)

#33 JS:Script (size: 2357)

#34 JS:Script (size: 2364)

#35 JS:Script (size: 1121)

#36 JS:Script (size: 2357)

#37 JS:Script (size: 320)

#38 JS:Script (size: 36699)

#39 JS:Script (size: 351)

#40 JS:Script (size: 386)

HTTP Transactions (107)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1