www.agenziagema.it/omanpost/auth/card.php
89.46.104.45301 Moved Permanently 168 B URL HTTP/1.1 www.agenziagema.it/omanpost/auth/card.php
IP 89.46.104.45:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82f04704c04c2706b1b96a73be2ff3a9
8cd210a378b7f54ce8945cdf1c7ce1f696171eee
ede97dbf06b3e703cd950b3591a29351ce9b24eccab58b1a913b3c7e4571bf02
Analyzer Verdict Alert openphish Generic/Spear Phishing
fortinet Phishing
GET /omanpost/auth/card.php HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: aruba-proxy
Date: Fri, 09 Dec 2022 05:20:54 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
Location: https://www.agenziagema.it/omanpost/auth/card.php
X-ServerName: ipvsproxy17.ad.aruba.it
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7181eff9c60e83eb0004ece591e47dca
0fd8cd0c9d10b0547938982e57d2c43e2d98679f
89c5c0e2d6890798644174a8e31976aec03a1b3deb03812afbb520e5ed68f522
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89C5C0E2D6890798644174A8E31976AEC03A1B3DEB03812AFBB520E5ED68F522"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3549
Expires: Fri, 09 Dec 2022 06:20:04 GMT
Date: Fri, 09 Dec 2022 05:20:55 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5273
Expires: Fri, 09 Dec 2022 06:48:48 GMT
Date: Fri, 09 Dec 2022 05:20:55 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19087
Expires: Fri, 09 Dec 2022 10:39:02 GMT
Date: Fri, 09 Dec 2022 05:20:55 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 05:08:17 GMT
content-type: application/json
age: 758
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 1yeTI4B23XO7/gUYLUrI4kLAPTRAPdYs3ur6NqgjETgj6931lxR5nCW0acB9+AS1uXUDe8GwyYw=
x-amz-request-id: KVQ6JBYDBX434WN4
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 04:50:07 GMT
age: 1848
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp06.actalis.it/VA/AUTHDV-G3
109.70.240.114200 3.9 kB URL HTTP/1.1 ocsp06.actalis.it/VA/AUTHDV-G3
IP 109.70.240.114:0
Hash 2e62c2bd1f175a83d829ac40aa7f2e95
0c0720b2d6474dbcf32b9f0e56b510c88b937484
7601a5e7d0aaec6727379e3108c623b2924cb616fc88e19d0aa6e296fe81ee5f
POST /VA/AUTHDV-G3 HTTP/1.1
Host: ocsp06.actalis.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Server: nginx
Date: Fri, 09 Dec 2022 05:20:55 GMT
Content-Type: application/ocsp-response
Content-Length: 3926
Connection: keep-alive
Last-Modified: Fri, 09 Dec 2022 03:20:00 GMT
Expires: Sat, 10 Dec 2022 03:19:59 GMT
ETag: "0c0720b2d6474dbcf32b9f0e56b510c88b937484"
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Cache-Control, Backoff, Content-Length, Content-Type, Last-Modified, ETag, Expires, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 09 Dec 2022 05:07:55 GMT
age: 780
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_IdyaKDUhwh18SXW_-pVSzy-gErqgntz20y51CuFE1Yg.x5nsh_uKblK9.css
89.46.104.45200 OK 95 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_IdyaKDUhwh18SXW_-pVSzy-gErqgntz20y51CuFE1Yg.x5nsh_uKblK9.css
IP 89.46.104.45:0
Hash 0b9cb6dc1250d392805b4e6797327401
311744f30b9293df13cea1afc41456cea5fc449f
c799ec87fb8a6e52bd93a883abdc71eef0dec77d2365ce4c2f46178a3e0909fd
GET /omanpost/auth/css/css_IdyaKDUhwh18SXW_-pVSzy-gErqgntz20y51CuFE1Yg.x5nsh_uKblK9.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
content-length: 95
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_el-Wcqt4lri-ntglA04M2hmxjJG3wl6Wf7KoZF5AVNk.xXMNGfQ_Fg-q.css
89.46.104.45200 OK 222 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_el-Wcqt4lri-ntglA04M2hmxjJG3wl6Wf7KoZF5AVNk.xXMNGfQ_Fg-q.css
IP 89.46.104.45:0
Hash 6b29a6ec09e466adf3c0b39a630506af
f08fd80247fe0baffa97da5c13e6d67d2f10645f
c5730d19f43f160faa47af29f7e1dc2bafc393be75aa71d21dc93c775a1833c0
GET /omanpost/auth/css/css_el-Wcqt4lri-ntglA04M2hmxjJG3wl6Wf7KoZF5AVNk.xXMNGfQ_Fg-q.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
content-length: 222
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_8_iZM3tVCJgrOIixipC2yzkLO7WA5H5L-Z5lkjPcst0.8xdGy7dXc6zJ.css
89.46.104.45200 OK 127 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_8_iZM3tVCJgrOIixipC2yzkLO7WA5H5L-Z5lkjPcst0.8xdGy7dXc6zJ.css
IP 89.46.104.45:0
File type troff or preprocessor input, ASCII text
Hash a3d07af30e7dc57b0647e417e27ac938
2eeb4a7e1dc2e86a6a0664bd6fc2fe7ba3009baa
f31746cbb75773acc9358471805e24d2f80184a9686f2e4dfbf57530c3a583c0
GET /omanpost/auth/css/css_8_iZM3tVCJgrOIixipC2yzkLO7WA5H5L-Z5lkjPcst0.8xdGy7dXc6zJ.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
content-length: 127
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_M_0qFAIRstYTrNLFLKdq90tmSs-HI22nuKcKoGYWres.C2HgH6D6Auuj.css
89.46.104.45200 OK 163 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_M_0qFAIRstYTrNLFLKdq90tmSs-HI22nuKcKoGYWres.C2HgH6D6Auuj.css
IP 89.46.104.45:0
Hash 47dd1a9ab77932b92b6c8e68b9b41e77
ee55f889a03fdcf021fa916b6b7cfed8db417249
0b61e01fa0fa02eba3c6a074427ddf2a6cf98c01727b2796309b2b5b005fac70
GET /omanpost/auth/css/css_M_0qFAIRstYTrNLFLKdq90tmSs-HI22nuKcKoGYWres.C2HgH6D6Auuj.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
content-length: 163
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_SxLAHwP370XBgXUS2Z62BuUN3Co-7x1Xcq1Yl0eCpZc.Sk-ip5PYfIjx.css
89.46.104.45200 OK 96 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_SxLAHwP370XBgXUS2Z62BuUN3Co-7x1Xcq1Yl0eCpZc.Sk-ip5PYfIjx.css
IP 89.46.104.45:0
Hash 02de344715c6ec9a3745ff2186d32b9d
f2f39b2ca9e9397b53ab76a7b3938edc138a24cf
4a4fa2a793d87c88f1509f370dbc40b6deec2188b6a918f92365f873b7bc566d
GET /omanpost/auth/css/css_SxLAHwP370XBgXUS2Z62BuUN3Co-7x1Xcq1Yl0eCpZc.Sk-ip5PYfIjx.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
content-length: 96
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_gI82JN7fIF-SGN50PytbEmxnJWEAQxvtbUTFwMI-s0M.kpMc62oK0cmz.css
89.46.104.45200 OK 95 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_gI82JN7fIF-SGN50PytbEmxnJWEAQxvtbUTFwMI-s0M.kpMc62oK0cmz.css
IP 89.46.104.45:0
Hash a203bfb5819742d466b5e99af480009a
cc0323b65fd726ef89264b2a7a6d3d7c4999a5e2
92931ceb6a0ad1c9b3e8fc6f335b9dfd6f0c7c8ee36f089bb10241c142a78faa
GET /omanpost/auth/css/css_gI82JN7fIF-SGN50PytbEmxnJWEAQxvtbUTFwMI-s0M.kpMc62oK0cmz.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
content-length: 95
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_bVow4uEk4HTxJlij7iBDGWb2uzTpNXMPgpIeHq8jiPw.0Qb5zpcCHmzp.css
89.46.104.45200 OK 255 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_bVow4uEk4HTxJlij7iBDGWb2uzTpNXMPgpIeHq8jiPw.0Qb5zpcCHmzp.css
IP 89.46.104.45:0
Hash 3f385ed519713c40ed2b0a54d46fa41f
f6cb306ad8abac4c5118c3f6156027c48c20a53a
d106f9ce97021e6ce9a05e593a70ec7e4956667eab83726c9eb1b473b709fb8e
GET /omanpost/auth/css/css_bVow4uEk4HTxJlij7iBDGWb2uzTpNXMPgpIeHq8jiPw.0Qb5zpcCHmzp.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
content-length: 255
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_CBqy8DMdqdIgL5smEe0nXdZjoPEd2JboOy2R6U8-hFs.hI45W2fFp3YR.css
89.46.104.45200 OK 254 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_CBqy8DMdqdIgL5smEe0nXdZjoPEd2JboOy2R6U8-hFs.hI45W2fFp3YR.css
IP 89.46.104.45:0
Hash 2b0eab579f340584d882972331e29be5
92490a444067d58a48585e254f8c69a3bb13e5b9
848e395b67c5a776114425ac9ea4cc4f809cdca2caf2685fd2f6a94eba4c7238
GET /omanpost/auth/css/css_CBqy8DMdqdIgL5smEe0nXdZjoPEd2JboOy2R6U8-hFs.hI45W2fFp3YR.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
content-length: 254
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_wCWV-1NThDs5c7UFjqb-yORX0g5eUrJTJOFQw4SpzKk.Miyqnl_bmWpa.css
89.46.104.45200 OK 171 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_wCWV-1NThDs5c7UFjqb-yORX0g5eUrJTJOFQw4SpzKk.Miyqnl_bmWpa.css
IP 89.46.104.45:0
Hash b2ebfb826e035334340193b42246b180
b421704f2c038d22d83c36053f2624075dcc41d6
322caa9e5fdb996a5afa9ef6283b3f0646c72c2add2f2540a82ac24e7c7d917a
GET /omanpost/auth/css/css_wCWV-1NThDs5c7UFjqb-yORX0g5eUrJTJOFQw4SpzKk.Miyqnl_bmWpa.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
content-length: 171
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_8lKoROJ6Zu-Ki-T_vXUG-vt_fs5ttWI6GG5SZsUQ9fA.fg9D1yGwfSnW.css
89.46.104.45200 OK 203 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_8lKoROJ6Zu-Ki-T_vXUG-vt_fs5ttWI6GG5SZsUQ9fA.fg9D1yGwfSnW.css
IP 89.46.104.45:0
Hash d10589366720f9c15b66df434baab4da
2ece37cadd4a56366eefaa911ede7ce226d68490
7e0f43d721b07d29d6310e31aa037a28371e3d85d5ad27592ab1daab3a589e54
GET /omanpost/auth/css/css_8lKoROJ6Zu-Ki-T_vXUG-vt_fs5ttWI6GG5SZsUQ9fA.fg9D1yGwfSnW.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
content-length: 203
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_UH9Z3L5qClRdM0x1B7Sasv3k-ZXXUOwMNo2eyMliSqA.oIp3LEn-9Xf9.css
89.46.104.45200 OK 202 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_UH9Z3L5qClRdM0x1B7Sasv3k-ZXXUOwMNo2eyMliSqA.oIp3LEn-9Xf9.css
IP 89.46.104.45:0
Hash 98d24ff864c7699dfa6da9190c5e70df
9a9039a3d467a594dbb90f18926dccc87264be47
a08a772c49fef577fd5e0a37663d6d010473be40763496bedb29cf77176bc7b8
GET /omanpost/auth/css/css_UH9Z3L5qClRdM0x1B7Sasv3k-ZXXUOwMNo2eyMliSqA.oIp3LEn-9Xf9.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
content-length: 202
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_J0nq0fKbdRqUnBfru6HIC8wYujuHkypo5e2sToPfR2U.tG4PQo_c5AZ3.css
89.46.104.45200 OK 126 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_J0nq0fKbdRqUnBfru6HIC8wYujuHkypo5e2sToPfR2U.tG4PQo_c5AZ3.css
IP 89.46.104.45:0
Hash f6ed3b44832bebffa09fc3b4b6ce27ab
d10c7833ed17abcaeda4a08f6131efb5429c6676
b46e0f428fdce40677abe43f33575023b1b2d87cc3285138bb06b253313a7665
GET /omanpost/auth/css/css_J0nq0fKbdRqUnBfru6HIC8wYujuHkypo5e2sToPfR2U.tG4PQo_c5AZ3.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
content-length: 126
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css__Jd5jGOK2GKkWJ39lq12bpzDKZcqQg7jBxXFi9MwHsU.2Z3U1YHHAG6r.css
89.46.104.45200 OK 208 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css__Jd5jGOK2GKkWJ39lq12bpzDKZcqQg7jBxXFi9MwHsU.2Z3U1YHHAG6r.css
IP 89.46.104.45:0
Hash 4a3d036007ba8c8c80f4a21a369c72cc
a7d05d2a67021ec0b607299915ca6035c699fe7a
d99dd4d581c7006eabeebac8e77dbeae96fbc430cfa28bfffa222f4348d17127
GET /omanpost/auth/css/css__Jd5jGOK2GKkWJ39lq12bpzDKZcqQg7jBxXFi9MwHsU.2Z3U1YHHAG6r.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
content-length: 208
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_ge77twVlK6eLqiAYlQJBlCuou5uhadLFsUQTdQa_ewc.58lhDsDZIxce.css
89.46.104.45200 OK 169 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_ge77twVlK6eLqiAYlQJBlCuou5uhadLFsUQTdQa_ewc.58lhDsDZIxce.css
IP 89.46.104.45:0
Hash 2bc390c137c5205bbcd7645d6c1c86de
e8cbbd2a263a96347f395d553a40f8ecf7053212
e7c9610ec0d923171ec822d71c9b605456b690320a72f4546af38aedf87737a7
GET /omanpost/auth/css/css_ge77twVlK6eLqiAYlQJBlCuou5uhadLFsUQTdQa_ewc.58lhDsDZIxce.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
content-length: 169
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fd55f4aaaab6ec40bc7dc10252cd819a
a72523f60be265a391fa9edc43e0a93418ad1fd0
bae354b3db14f4fd115311a0c412c9b5e436dd9e0a151afd8b9c18831dd8c2dd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2317
Cache-Control: max-age=102274
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:20:55 GMT
Etag: "6391a92c-1d7"
Expires: Sat, 10 Dec 2022 09:45:29 GMT
Last-Modified: Thu, 08 Dec 2022 09:06:52 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
www.agenziagema.it/omanpost/auth/css/270278780604412
89.46.104.45200 OK 299 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/270278780604412
IP 89.46.104.45:0
File type ASCII text, with very long lines (64471)
Size 299 kB (299407 bytes)
Hash f55dc2845557c47b0a3ed135cb8adc0d
7dfb8ac4951d575ef0a795ee8562fecccf2e6604
d51b23e5b21f6debedecea0658421e4ec9152532b466e7ed6dc971128edecaf4
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/270278780604412 HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-length: 299407
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
x-aruba-cache: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/js_002
89.46.104.45200 OK 121 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/js_002
IP 89.46.104.45:0
File type ASCII text, with very long lines (1588)
Size 121 kB (121129 bytes)
Hash cfa9df38680f3df9d492c49f04c75842
0893f793b7c4e2b7628aabc4b615f93745de2c00
98d052577c9f2db7702048f4c61ba0a82762a176b240da7af02537fe5122c44b
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/js_002 HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-length: 121129
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
x-aruba-cache: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/3984618.js(2).descarga
89.46.104.45200 OK 2.6 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/3984618.js(2).descarga
IP 89.46.104.45:0
File type ASCII text, with very long lines (560)
Hash 16bdc66bc6ae20e3e7c2b3aaed1901d6
ba6291fa798f43df437aa7feb240896ef007ba7a
90a33b5c33ce89c8b4c55f8763deaa3061d91139d8f9566af81a952b2059d822
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/3984618.js(2).descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-length: 2553
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/oman_logo.png
89.46.104.45200 OK 18 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/oman_logo.png
IP 89.46.104.45:0
File type PNG image data, 250 x 84, 8-bit/color RGBA, non-interlaced\012- data
Hash c0bfe756370c54e7d039db3f46f37c2f
4e1e9dfa74251110e5e619b83983a74196c71722
1fa32268fe00bb4a6e53e4232819cdddbb2090aa2d70a51a165f95356a5e3447
GET /omanpost/auth/css/oman_logo.png HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: image/png
content-length: 18106
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/js_mxeQq8kPXJiVyBKQCNqPPV_XaX07aUjiYOObUUJo0Dw.dPRmSp8d.descarga
89.46.104.45200 OK 11 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/js_mxeQq8kPXJiVyBKQCNqPPV_XaX07aUjiYOObUUJo0Dw.dPRmSp8d.descarga
IP 89.46.104.45:0
Hash 09fb53b0245748cdccb146c3011fd410
d92bd69dafccf7a6015cafb111cf62588f4ee0f4
74f4664a9f1d118481f4415aa2fb4110eafb1f112fc88790f7c164c678d8367c
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/js_mxeQq8kPXJiVyBKQCNqPPV_XaX07aUjiYOObUUJo0Dw.dPRmSp8d.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-length: 10706
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/js_y7LrBMmE5AnaXhpWkEvbzoNNb1f6p9tLLIgTiGDfqsI.ZYwoFe6V.descarga
89.46.104.45200 OK 1.3 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/js_y7LrBMmE5AnaXhpWkEvbzoNNb1f6p9tLLIgTiGDfqsI.ZYwoFe6V.descarga
IP 89.46.104.45:0
Hash 568d2631ef8b318d7427fbfdf0c3cc75
4fcb5199d7a0d24047f237f7b138f6c25d682edb
658c2815ee95d2a2cdf9e8f9badc41c8d68d05708cd7e68d59f9a53b109dca34
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/js_y7LrBMmE5AnaXhpWkEvbzoNNb1f6p9tLLIgTiGDfqsI.ZYwoFe6V.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-length: 1264
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/js_lnF-InLBc-6arLiK9IW1lijHp9DoGxykvI0kiS3G_yc.SXCVRcvt.descarga
89.46.104.45200 OK 90 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/js_lnF-InLBc-6arLiK9IW1lijHp9DoGxykvI0kiS3G_yc.SXCVRcvt.descarga
IP 89.46.104.45:0
File type ASCII text, with very long lines (65314), with CRLF, LF line terminators
Hash a24f0ded01d280edb584c9ff106cfc21
a80481e47f9dfdb5fca1ba8217bd2141e62d1940
49709545cbed84ec4c955513088ab75b82ec7133a81d622183f087dd2ffe6f19
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/js_lnF-InLBc-6arLiK9IW1lijHp9DoGxykvI0kiS3G_yc.SXCVRcvt.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-length: 89765
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/js_iv6gm45-1kdip0HTT0CR0mwTVIChorMpRmGgP8rnHtM.WVmF6ocM.descarga
89.46.104.45200 OK 13 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/js_iv6gm45-1kdip0HTT0CR0mwTVIChorMpRmGgP8rnHtM.WVmF6ocM.descarga
IP 89.46.104.45:0
Hash cbf39358ca072a785e07d207e2f2b235
ce33fd2903eca3e3d7fa35e654636273d97112d4
595985ea870cf954d2ba1a1cfb27f79c9651bae95aa10b07126b7f806c55fb8c
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/js_iv6gm45-1kdip0HTT0CR0mwTVIChorMpRmGgP8rnHtM.WVmF6ocM.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-length: 13297
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash d61883097c47c0fcb4a15cafc5bdbdfc
54411aba43093cafd1cb2acea7c2b4c69184611f
0aef2b974544f530bd591dd0201909a9c2a6b3f4451c69288bafc126d9a37e2c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:20:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.agenziagema.it/omanpost/auth/css/js_GddGa8yTmcFeolbLW9PNyZ3-33VlzkW_RE7DJ19C-fY.EA-oSuM2.descarga
89.46.104.45200 OK 210 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/js_GddGa8yTmcFeolbLW9PNyZ3-33VlzkW_RE7DJ19C-fY.EA-oSuM2.descarga
IP 89.46.104.45:0
File type ASCII text, with very long lines (620)
Size 210 kB (210057 bytes)
Hash ccb56336aa2c745efcbf1bcae2cc1c98
6b421b212faff7585984e1796b3f3810137262ed
100fa84ae3364d745ad762399fea0f7d926bb8aef14f6399e919d7d929358a90
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/js_GddGa8yTmcFeolbLW9PNyZ3-33VlzkW_RE7DJ19C-fY.EA-oSuM2.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-length: 210057
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/js_DApJ-CnCHwVGU1_I1tKCdhxCQuDgVApVvNoYr0snX94.R8WD32uV.descarga
89.46.104.45200 OK 91 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/js_DApJ-CnCHwVGU1_I1tKCdhxCQuDgVApVvNoYr0snX94.R8WD32uV.descarga
IP 89.46.104.45:0
File type Unicode text, UTF-8 text, with very long lines (554), with CRLF, LF line terminators
Hash b34c76ccb51df1b0bf6c272d2c981306
927fcc974b9a258362a0c8ad9472e9406222d589
47c583df6b951ae4f7f48c75393a580610a50ee6efc36b10e4195d289bec148e
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/js_DApJ-CnCHwVGU1_I1tKCdhxCQuDgVApVvNoYr0snX94.R8WD32uV.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:56 GMT
content-length: 90739
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/js_gJvRRp1GvWOwZVZoQbg5O0ejEDFdLlnsw0k7qCB9akg.KWUeg2AF.descarga
89.46.104.45200 OK 31 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/js_gJvRRp1GvWOwZVZoQbg5O0ejEDFdLlnsw0k7qCB9akg.KWUeg2AF.descarga
IP 89.46.104.45:0
File type Unicode text, UTF-8 text, with very long lines (9117)
Hash de5aeabdd5ee483d97b84154e3c13454
1307d58888d9a2bab0516a10955456965862829d
29651e8360056cc009386ba284146d5c5b17022614097a65fd0bcd4d2890177c
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/js_gJvRRp1GvWOwZVZoQbg5O0ejEDFdLlnsw0k7qCB9akg.KWUeg2AF.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:56 GMT
content-length: 30875
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
push.services.mozilla.com/
34.216.88.5101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.216.88.5:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 6vxlv5D/F8A48HQ/nObLnA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: kyrYE5Yzq42p7VfCBJwNMWUIoiI=
www.agenziagema.it/omanpost/auth/css/js_PROwe7KaFeBw67Kp-oon6LGlQnDnK87XXYlAbI1ZreE.XuwM8l5x.descarga
89.46.104.45200 OK 10 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/js_PROwe7KaFeBw67Kp-oon6LGlQnDnK87XXYlAbI1ZreE.XuwM8l5x.descarga
IP 89.46.104.45:0
Hash 08db111cec5ee0474aeb7ea41585a82e
cd9cfb719d26d548f89afc2b4621615e4ce651d4
5eec0cf25e71a279cb7d4da09287109ad04cdc63da53f6b6a2b2b41504353515
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/js_PROwe7KaFeBw67Kp-oon6LGlQnDnK87XXYlAbI1ZreE.XuwM8l5x.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:56 GMT
content-length: 10050
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/js_rj18GuJdEluY6ZXnWFNccOrLx6Cttlxbe0WMNVQOx_M.o9-Lxje6.descarga
89.46.104.45200 OK 6.3 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/js_rj18GuJdEluY6ZXnWFNccOrLx6Cttlxbe0WMNVQOx_M.o9-Lxje6.descarga
IP 89.46.104.45:0
File type ASCII text, with CRLF, LF line terminators
Hash 4d686b082a485c0f9dd11ceb061c2df0
a2bf5bfd17fc8c0b758c5a85cc0a03a27cffe071
a3df8bc637ba760030b5ea14d157217edae0f56a1e1e441b21bff27a9b8ca136
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/js_rj18GuJdEluY6ZXnWFNccOrLx6Cttlxbe0WMNVQOx_M.o9-Lxje6.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:56 GMT
content-length: 6305
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 572c04deeaac1fda553977affd257ffa
852655f52482a21a0ea91be9936444935562e120
32e2733487d2887d3412e4c8a7c312d83a8df7d86623e96ac1f547ee20c45cf1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3652
Cache-Control: max-age=134954
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:20:56 GMT
Etag: "6392239e-117"
Expires: Sat, 10 Dec 2022 18:50:10 GMT
Last-Modified: Thu, 08 Dec 2022 17:49:18 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 279
www.agenziagema.it/omanpost/auth/css/css_PwuFbWcp4hneFLLsQJ6rldRAtwMWYQOx-Ke7UsY30LI.-86xJfTBOGF2.css
89.46.104.45200 OK 746 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_PwuFbWcp4hneFLLsQJ6rldRAtwMWYQOx-Ke7UsY30LI.-86xJfTBOGF2.css
IP 89.46.104.45:0
Hash 1b3001f3a4940ae1f6cf9269a4a5cc82
1e68fb68ac040bf76074d488fce101561f2bddda
b3bc8f86d5c8b02ff8ee0a68580c4d06bb6be5f9df7a939e7161087f5f2e358a
GET /omanpost/auth/css/css_PwuFbWcp4hneFLLsQJ6rldRAtwMWYQOx-Ke7UsY30LI.-86xJfTBOGF2.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8f6ab0debac98d11413e20fa98ba8286
e63543ba0f3a685edf4d8fee3f587efd5417015f
fe6bc081b1963c61a3af1ab7b7b1213ae5bc7b962c5474d8f6fe123547d5d309
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:20:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.agenziagema.it/omanpost/auth/css/botscript.js.descarga
89.46.104.45200 OK 22 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/botscript.js.descarga
IP 89.46.104.45:0
Hash 16fee9ba77c3b2a5b229004b9731179b
00fec6ff68f8d5a18146b000548bb96503ba2000
651a42e9cfb643c4c31b4e7c95a2042215ca70f6a7cd62e9978d53163181a642
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/botscript.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8f6ab0debac98d11413e20fa98ba8286
e63543ba0f3a685edf4d8fee3f587efd5417015f
fe6bc081b1963c61a3af1ab7b7b1213ae5bc7b962c5474d8f6fe123547d5d309
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:20:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.agenziagema.it/omanpost/auth/css/mobileforms.css
89.46.104.45200 OK 64 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/mobileforms.css
IP 89.46.104.45:0
Hash 0bb50880c440f0abe52b64aaea2d2fcf
5b6c56fc01377ec108703f1dd61ca5dbc8d40590
090e7ccdef422b9a4ecb69257b0cdbd755e1ae359fff3eedfb363bc811b1c3e2
GET /omanpost/auth/css/mobileforms.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash bf8858fa52de668b0013cf9ce66d290c
9c319173ee6a48c6e717e9e8764008564aabe7ba
93df528ead5887cbbcf51f83c9e6ffa451861ae3145296ab3dfc269067080933
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:20:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8f6ab0debac98d11413e20fa98ba8286
e63543ba0f3a685edf4d8fee3f587efd5417015f
fe6bc081b1963c61a3af1ab7b7b1213ae5bc7b962c5474d8f6fe123547d5d309
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:20:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/api2/info_2x.png
216.58.211.3200 OK 665 B URL HTTP/2 www.gstatic.com/recaptcha/api2/info_2x.png
IP 216.58.211.3:0
File type PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Hash 07bf314aab04047b9e9a959ee6f63da3
17bef6602672e2fd9956381e01356245144003e5
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee
GET /recaptcha/api2/info_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 665
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Dec 2022 08:12:18 GMT
expires: Thu, 15 Dec 2022 08:12:18 GMT
cache-control: public, max-age=604800
age: 76118
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/mobileforms.js.descarga
89.46.104.45200 OK 404 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/mobileforms.js.descarga
IP 89.46.104.45:0
Size 404 kB (404341 bytes)
Hash 85d8c4dbd7e3322da8b8f4385a5bd6ed
f3615688afa9f865a5cdd2b8bbee99de54d5c43f
bce1ee4df6a9d81593e5ac25425f633bb7157f035868743daf2cb266a3d56132
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/mobileforms.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/api2/audio_2x.png
216.58.211.3200 OK 530 B URL HTTP/2 www.gstatic.com/recaptcha/api2/audio_2x.png
IP 216.58.211.3:0
File type PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Hash 88e0f42c9fa4f94aa8bcd54d1685c180
5ad9d47a49b82718baa3be88550a0b3350270c42
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992
GET /recaptcha/api2/audio_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 530
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 15:42:32 GMT
expires: Tue, 13 Dec 2022 15:42:32 GMT
cache-control: public, max-age=604800
age: 221904
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 572c04deeaac1fda553977affd257ffa
852655f52482a21a0ea91be9936444935562e120
32e2733487d2887d3412e4c8a7c312d83a8df7d86623e96ac1f547ee20c45cf1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2097
Cache-Control: max-age=133399
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:20:56 GMT
Etag: "6392239e-117"
Expires: Sat, 10 Dec 2022 18:24:15 GMT
Last-Modified: Thu, 08 Dec 2022 17:49:18 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash bf8858fa52de668b0013cf9ce66d290c
9c319173ee6a48c6e717e9e8764008564aabe7ba
93df528ead5887cbbcf51f83c9e6ffa451861ae3145296ab3dfc269067080933
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:20:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 5a5ee7f5822db34054d65f1f82457499
a63d5a117e8d4803b82b02ebd9dda3b3a0c5534c
a97606e456edecbf9f435bacf9f05d2f1641d0cdccf63f2862dcad9a8b0357fc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2393
Cache-Control: max-age=165718
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:20:57 GMT
Etag: "6392a0b6-118"
Expires: Sun, 11 Dec 2022 03:22:55 GMT
Last-Modified: Fri, 09 Dec 2022 02:43:02 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7eabc27965f089b76c65098cc8306836
d7b787cfa497481b3b67cbb9ec5840e381d52b11
7427e662f6679d21d9b052bcad6591f20eda501943d7364a02c2a6fded767886
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=92039
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:20:57 GMT
Etag: "63918a40-1d7"
Expires: Sat, 10 Dec 2022 06:54:56 GMT
Last-Modified: Thu, 08 Dec 2022 06:54:56 GMT
Server: nginx
Content-Length: 471
forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1
104.16.89.5200 OK 35 B URL HTTP/2 forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1
IP 104.16.89.5:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1 HTTP/1.1
Host: forms.hsforms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 05:20:57 GMT
content-type: image/gif
content-length: 35
x-trace: 2B93BD143D871E8682C2170A48372BE6245AFD4C11000000000000000000
cache-control: max-age=0, no-cache, no-store
vary: origin
x-hubspot-correlation-id: 73d5304c-0aee-4000-bbc0-3f40753e2da8
access-control-allow-credentials: false
access-control-expose-headers: X-Origin-Hublet
x-robots-tag: none
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 776b4b64aca7b4f9-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 5a5ee7f5822db34054d65f1f82457499
a63d5a117e8d4803b82b02ebd9dda3b3a0c5534c
a97606e456edecbf9f435bacf9f05d2f1641d0cdccf63f2862dcad9a8b0357fc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4218
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:20:57 GMT
Last-Modified: Fri, 09 Dec 2022 04:10:39 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7eabc27965f089b76c65098cc8306836
d7b787cfa497481b3b67cbb9ec5840e381d52b11
7427e662f6679d21d9b052bcad6591f20eda501943d7364a02c2a6fded767886
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=92039
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:20:57 GMT
Etag: "63918a40-1d7"
Expires: Sat, 10 Dec 2022 06:54:56 GMT
Last-Modified: Thu, 08 Dec 2022 06:54:56 GMT
Server: nginx
Content-Length: 471
api.hubapi.com/hs-script-loader-public/v1/config/adwords/enhanced-conversion-event-settings/json?portalId=3984618
104.17.200.204200 OK 2 B URL HTTP/2 api.hubapi.com/hs-script-loader-public/v1/config/adwords/enhanced-conversion-event-settings/json?portalId=3984618
IP 104.17.200.204:0
File type JSON data\012- , ASCII text, with no line terminators
Hash d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
GET /hs-script-loader-public/v1/config/adwords/enhanced-conversion-event-settings/json?portalId=3984618 HTTP/1.1
Host: api.hubapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.agenziagema.it
Connection: keep-alive
Referer: https://www.agenziagema.it/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 05:20:57 GMT
content-type: application/json;charset=utf-8
content-length: 2
cf-ray: 776b4b635d21b518-OSL
access-control-allow-origin: https://www.agenziagema.it
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
cf-cache-status: DYNAMIC
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-max-age: 180
x-hubspot-correlation-id: 533c20c3-840d-4483-bc68-9caa7f40a86f
x-trace: 2B5FBA4D25A34413C3BAD59C56DD95EDF55BE2E002000000000000000000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iQ0AbuliZ4QKxnLFNLDKf%2Fs%2F9%2ByK23VU0OgDvEZjgq1RnNtOqdMPYMA8Iu5STdQeycLwA%2Foad%2FVoLpwm1Z4iQZ1l2spBKuGyOxW9yFDYJWOl9BNN3UgrvIcmg2h7P5rC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3641
Expires: Fri, 09 Dec 2022 06:21:38 GMT
Date: Fri, 09 Dec 2022 05:20:57 GMT
Connection: keep-alive
www.agenziagema.it/omanpost/auth/css/botscript.js
89.46.104.45200 OK 2.8 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/botscript.js
IP 89.46.104.45:0
Hash 4f4de50595676b299ee90b5c12e1166b
bc4287484f6a3f4af03b401888567709c9add3bf
13170998b66da3a1963b720bd23b2aaf4b11fe1fd5f930429616ed143f97a862
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/botscript.js HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3641
Expires: Fri, 09 Dec 2022 06:21:38 GMT
Date: Fri, 09 Dec 2022 05:20:57 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3641
Expires: Fri, 09 Dec 2022 06:21:38 GMT
Date: Fri, 09 Dec 2022 05:20:57 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3587
Expires: Fri, 09 Dec 2022 06:20:44 GMT
Date: Fri, 09 Dec 2022 05:20:57 GMT
Connection: keep-alive
www.agenziagema.it/omanpost/auth/css/bot.js.descarga
89.46.104.45200 OK 6.4 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/bot.js.descarga
IP 89.46.104.45:0
Hash ec20ce44fbf10e8ab6c5739c403b31d4
0a1c68a4762198a9742ff108b2df3b76b5eaf3ad
6df845c1a1c7a4b1d2fb8ff897f628e7608a0f951773a08bcc5906c3ffda4a91
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/bot.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd7b1b2f1-0b18-4097-a282-a7ddd9b33b97.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd7b1b2f1-0b18-4097-a282-a7ddd9b33b97.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3cb7655c8fe89a83f0096c51684aa21c
4946fcab2a99d926c45abaecf8f97b6214dee0cd
60a3066f2dcc2f696413ecec56ef1d0c1a9392f6845fac5c4319b8b9e02074fd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd7b1b2f1-0b18-4097-a282-a7ddd9b33b97.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6637
x-amzn-requestid: dfcef102-5fc6-4a59-bb21-ff0532c9fdda
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cvlg4GtVIAMFdTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638fb605-0c2f58da0ae148fb4d698ecc;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 21:37:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jQs6m8oGHeWNYbOnPM34f-YW75VuH0yNWU-TzoDMOkYcwGa9BfqBhA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 21:51:22 GMT
age: 26975
etag: "4946fcab2a99d926c45abaecf8f97b6214dee0cd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/chatbot.js.descarga
89.46.104.45200 OK 7.5 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/chatbot.js.descarga
IP 89.46.104.45:0
Hash 946014132a04a515c9c347893b0436d3
d20c68f6c104f1a817f36778f6a8d04d4a37dd59
f2858b71c3084b1289a81b56c71510add10b4c1490ec9d3e5d9e010ea36f1289
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/chatbot.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/inAppChatbot.js.descarga
89.46.104.45200 OK 92 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/inAppChatbot.js.descarga
IP 89.46.104.45:0
Hash 239eee267e1afa77db09f30be69654b1
08dfc82c06c567f504a8ff36bd47926bb4965e2d
6a51029084f676b0ac0abb3f0d035eb7fd73f0fbe3664fd888f1d09672e01dd1
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/inAppChatbot.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18fc6c7c-4552-4358-9e4d-cdf93bc52b43.webp
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18fc6c7c-4552-4358-9e4d-cdf93bc52b43.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 06799a30d9977b0845f525ae82355d23
6ae9a3c17dcbac5912a46ca0c99977ca3adad4ea
d7a7eeb42d36167243b3dea7147a61119cbb5d1dcc2e2304c6ddd4a62e41efd3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18fc6c7c-4552-4358-9e4d-cdf93bc52b43.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4914
x-amzn-requestid: b709d5ff-617b-480b-8fc3-b1408ee358b6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZQsoEkSIAMF0ZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6386c7ea-4150ac397b97d1217cece045;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 03:03:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8DqbjuQMX0JOMpduQ1-wy_B1a957NXgsAHrZc1OwUzsmqJRKfkEpoA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 21:49:06 GMT
age: 27111
etag: "6ae9a3c17dcbac5912a46ca0c99977ca3adad4ea"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/blue_bot.css
89.46.104.45200 OK 117 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/blue_bot.css
IP 89.46.104.45:0
Size 117 kB (117194 bytes)
Hash 3ba8b4bbab451578edb44a4dcb2fcf1d
4c05d1e5d207a1cc5e9c208ac749e23498db66cc
dfb0f698b310867d178fae8e5696f051283b99115aa7e3cb45534f5c59167dcf
GET /omanpost/auth/css/blue_bot.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.gstatic.com/s/cairo/v22/SLXVc1nY6HkvangtZmpQdkhzfH5lkSscRiyS.woff2
142.250.74.35200 OK 33 kB URL HTTP/2 fonts.gstatic.com/s/cairo/v22/SLXVc1nY6HkvangtZmpQdkhzfH5lkSscRiyS.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 32960, version 1.0\012- data
Hash 1a5a13ca74a330792699c3d73f0e7f48
4b966cf8054c187937ba7f3ff8214d0082b264c2
114150d4f5a9a671657e7abcb6fea8aea5ba175eff62f04cbaedff3caaabf450
GET /s/cairo/v22/SLXVc1nY6HkvangtZmpQdkhzfH5lkSscRiyS.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.agenziagema.it
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 32960
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 20:47:35 GMT
expires: Wed, 06 Dec 2023 20:47:35 GMT
cache-control: public, max-age=31536000
age: 203602
last-modified: Tue, 08 Nov 2022 19:56:51 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/cairo/v22/SLXVc1nY6HkvangtZmpQdkhzfH5lkSscQyyS4J0.woff2
142.250.74.35200 OK 29 kB URL HTTP/2 fonts.gstatic.com/s/cairo/v22/SLXVc1nY6HkvangtZmpQdkhzfH5lkSscQyyS4J0.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 28952, version 1.0\012- data
Hash d60bcd5d38f577e0890271e12e304396
a34daf52fa7f291630483054e9d3ff1cd92d3107
1770878bf38528dd8db7b74147b6d5e7a5e17192bf1169b6f4cb9ab7f28bd694
GET /s/cairo/v22/SLXVc1nY6HkvangtZmpQdkhzfH5lkSscQyyS4J0.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.agenziagema.it
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28952
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 20:49:47 GMT
expires: Wed, 06 Dec 2023 20:49:47 GMT
cache-control: public, max-age=31536000
age: 203470
last-modified: Tue, 08 Nov 2022 19:57:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b5cba4e1962a1fe17c9021f3e418975a
01293d7e4084011451f7d17936ab2427504cdb1a
ecfe30d3abc32ca9f933303d75b2055642d3c7c8197af08fe2c314394699594b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:20:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 451a99fa0db70e6fcb884cf188465944
1a80f1c6970d82a7c1a0108c51dbeadcca74137b
84b78f6ab929967946e8bb2c5f60d1f8b1cdebc30945a7d7f30142610efa2bd7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:20:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 451a99fa0db70e6fcb884cf188465944
1a80f1c6970d82a7c1a0108c51dbeadcca74137b
84b78f6ab929967946e8bb2c5f60d1f8b1cdebc30945a7d7f30142610efa2bd7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:20:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/conversion_async.js
142.250.74.164200 OK 15 kB URL HTTP/2 www.google.com/pagead/conversion_async.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (1654)
Hash a230d90d4cbc810710479aa22bf8e7d7
6cf80adbb744cea7f99dceeb4895de23c9f7ad26
291b67426b9fa61219253b7c6ccfe3c85a67ca150de809edb029f1ea3fdbfb97
GET /pagead/conversion_async.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 09 Dec 2022 05:20:57 GMT
expires: Fri, 09 Dec 2022 05:20:57 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 7620521014390440643
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 15183
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b5cba4e1962a1fe17c9021f3e418975a
01293d7e4084011451f7d17936ab2427504cdb1a
ecfe30d3abc32ca9f933303d75b2055642d3c7c8197af08fe2c314394699594b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:20:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b5cba4e1962a1fe17c9021f3e418975a
01293d7e4084011451f7d17936ab2427504cdb1a
ecfe30d3abc32ca9f933303d75b2055642d3c7c8197af08fe2c314394699594b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:20:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 451a99fa0db70e6fcb884cf188465944
1a80f1c6970d82a7c1a0108c51dbeadcca74137b
84b78f6ab929967946e8bb2c5f60d1f8b1cdebc30945a7d7f30142610efa2bd7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:20:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.agenziagema.it/omanpost/auth/Fonts/Cairo-SemiBold.woff
89.46.104.45404 Not Found 437 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/Fonts/Cairo-SemiBold.woff
IP 89.46.104.45:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9594), with CRLF, LF line terminators
Size 437 kB (436636 bytes)
Hash 90daf809b95b00b6adf14a1fd8f1fec7
4242564d4fc057d2fc699dadc54ff55445905fca
c47e86f77d239c302493185ebc2ae164e3110a399152bf07d427f82ca4f3afa4
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/Fonts/Cairo-SemiBold.woff HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/css/blue_bot.css
Cookie: _gcl_au=1.1.1235708705.1670563256
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:57 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-origin: https://app.hu-manity.co
access-control-allow-methods: GET
link: <https://www.agenziagema.it/wp-json/>; rel="https://api.w.org/"
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/671103961/?random=1666703081582&cv=9&fst=1666702800000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=816&u_aw=1536&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=5&u_nmime=2>m=2oaaj0&sendb=1&data=event%3Dgtag.config&frm=0&url=file%3A%2F%2F%2FC%3A%2Fxampp%2Fhtdocs%2Fomanpost%2FOman%2520Post.html&tiba=Oman%20Post&async=1&fmt=3&is_vtc=1&random=1764778850&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/671103961/?random=1666703081582&cv=9&fst=1666702800000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=816&u_aw=1536&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=5&u_nmime=2>m=2oaaj0&sendb=1&data=event%3Dgtag.config&frm=0&url=file%3A%2F%2F%2FC%3A%2Fxampp%2Fhtdocs%2Fomanpost%2FOman%2520Post.html&tiba=Oman%20Post&async=1&fmt=3&is_vtc=1&random=1764778850&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/671103961/?random=1666703081582&cv=9&fst=1666702800000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=816&u_aw=1536&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=5&u_nmime=2>m=2oaaj0&sendb=1&data=event%3Dgtag.config&frm=0&url=file%3A%2F%2F%2FC%3A%2Fxampp%2Fhtdocs%2Fomanpost%2FOman%2520Post.html&tiba=Oman%20Post&async=1&fmt=3&is_vtc=1&random=1764778850&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 05:20:57 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.co.ma/pagead/1p-user-list/671103961/?random=1666698209040&cv=9&fst=1666695600000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=816&u_aw=1536&u_cd=24&u_his=6&u_tz=480&u_java=false&u_nplug=5&u_nmime=2>m=2oaaj0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fomanpost%2Fcard.php&tiba=Oman%20Post&async=1&fmt=3&is_vtc=1&random=3872249285&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.131200 OK 42 B URL HTTP/2 www.google.co.ma/pagead/1p-user-list/671103961/?random=1666698209040&cv=9&fst=1666695600000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=816&u_aw=1536&u_cd=24&u_his=6&u_tz=480&u_java=false&u_nplug=5&u_nmime=2>m=2oaaj0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fomanpost%2Fcard.php&tiba=Oman%20Post&async=1&fmt=3&is_vtc=1&random=3872249285&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.131:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/671103961/?random=1666698209040&cv=9&fst=1666695600000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=816&u_aw=1536&u_cd=24&u_his=6&u_tz=480&u_java=false&u_nplug=5&u_nmime=2>m=2oaaj0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fomanpost%2Fcard.php&tiba=Oman%20Post&async=1&fmt=3&is_vtc=1&random=3872249285&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.co.ma
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 05:20:57 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.co.ma/pagead/1p-user-list/671103961/?random=1666703081582&cv=9&fst=1666702800000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=816&u_aw=1536&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=5&u_nmime=2>m=2oaaj0&sendb=1&data=event%3Dgtag.config&frm=0&url=file%3A%2F%2F%2FC%3A%2Fxampp%2Fhtdocs%2Fomanpost%2FOman%2520Post.html&tiba=Oman%20Post&async=1&fmt=3&is_vtc=1&random=1764778850&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.131200 OK 42 B URL HTTP/2 www.google.co.ma/pagead/1p-user-list/671103961/?random=1666703081582&cv=9&fst=1666702800000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=816&u_aw=1536&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=5&u_nmime=2>m=2oaaj0&sendb=1&data=event%3Dgtag.config&frm=0&url=file%3A%2F%2F%2FC%3A%2Fxampp%2Fhtdocs%2Fomanpost%2FOman%2520Post.html&tiba=Oman%20Post&async=1&fmt=3&is_vtc=1&random=1764778850&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.131:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/671103961/?random=1666703081582&cv=9&fst=1666702800000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=816&u_aw=1536&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=5&u_nmime=2>m=2oaaj0&sendb=1&data=event%3Dgtag.config&frm=0&url=file%3A%2F%2F%2FC%3A%2Fxampp%2Fhtdocs%2Fomanpost%2FOman%2520Post.html&tiba=Oman%20Post&async=1&fmt=3&is_vtc=1&random=1764778850&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.co.ma
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 05:20:57 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/671103961/?random=1666698209040&cv=9&fst=1666695600000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=816&u_aw=1536&u_cd=24&u_his=6&u_tz=480&u_java=false&u_nplug=5&u_nmime=2>m=2oaaj0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fomanpost%2Fcard.php&tiba=Oman%20Post&async=1&fmt=3&is_vtc=1&random=3872249285&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/671103961/?random=1666698209040&cv=9&fst=1666695600000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=816&u_aw=1536&u_cd=24&u_his=6&u_tz=480&u_java=false&u_nplug=5&u_nmime=2>m=2oaaj0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fomanpost%2Fcard.php&tiba=Oman%20Post&async=1&fmt=3&is_vtc=1&random=3872249285&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/671103961/?random=1666698209040&cv=9&fst=1666695600000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=816&u_aw=1536&u_cd=24&u_his=6&u_tz=480&u_java=false&u_nplug=5&u_nmime=2>m=2oaaj0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fomanpost%2Fcard.php&tiba=Oman%20Post&async=1&fmt=3&is_vtc=1&random=3872249285&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 05:20:57 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/Fonts/Cairo-Regular.woff
89.46.104.45404 Not Found 32 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/Fonts/Cairo-Regular.woff
IP 89.46.104.45:0
Hash a846b5547ea48481a0716495a4ad6cd2
528a9e29086d3987efd053748bfa781d74ab403b
0957da87942e26a6ed8c75144af5a3629d753888149878d7fe1481a68f5edd6e
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/Fonts/Cairo-Regular.woff HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/css/blue_bot.css
Cookie: _gcl_au=1.1.1235708705.1670563256
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:57 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-origin: https://app.hu-manity.co
access-control-allow-methods: GET
link: <https://www.agenziagema.it/wp-json/>; rel="https://api.w.org/"
X-Firefox-Spdy: h2
www.google.co.ma/pagead/1p-user-list/671103961/?random=1666694441764&cv=11&fst=1666692000000&bg=ffffff&guid=ON&async=1>m=2oaaj0&u_w=1536&u_h=864&frm=0&url=https%3A%2F%2Fwww.omanpost.om%2Far%2Frate-calculator&ref=https%3A%2F%2Fwww.omanpost.om%2Far%2Fnode&tiba=%D8%AD%D8%A7%D8%B3%D8%A8%D8%A9%20%D8%A7%D9%84%D8%B3%D8%B9%D8%B1%20%7C%20Oman%20Post&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4279109453&rmt_tld=1&ipr=y
142.250.74.131200 OK 42 B URL HTTP/2 www.google.co.ma/pagead/1p-user-list/671103961/?random=1666694441764&cv=11&fst=1666692000000&bg=ffffff&guid=ON&async=1>m=2oaaj0&u_w=1536&u_h=864&frm=0&url=https%3A%2F%2Fwww.omanpost.om%2Far%2Frate-calculator&ref=https%3A%2F%2Fwww.omanpost.om%2Far%2Fnode&tiba=%D8%AD%D8%A7%D8%B3%D8%A8%D8%A9%20%D8%A7%D9%84%D8%B3%D8%B9%D8%B1%20%7C%20Oman%20Post&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4279109453&rmt_tld=1&ipr=y
IP 142.250.74.131:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/671103961/?random=1666694441764&cv=11&fst=1666692000000&bg=ffffff&guid=ON&async=1>m=2oaaj0&u_w=1536&u_h=864&frm=0&url=https%3A%2F%2Fwww.omanpost.om%2Far%2Frate-calculator&ref=https%3A%2F%2Fwww.omanpost.om%2Far%2Fnode&tiba=%D8%AD%D8%A7%D8%B3%D8%A8%D8%A9%20%D8%A7%D9%84%D8%B3%D8%B9%D8%B1%20%7C%20Oman%20Post&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4279109453&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.co.ma
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 05:20:57 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a0905812e8498e6c5c0a9b4b584b972f
039b784fd1e0152ec7f49a54ba027f0b2bd1e833
ee3531ef0f334dcd73a86b1e4365a020d5db69ff7b82bad136eaf1a8e9d3b47f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:20:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 451a99fa0db70e6fcb884cf188465944
1a80f1c6970d82a7c1a0108c51dbeadcca74137b
84b78f6ab929967946e8bb2c5f60d1f8b1cdebc30945a7d7f30142610efa2bd7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:20:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2556512b197b09798af71bea10bb4bbb
23b647aca5f8294ae82fa8cc7e2215ebe3347b60
3b5bd592342d978bcf8919d1a1e2f87295e2e4af5b5b266e6017b7a25725d08d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:20:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/671103961/?random=1670563257104&cv=9&fst=1670563257104&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oaaj0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.agenziagema.it%2Fomanpost%2Fauth%2Fcard.php&tiba=Oman%20Post&auid=1235708705.1670563256&hn=www.google.com&async=1&rfmt=3&fmt=4
142.250.74.162200 OK 967 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/671103961/?random=1670563257104&cv=9&fst=1670563257104&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oaaj0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.agenziagema.it%2Fomanpost%2Fauth%2Fcard.php&tiba=Oman%20Post&auid=1235708705.1670563256&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 142.250.74.162:0
File type ASCII text, with very long lines (2233), with no line terminators
Hash 45546e7c7ab5c93e252ce7e6529f3820
14d61f10f8ecb5a96066f7247b81771d2914ae98
16d34eeb611742a392373e9251879582ead8306c481aa56f20d7a4f49b74442f
GET /pagead/viewthroughconversion/671103961/?random=1670563257104&cv=9&fst=1670563257104&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oaaj0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.agenziagema.it%2Fomanpost%2Fauth%2Fcard.php&tiba=Oman%20Post&auid=1235708705.1670563256&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 05:20:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 967
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Dec-2022 05:35:58 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2556512b197b09798af71bea10bb4bbb
23b647aca5f8294ae82fa8cc7e2215ebe3347b60
3b5bd592342d978bcf8919d1a1e2f87295e2e4af5b5b266e6017b7a25725d08d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:20:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 32d90ff0cc366730c3633c1201b4c058
f4175292b607197a15085e14bf69df301dff6706
b4b2f80fbe9b02f3d54dc35a3738c31a4d7cb5a5e528fcbce50263d8c458231a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:20:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/671103961/?random=1670563257104&cv=9&fst=1670562000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oaaj0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.agenziagema.it%2Fomanpost%2Fauth%2Fcard.php&tiba=Oman%20Post&async=1&fmt=3&is_vtc=1&random=4114516109&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/671103961/?random=1670563257104&cv=9&fst=1670562000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oaaj0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.agenziagema.it%2Fomanpost%2Fauth%2Fcard.php&tiba=Oman%20Post&async=1&fmt=3&is_vtc=1&random=4114516109&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/671103961/?random=1670563257104&cv=9&fst=1670562000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oaaj0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.agenziagema.it%2Fomanpost%2Fauth%2Fcard.php&tiba=Oman%20Post&async=1&fmt=3&is_vtc=1&random=4114516109&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 05:20:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 32d90ff0cc366730c3633c1201b4c058
f4175292b607197a15085e14bf69df301dff6706
b4b2f80fbe9b02f3d54dc35a3738c31a4d7cb5a5e528fcbce50263d8c458231a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:20:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 615fddb7dcff0826f0a7dd4140f370b6
06d26c99fcf20516839a656c4c5b023088eb4eaa
f561bef7be5b58a820d37e40135c8bc83511ae9298e6317bf1761f7cc24941bf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6499
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:20:58 GMT
Last-Modified: Fri, 09 Dec 2022 03:32:39 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash 44ecaa3c2a4929a40141edc4540aaf84
f29a573182333b2500d41bfc389d6c5232dfb348
6589fe14578dedd4df678a909afadd7e5bc7f57c7e3e24518a7f5faac7383396
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: CFYFBTEln6YblSyd3eq7TO0IFE2QPx1XrwMPIIBT/XPWAtrHbUDgArISsQ+U6CzkhYdavMTm5iR7ttXRhM+gPw==
content-length: 27340
x-fb-trip-id: 1904183273
date: Fri, 09 Dec 2022 05:20:58 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 615fddb7dcff0826f0a7dd4140f370b6
06d26c99fcf20516839a656c4c5b023088eb4eaa
f561bef7be5b58a820d37e40135c8bc83511ae9298e6317bf1761f7cc24941bf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4883
Cache-Control: max-age=131131
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:20:58 GMT
Etag: "63920fe2-1d7"
Expires: Sat, 10 Dec 2022 17:46:29 GMT
Last-Modified: Thu, 08 Dec 2022 16:25:06 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
www.facebook.com/tr/?id=270278780604412&ev=PageView&dl=https%3A%2F%2Fwww.agenziagema.it%2Fomanpost%2Fauth%2Fcard.php&rl=&if=false&ts=1670563257792&sw=1280&sh=1024&ud[external_id]=ae5618d0e191e6cc8b009cccddabb956&v=2.9.89&r=stable&a=tmhubspot&ec=0&o=30&fbp=fb.1.1670563257791.858123793&it=1670563257612&coo=false&rqm=GET
157.240.221.35200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=270278780604412&ev=PageView&dl=https%3A%2F%2Fwww.agenziagema.it%2Fomanpost%2Fauth%2Fcard.php&rl=&if=false&ts=1670563257792&sw=1280&sh=1024&ud[external_id]=ae5618d0e191e6cc8b009cccddabb956&v=2.9.89&r=stable&a=tmhubspot&ec=0&o=30&fbp=fb.1.1670563257791.858123793&it=1670563257612&coo=false&rqm=GET
IP 157.240.221.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=270278780604412&ev=PageView&dl=https%3A%2F%2Fwww.agenziagema.it%2Fomanpost%2Fauth%2Fcard.php&rl=&if=false&ts=1670563257792&sw=1280&sh=1024&ud[external_id]=ae5618d0e191e6cc8b009cccddabb956&v=2.9.89&r=stable&a=tmhubspot&ec=0&o=30&fbp=fb.1.1670563257791.858123793&it=1670563257612&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Fri, 09 Dec 2022 05:20:58 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 6c4b726e79744f39eb11db2d3c8bd929
e606ee9fb3cb890a697cef08f1d64dd7c06d9084
9ee80c75dee2f13c92f915dabd80064afa975383df7c2e580f4efe21a83e1d6d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=98858
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 05:20:59 GMT
Etag: "6391a4e5-1d7"
Expires: Sat, 10 Dec 2022 08:48:37 GMT
Last-Modified: Thu, 08 Dec 2022 08:48:37 GMT
Server: nginx
Content-Length: 471
www.omanpost.om/sites/default/files/faviicon.png
77.83.61.72200 OK 846 B URL HTTP/1.1 www.omanpost.om/sites/default/files/faviicon.png
IP 77.83.61.72:0
ASN #209726 Omania E-Commerce LLC
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 449310656728e8e2010562f1ee2f820d
26007ad15ae2fb54e5bccf4006ba5136c5a073e7
63205ed436e802d61c86631dd0eab07e44ca125452a1a2a93a7d8c3202bc0575
GET /sites/default/files/faviicon.png HTTP/1.1
Host: www.omanpost.om
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 05:20:58 GMT
Last-Modified: Wed, 21 Sep 2022 18:19:09 GMT
ETag: "34e-5e933fb1ae140"
Accept-Ranges: bytes
Content-Length: 846
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/png
Set-Cookie: TS01aa021c=012c413b7e55fdb4d57679266104c3a8e38dbf0b223fe3ec16b8244999ca22fdb1e37d13d94f8401a56c4d78d303b6955b7c453f8f; Path=/; Domain=.www.omanpost.om; Secure; HTTPOnly
TS00be979b027=0885682318ab20008a8f4e0982217f1ca481505a960b648af03fc8f90c807cfa4e7924030e2cc317089230ab1511300086b1738eebd62c0559c2b6afb9ac4e906fe495feb31fcf24181c4babd61efbf18a0baf5defd65594d5e1b61814a8b1f6; Secure; Path=/
www.agenziagema.it/omanpost/auth/css/css_pU0Gutxb3_AkRm1jpb4J2yHFADrn1GC4X6-BiCbp8OU.PcTIl2kX5I0n.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_pU0Gutxb3_AkRm1jpb4J2yHFADrn1GC4X6-BiCbp8OU.PcTIl2kX5I0n.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_pU0Gutxb3_AkRm1jpb4J2yHFADrn1GC4X6-BiCbp8OU.PcTIl2kX5I0n.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_tc1yUQsgxCuzcFlB0TRLx0d3qsmn6yEH-YwlaT9YFaQ.xgycM7ainxkO.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_tc1yUQsgxCuzcFlB0TRLx0d3qsmn6yEH-YwlaT9YFaQ.xgycM7ainxkO.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_tc1yUQsgxCuzcFlB0TRLx0d3qsmn6yEH-YwlaT9YFaQ.xgycM7ainxkO.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/identity.js
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/identity.js
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/identity.js HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/chatbot-main.js.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/chatbot-main.js.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/chatbot-main.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_k0JAibD3ZCwTt24LYbnbS5BzPCdFlPO7VcjrGu4KVaQ.6LZkxwxDz1Qe.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_k0JAibD3ZCwTt24LYbnbS5BzPCdFlPO7VcjrGu4KVaQ.6LZkxwxDz1Qe.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_k0JAibD3ZCwTt24LYbnbS5BzPCdFlPO7VcjrGu4KVaQ.6LZkxwxDz1Qe.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_2tv6NKd6VcR1N5ldQj4rs1J-vWrmZJAHL2t1_wtWdnc.UlHsmm1_nMVL.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_2tv6NKd6VcR1N5ldQj4rs1J-vWrmZJAHL2t1_wtWdnc.UlHsmm1_nMVL.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_2tv6NKd6VcR1N5ldQj4rs1J-vWrmZJAHL2t1_wtWdnc.UlHsmm1_nMVL.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/fb.js.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/fb.js.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/fb.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/footer_insta.svg
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/footer_insta.svg
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/footer_insta.svg HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css__bho2B3wcqv1KxA6PF89Vchfhlcup6xthhL5g6Nr8mA.jiwRVixNti_K.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css__bho2B3wcqv1KxA6PF89Vchfhlcup6xthhL5g6Nr8mA.jiwRVixNti_K.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css__bho2B3wcqv1KxA6PF89Vchfhlcup6xthhL5g6Nr8mA.jiwRVixNti_K.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_dgIg2MFpwH0nWqaoaE6rvWQcqkHchwiYDIwzhZoABD4.eA6l7MTULyDx.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_dgIg2MFpwH0nWqaoaE6rvWQcqkHchwiYDIwzhZoABD4.eA6l7MTULyDx.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_dgIg2MFpwH0nWqaoaE6rvWQcqkHchwiYDIwzhZoABD4.eA6l7MTULyDx.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_uRaklTL9qw9LkAwudtpTItWV3KiJP8QHWtGM6P7CNk4.2mNgp1qsab5w.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_uRaklTL9qw9LkAwudtpTItWV3KiJP8QHWtGM6P7CNk4.2mNgp1qsab5w.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_uRaklTL9qw9LkAwudtpTItWV3KiJP8QHWtGM6P7CNk4.2mNgp1qsab5w.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_i0JCJIw_hNFirk25N3COBh3WqFTF0ZCxXh5hJxJtPzo.HkEk6qeEy792.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_i0JCJIw_hNFirk25N3COBh3WqFTF0ZCxXh5hJxJtPzo.HkEk6qeEy792.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_i0JCJIw_hNFirk25N3COBh3WqFTF0ZCxXh5hJxJtPzo.HkEk6qeEy792.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_EVhfUdaVXkvNw9zO4E0QZZiVgpom3xeBjCA2tKx6tFw.TO4rp1q_wfDC.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_EVhfUdaVXkvNw9zO4E0QZZiVgpom3xeBjCA2tKx6tFw.TO4rp1q_wfDC.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_EVhfUdaVXkvNw9zO4E0QZZiVgpom3xeBjCA2tKx6tFw.TO4rp1q_wfDC.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/270278780604412.js
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/270278780604412.js
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/270278780604412.js HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/recaptcha__es.js
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/recaptcha__es.js
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/recaptcha__es.js HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/IE_Support.js.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/IE_Support.js.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/IE_Support.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/card.php
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/card.php
IP 89.46.104.45:0
Analyzer Verdict Alert openphish Generic/Spear Phishing
fortinet Phishing
GET /omanpost/auth/card.php HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-servername: ipvsproxy17.ad.aruba.it
x-aruba-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_hnNz6IEhVN5_Of7XB76_NjHZmrmv1ZKZxqG2iC0qBgU.NegrY1KQZCBY.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_hnNz6IEhVN5_Of7XB76_NjHZmrmv1ZKZxqG2iC0qBgU.NegrY1KQZCBY.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_hnNz6IEhVN5_Of7XB76_NjHZmrmv1ZKZxqG2iC0qBgU.NegrY1KQZCBY.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/enterprise_002.js
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/enterprise_002.js
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/enterprise_002.js HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/jquery.min.js.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/jquery.min.js.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/jquery.min.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/feedback-web-fetcher.html
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/feedback-web-fetcher.html
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/feedback-web-fetcher.html HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:56 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/Fonts/Cairo-Bold.woff
89.46.104.45404 Not Found 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/Fonts/Cairo-Bold.woff
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/Fonts/Cairo-Bold.woff HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/css/blue_bot.css
Cookie: _gcl_au=1.1.1235708705.1670563256
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:57 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-origin: https://app.hu-manity.co
access-control-allow-methods: GET
link: <https://www.agenziagema.it/wp-json/>; rel="https://api.w.org/"
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/Fonts/Cairo-ExtraBold.woff
89.46.104.45404 Not Found 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/Fonts/Cairo-ExtraBold.woff
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/Fonts/Cairo-ExtraBold.woff HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/css/blue_bot.css
Cookie: _gcl_au=1.1.1235708705.1670563256
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:58 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-origin: https://app.hu-manity.co
access-control-allow-methods: GET
link: <https://www.agenziagema.it/wp-json/>; rel="https://api.w.org/"
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_Jh9H9K9-BJuuoTSVW_nQAGScCSCEvc18d2M8RZl-7gw.CsAauDK4Ec3C.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_Jh9H9K9-BJuuoTSVW_nQAGScCSCEvc18d2M8RZl-7gw.CsAauDK4Ec3C.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_Jh9H9K9-BJuuoTSVW_nQAGScCSCEvc18d2M8RZl-7gw.CsAauDK4Ec3C.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_wKgy1R3NftrbXNqjrGCnKPG2MuBS6VO7bNbGOiDkrg0.bFfU211E5qac.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_wKgy1R3NftrbXNqjrGCnKPG2MuBS6VO7bNbGOiDkrg0.bFfU211E5qac.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_wKgy1R3NftrbXNqjrGCnKPG2MuBS6VO7bNbGOiDkrg0.bFfU211E5qac.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/f.txt
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/f.txt
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/f.txt HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_w6uBS_e4lgzCuQI9WJcAU1zogOA0zSwJuUJPu8ixmEI.3A-1R8NGXOfT.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_w6uBS_e4lgzCuQI9WJcAU1zogOA0zSwJuUJPu8ixmEI.3A-1R8NGXOfT.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_w6uBS_e4lgzCuQI9WJcAU1zogOA0zSwJuUJPu8ixmEI.3A-1R8NGXOfT.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_Ih7MNLDbJFLNxyIAMZA6AH7GTsj7Ixfg-YNZd5gREBA.PS4GFM-jKabL.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_Ih7MNLDbJFLNxyIAMZA6AH7GTsj7Ixfg-YNZd5gREBA.PS4GFM-jKabL.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_Ih7MNLDbJFLNxyIAMZA6AH7GTsj7Ixfg-YNZd5gREBA.PS4GFM-jKabL.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_yJNsQTgR0By4d-QPblBXferxdxtJYAU88Epv43oeQdg.hi19I6QBMCow.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_yJNsQTgR0By4d-QPblBXferxdxtJYAU88Epv43oeQdg.hi19I6QBMCow.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_yJNsQTgR0By4d-QPblBXferxdxtJYAU88Epv43oeQdg.hi19I6QBMCow.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/recaptcha__es.js.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/recaptcha__es.js.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/recaptcha__es.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/enterprise.js
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/enterprise.js
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/enterprise.js HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/global_icon.svg
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/global_icon.svg
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/global_icon.svg HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/footer_linkedin.svg
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/footer_linkedin.svg
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/footer_linkedin.svg HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
chatbot.asyadexpress.com/botscript.js
77.83.62.107200 OK 0 B URL HTTP/2 chatbot.asyadexpress.com/botscript.js
IP 77.83.62.107:0
ASN #209726 Omania E-Commerce LLC
GET /botscript.js HTTP/1.1
Host: chatbot.asyadexpress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 09 Dec 2022 05:20:46 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
accept-ranges: bytes
last-modified: Mon, 22 Aug 2022 07:30:35 GMT
vary: Accept-Encoding
content-encoding: gzip
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_G0aO7IKLmcwiWC76a0VtNjBbUKBBh45lGO1caWIwU34.J63kRIITpwMJ.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_G0aO7IKLmcwiWC76a0VtNjBbUKBBh45lGO1caWIwU34.J63kRIITpwMJ.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_G0aO7IKLmcwiWC76a0VtNjBbUKBBh45lGO1caWIwU34.J63kRIITpwMJ.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/f_002.txt
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/f_002.txt
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/f_002.txt HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
static.hsappstatic.net/feedback-web-renderer-ui/static-1.12900/bundles/fetcher.js
104.17.8.210200 OK 0 B URL HTTP/2 static.hsappstatic.net/feedback-web-renderer-ui/static-1.12900/bundles/fetcher.js
IP 104.17.8.210:0
GET /feedback-web-renderer-ui/static-1.12900/bundles/fetcher.js HTTP/1.1
Host: static.hsappstatic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://app.hubspot.com
Connection: keep-alive
Referer: https://app.hubspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 05:20:58 GMT
content-type: application/javascript
access-control-allow-origin: https://app.hubspot.com
access-control-allow-methods: GET
access-control-max-age: 3000
access-control-allow-credentials: true
x-amz-replication-status: COMPLETED
last-modified: Tue, 22 Nov 2022 06:20:47 GMT
etag: W/"d03a04401a72b74ef6c2adfa00b24429"
x-amz-server-side-encryption: AES256
x-amz-version-id: Zl0aC32xEw9ZB33FPu_nKhyZiF1su08r
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 752474607e5162b3278b647bb0ff3818.cloudfront.net (CloudFront)
x-amz-cf-pop: HEL50-C1
x-amz-cf-id: AaZBg4yurw6Ao0nKMiYCu4lQrjqywjx-1u039shDZ0IuOHSo9g_zCg==
cf-cache-status: HIT
age: 1453987
expires: Sat, 09 Dec 2023 05:20:58 GMT
cache-control: public, max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N6eCQdU3qpzAEIYqo6drT2ghbw5DnM7AuCfWP6c%2B2N5LK9CtSew5MWJBAc4Hl4Jk43Ln2s1yStTwoFR6O4ij5Ys8mOxI%2BfqbkBLnru2xfjboPL1MHkYJcFKc6ptIxXGBq5YscU%2Fr8TE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 776b4b6dcdc7b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_VAR_3WVo2y_cPblOAShdArfPjLoXFETEpXDNoqZrOAI.kj_gNZCcor2I.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_VAR_3WVo2y_cPblOAShdArfPjLoXFETEpXDNoqZrOAI.kj_gNZCcor2I.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_VAR_3WVo2y_cPblOAShdArfPjLoXFETEpXDNoqZrOAI.kj_gNZCcor2I.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/linkedin_icon.svg
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/linkedin_icon.svg
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/linkedin_icon.svg HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/3984618.js.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/3984618.js.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/3984618.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/feedbackweb-new.js.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/feedbackweb-new.js.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/feedbackweb-new.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/dxa_resources.js.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/dxa_resources.js.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/dxa_resources.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/footer_twitter.svg
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/footer_twitter.svg
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/footer_twitter.svg HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/saved_resource2.html
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/saved_resource2.html
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/saved_resource2.html HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:56 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_dUCv1epc8sqnL7z6gQpbGkGEuBUi3xCV8oJMDzYJbiU.TZ3jD0TRVRE7.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_dUCv1epc8sqnL7z6gQpbGkGEuBUi3xCV8oJMDzYJbiU.TZ3jD0TRVRE7.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_dUCv1epc8sqnL7z6gQpbGkGEuBUi3xCV8oJMDzYJbiU.TZ3jD0TRVRE7.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_1acd1r1BtUbNq-JXtBWBLQjspJ1JdhsJIk5JPUl3KJU.G6s4gPZTzE0A.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_1acd1r1BtUbNq-JXtBWBLQjspJ1JdhsJIk5JPUl3KJU.G6s4gPZTzE0A.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_1acd1r1BtUbNq-JXtBWBLQjspJ1JdhsJIk5JPUl3KJU.G6s4gPZTzE0A.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_Lv1bP8JXpB3pSNozo4jmOwtgOWK1g_Pvv99cLDR_lLI.un_You6D4HIa.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_Lv1bP8JXpB3pSNozo4jmOwtgOWK1g_Pvv99cLDR_lLI.un_You6D4HIa.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_Lv1bP8JXpB3pSNozo4jmOwtgOWK1g_Pvv99cLDR_lLI.un_You6D4HIa.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_S0CjRkcjky_yJ41Zxhsu2ZTLiUhSpe5oWS0GzXceUiU.D3o9GnDSOeR8.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_S0CjRkcjky_yJ41Zxhsu2ZTLiUhSpe5oWS0GzXceUiU.D3o9GnDSOeR8.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_S0CjRkcjky_yJ41Zxhsu2ZTLiUhSpe5oWS0GzXceUiU.D3o9GnDSOeR8.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/f_005.txt
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/f_005.txt
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/f_005.txt HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_NlYuldsbnaLXcf3dKOyimQrINDr_ub0SmbMMEd79TSQ.FEwrmWV0ovFg.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_NlYuldsbnaLXcf3dKOyimQrINDr_ub0SmbMMEd79TSQ.FEwrmWV0ovFg.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_NlYuldsbnaLXcf3dKOyimQrINDr_ub0SmbMMEd79TSQ.FEwrmWV0ovFg.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_Q1K6lLtK2Nwq-2R8XTxmH58HqZFaow1BJLWTIYtxn7Y.NBaa9xsCtF_r.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_Q1K6lLtK2Nwq-2R8XTxmH58HqZFaow1BJLWTIYtxn7Y.NBaa9xsCtF_r.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_Q1K6lLtK2Nwq-2R8XTxmH58HqZFaow1BJLWTIYtxn7Y.NBaa9xsCtF_r.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/identity_002.js
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/identity_002.js
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/identity_002.js HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/fbevents_002.js
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/fbevents_002.js
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/fbevents_002.js HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_xcV1VbAOaq_lTLgSuP5q6fpDB9lgw6_ubXm7g_TqGww.oGRZYK3hUnYK.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_xcV1VbAOaq_lTLgSuP5q6fpDB9lgw6_ubXm7g_TqGww.oGRZYK3hUnYK.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_xcV1VbAOaq_lTLgSuP5q6fpDB9lgw6_ubXm7g_TqGww.oGRZYK3hUnYK.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_IZAuvYHtwa62RyW-QfI9XOQzI9Ql7rei9_ulW9Rd87g.aqSI4W7FpeU4.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_IZAuvYHtwa62RyW-QfI9XOQzI9Ql7rei9_ulW9Rd87g.aqSI4W7FpeU4.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_IZAuvYHtwa62RyW-QfI9XOQzI9Ql7rei9_ulW9Rd87g.aqSI4W7FpeU4.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_pxykVoevkIE8NaLJCyFD9DfdVU9BIYAKeCZ4yQ7dUXI.ito4OuPxuz92.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_pxykVoevkIE8NaLJCyFD9DfdVU9BIYAKeCZ4yQ7dUXI.ito4OuPxuz92.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_pxykVoevkIE8NaLJCyFD9DfdVU9BIYAKeCZ4yQ7dUXI.ito4OuPxuz92.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/recaptcha__es_002.js
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/recaptcha__es_002.js
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/recaptcha__es_002.js HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_rBIqZVBIuePlh5HcHJagk0J6UraUAUbgK2dWoQXZhoA.oPtwpbQWbqve.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_rBIqZVBIuePlh5HcHJagk0J6UraUAUbgK2dWoQXZhoA.oPtwpbQWbqve.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_rBIqZVBIuePlh5HcHJagk0J6UraUAUbgK2dWoQXZhoA.oPtwpbQWbqve.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_2ZIQEH23X5MiYNnG0xXxF4-mLNnDM1COX_Q2nrLEUNA.BNwR_30OUEkj.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_2ZIQEH23X5MiYNnG0xXxF4-mLNnDM1COX_Q2nrLEUNA.BNwR_30OUEkj.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_2ZIQEH23X5MiYNnG0xXxF4-mLNnDM1COX_Q2nrLEUNA.BNwR_30OUEkj.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_55HfDL_0KdLcPWXl8PtxRl0jwaj5S_5E1xUa_ZYP5B8.J5dXbEp0FdeI.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_55HfDL_0KdLcPWXl8PtxRl0jwaj5S_5E1xUa_ZYP5B8.J5dXbEp0FdeI.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_55HfDL_0KdLcPWXl8PtxRl0jwaj5S_5E1xUa_ZYP5B8.J5dXbEp0FdeI.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_yhEe2kY1QMIEbzO7NJ-hWQzMcMdPprtZ2Mkm_Hfg-pg.l_5ZkiCBh5Ec.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_yhEe2kY1QMIEbzO7NJ-hWQzMcMdPprtZ2Mkm_Hfg-pg.l_5ZkiCBh5Ec.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_yhEe2kY1QMIEbzO7NJ-hWQzMcMdPprtZ2Mkm_Hfg-pg.l_5ZkiCBh5Ec.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_FwDU3h2OfEDALY-gMvi0omrPyWfxcOyIQ2svT7Hyzxc.KZBkzzAnxe-r.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_FwDU3h2OfEDALY-gMvi0omrPyWfxcOyIQ2svT7Hyzxc.KZBkzzAnxe-r.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_FwDU3h2OfEDALY-gMvi0omrPyWfxcOyIQ2svT7Hyzxc.KZBkzzAnxe-r.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Cairo:wght@200;300;400;500;600;700;800;900&family=Roboto:wght@100;300;400;500;700;900&display=swap
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Cairo:wght@200;300;400;500;600;700;800;900&family=Roboto:wght@100;300;400;500;700;900&display=swap
IP 142.250.74.106:0
GET /css2?family=Cairo:wght@200;300;400;500;600;700;800;900&family=Roboto:wght@100;300;400;500;700;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 09 Dec 2022 05:20:56 GMT
date: Fri, 09 Dec 2022 05:20:56 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/feedback-web-fetcher_002_data/fetcher.js
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/feedback-web-fetcher_002_data/fetcher.js
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/feedback-web-fetcher_002_data/fetcher.js HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/css/feedback-web-fetcher_002.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:56 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/Fonts/Cairo-SemiBold.woff2
89.46.104.45404 Not Found 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/Fonts/Cairo-SemiBold.woff2
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/Fonts/Cairo-SemiBold.woff2 HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/css/blue_bot.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:57 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-origin: https://app.hu-manity.co
access-control-allow-methods: GET
link: <https://www.agenziagema.it/wp-json/>; rel="https://api.w.org/"
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/identity.js.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/identity.js.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/identity.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/footer_facebook.svg
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/footer_facebook.svg
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/footer_facebook.svg HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_ucxQFlXS0b0PBDka9bgwb5tJEo_xfijNcIa6_02DMWs.aUAQ43IqLoV1.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_ucxQFlXS0b0PBDka9bgwb5tJEo_xfijNcIa6_02DMWs.aUAQ43IqLoV1.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_ucxQFlXS0b0PBDka9bgwb5tJEo_xfijNcIa6_02DMWs.aUAQ43IqLoV1.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_jHT2a4ztivwTBQu-edcn4JXhTC1kfypKQ2EnmZiNbrw.LmcmpEXQcHAZ.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_jHT2a4ztivwTBQu-edcn4JXhTC1kfypKQ2EnmZiNbrw.LmcmpEXQcHAZ.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_jHT2a4ztivwTBQu-edcn4JXhTC1kfypKQ2EnmZiNbrw.LmcmpEXQcHAZ.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_J6dLcwxLPT2uFEuf2TVbXMPFtkZKGxtZV5vaIL-CqGU.mnKAk4O75PvW.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_J6dLcwxLPT2uFEuf2TVbXMPFtkZKGxtZV5vaIL-CqGU.mnKAk4O75PvW.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_J6dLcwxLPT2uFEuf2TVbXMPFtkZKGxtZV5vaIL-CqGU.mnKAk4O75PvW.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/fbevents.js
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/fbevents.js
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/fbevents.js HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_cNsTyM7C3t4TCUEg0VA4PXzn0H6dE6W18zFbGRnQ-f4.afz3aCt3EXZj.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_cNsTyM7C3t4TCUEg0VA4PXzn0H6dE6W18zFbGRnQ-f4.afz3aCt3EXZj.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_cNsTyM7C3t4TCUEg0VA4PXzn0H6dE6W18zFbGRnQ-f4.afz3aCt3EXZj.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_YgAHkBJi9Ni-9F7uzPGNgev_md-vkMtl6mCLeP2RGQo.ZqjN8jv0p5CR.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_YgAHkBJi9Ni-9F7uzPGNgev_md-vkMtl6mCLeP2RGQo.ZqjN8jv0p5CR.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_YgAHkBJi9Ni-9F7uzPGNgev_md-vkMtl6mCLeP2RGQo.ZqjN8jv0p5CR.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/collectedforms.js.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/collectedforms.js.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/collectedforms.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/Fonts/Cairo-ExtraBold.woff2
89.46.104.45404 Not Found 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/Fonts/Cairo-ExtraBold.woff2
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/Fonts/Cairo-ExtraBold.woff2 HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/css/blue_bot.css
Cookie: _gcl_au=1.1.1235708705.1670563256
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:58 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-origin: https://app.hu-manity.co
access-control-allow-methods: GET
link: <https://www.agenziagema.it/wp-json/>; rel="https://api.w.org/"
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/botscript_002.js
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/botscript_002.js
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/botscript_002.js HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/facebook_icon.svg
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/facebook_icon.svg
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/facebook_icon.svg HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/Insta_icon.svg
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/Insta_icon.svg
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/Insta_icon.svg HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/footer_phone.svg
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/footer_phone.svg
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/footer_phone.svg HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_uAyU8TXfNv4LwU1hWzuVwVsjR1f9QybnN7Z-VbdCWFs.EFBJOYM0AbU5.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_uAyU8TXfNv4LwU1hWzuVwVsjR1f9QybnN7Z-VbdCWFs.EFBJOYM0AbU5.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_uAyU8TXfNv4LwU1hWzuVwVsjR1f9QybnN7Z-VbdCWFs.EFBJOYM0AbU5.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/270278780604412_002.js
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/270278780604412_002.js
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/270278780604412_002.js HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/js_AUXB-GZh0TdDhyDwitzmhxKwq3ZlbmJA-6BCtzpCDdA.O79OPOyR.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/js_AUXB-GZh0TdDhyDwitzmhxKwq3ZlbmJA-6BCtzpCDdA.O79OPOyR.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/js_AUXB-GZh0TdDhyDwitzmhxKwq3ZlbmJA-6BCtzpCDdA.O79OPOyR.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:56 GMT
content-length: 126341
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/fetcher.js.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/fetcher.js.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/fetcher.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/css/feedback-web-fetcher.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:56 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_O40hGTtRJP6DjoYkOlfNxDvKxMFENQsiy8CAnElvskw.N4jNf-1Zjlwy.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_O40hGTtRJP6DjoYkOlfNxDvKxMFENQsiy8CAnElvskw.N4jNf-1Zjlwy.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_O40hGTtRJP6DjoYkOlfNxDvKxMFENQsiy8CAnElvskw.N4jNf-1Zjlwy.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/f_004.txt
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/f_004.txt
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/f_004.txt HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/fbevents.js.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/fbevents.js.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/fbevents.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/3984618.js(1).descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/3984618.js(1).descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/3984618.js(1).descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-length: 62027
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/enterprise.js.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/enterprise.js.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/enterprise.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_OHf71oeIOrre6SR138MouAIETLdJCAkllYsqURtmm0A.gN2SiQ6ztc8p.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_OHf71oeIOrre6SR138MouAIETLdJCAkllYsqURtmm0A.gN2SiQ6ztc8p.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_OHf71oeIOrre6SR138MouAIETLdJCAkllYsqURtmm0A.gN2SiQ6ztc8p.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_reN1Rf9p6knCpaEWoTA2UV7CylUfuliY_aLstcUPrjE.WxWebvQdu6Hf.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_reN1Rf9p6knCpaEWoTA2UV7CylUfuliY_aLstcUPrjE.WxWebvQdu6Hf.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_reN1Rf9p6knCpaEWoTA2UV7CylUfuliY_aLstcUPrjE.WxWebvQdu6Hf.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Fri, 09 Dec 2022 05:20:55 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2