www.agenziagema.it/omanpost/auth/card.php
89.46.104.45301 Moved Permanently 168 B URL HTTP/1.1 www.agenziagema.it/omanpost/auth/card.php
IP 89.46.104.45:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 82f04704c04c2706b1b96a73be2ff3a9
8cd210a378b7f54ce8945cdf1c7ce1f696171eee
ede97dbf06b3e703cd950b3591a29351ce9b24eccab58b1a913b3c7e4571bf02
Analyzer Verdict Alert openphish Generic/Spear Phishing
fortinet Phishing
GET /omanpost/auth/card.php HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: aruba-proxy
Date: Thu, 08 Dec 2022 20:26:15 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
Location: https://www.agenziagema.it/omanpost/auth/card.php
X-ServerName: ipvsproxy17.ad.aruba.it
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7181eff9c60e83eb0004ece591e47dca
0fd8cd0c9d10b0547938982e57d2c43e2d98679f
89c5c0e2d6890798644174a8e31976aec03a1b3deb03812afbb520e5ed68f522
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89C5C0E2D6890798644174A8E31976AEC03A1B3DEB03812AFBB520E5ED68F522"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2995
Expires: Thu, 08 Dec 2022 21:16:10 GMT
Date: Thu, 08 Dec 2022 20:26:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aea93551fa9deb76ae49a3b4019d64fe
e3b8862057ebe839959228e42246d7b1807fc90c
7e210f03b140418085e94ec20c1d27d6ecf7a404cbd323e16476ae5ae95d6dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E210F03B140418085E94EC20C1D27D6ECF7A404CBD323E16476AE5AE95D6DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17929
Expires: Fri, 09 Dec 2022 01:25:04 GMT
Date: Thu, 08 Dec 2022 20:26:15 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 08 Dec 2022 20:08:13 GMT
content-type: application/json
age: 1082
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 00e7703bd74975689fc9050356aaca6b
9788fe6a36d6f278e8da329ebc5dd87bcd212317
593bc437ff8a8233516c62613d50220fcb25b9f967ed5fb384c253f0db135103
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "593BC437FF8A8233516C62613D50220FCB25B9F967ED5FB384C253F0DB135103"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2457
Expires: Thu, 08 Dec 2022 21:07:12 GMT
Date: Thu, 08 Dec 2022 20:26:15 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ai4/LX7Fz2srzSUoLCPvAepmWZqHvsbk/bhco266GKlqsb0mXAYXUnYMwGm02Y4v7SclrNkWRPM=
x-amz-request-id: T1NN6FMNPBEQKGRH
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 08 Dec 2022 19:49:56 GMT
age: 2179
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 20:26:15 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp06.actalis.it/VA/AUTHDV-G3
109.70.240.114200 3.9 kB URL HTTP/1.1 ocsp06.actalis.it/VA/AUTHDV-G3
IP 109.70.240.114:0
Hash 7a9639f70c96719dfbbd521313f9932b
86c2ca7ba502ea66c10757034d4bc340aea32866
e6a7a3302513c6b5809780d8ea0db0bc428fbdd4c3401d49b1c36a8beab7e792
POST /VA/AUTHDV-G3 HTTP/1.1
Host: ocsp06.actalis.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Server: nginx
Date: Thu, 08 Dec 2022 20:26:15 GMT
Content-Type: application/ocsp-response
Content-Length: 3926
Connection: keep-alive
Last-Modified: Thu, 08 Dec 2022 15:40:00 GMT
Expires: Fri, 09 Dec 2022 15:39:59 GMT
ETag: "86c2ca7ba502ea66c10757034d4bc340aea32866"
www.agenziagema.it/omanpost/auth/css/css_IdyaKDUhwh18SXW_-pVSzy-gErqgntz20y51CuFE1Yg.x5nsh_uKblK9.css
89.46.104.45200 OK 95 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_IdyaKDUhwh18SXW_-pVSzy-gErqgntz20y51CuFE1Yg.x5nsh_uKblK9.css
IP 89.46.104.45:0
Hash 0b9cb6dc1250d392805b4e6797327401
311744f30b9293df13cea1afc41456cea5fc449f
c799ec87fb8a6e52bd93a883abdc71eef0dec77d2365ce4c2f46178a3e0909fd
GET /omanpost/auth/css/css_IdyaKDUhwh18SXW_-pVSzy-gErqgntz20y51CuFE1Yg.x5nsh_uKblK9.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:15 GMT
content-type: text/css
content-length: 95
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_el-Wcqt4lri-ntglA04M2hmxjJG3wl6Wf7KoZF5AVNk.xXMNGfQ_Fg-q.css
89.46.104.45200 OK 222 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_el-Wcqt4lri-ntglA04M2hmxjJG3wl6Wf7KoZF5AVNk.xXMNGfQ_Fg-q.css
IP 89.46.104.45:0
Hash 6b29a6ec09e466adf3c0b39a630506af
f08fd80247fe0baffa97da5c13e6d67d2f10645f
c5730d19f43f160faa47af29f7e1dc2bafc393be75aa71d21dc93c775a1833c0
GET /omanpost/auth/css/css_el-Wcqt4lri-ntglA04M2hmxjJG3wl6Wf7KoZF5AVNk.xXMNGfQ_Fg-q.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:15 GMT
content-type: text/css
content-length: 222
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_8_iZM3tVCJgrOIixipC2yzkLO7WA5H5L-Z5lkjPcst0.8xdGy7dXc6zJ.css
89.46.104.45200 OK 127 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_8_iZM3tVCJgrOIixipC2yzkLO7WA5H5L-Z5lkjPcst0.8xdGy7dXc6zJ.css
IP 89.46.104.45:0
File type troff or preprocessor input, ASCII text
Hash a3d07af30e7dc57b0647e417e27ac938
2eeb4a7e1dc2e86a6a0664bd6fc2fe7ba3009baa
f31746cbb75773acc9358471805e24d2f80184a9686f2e4dfbf57530c3a583c0
GET /omanpost/auth/css/css_8_iZM3tVCJgrOIixipC2yzkLO7WA5H5L-Z5lkjPcst0.8xdGy7dXc6zJ.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:15 GMT
content-type: text/css
content-length: 127
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_gI82JN7fIF-SGN50PytbEmxnJWEAQxvtbUTFwMI-s0M.kpMc62oK0cmz.css
89.46.104.45200 OK 95 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_gI82JN7fIF-SGN50PytbEmxnJWEAQxvtbUTFwMI-s0M.kpMc62oK0cmz.css
IP 89.46.104.45:0
Hash a203bfb5819742d466b5e99af480009a
cc0323b65fd726ef89264b2a7a6d3d7c4999a5e2
92931ceb6a0ad1c9b3e8fc6f335b9dfd6f0c7c8ee36f089bb10241c142a78faa
GET /omanpost/auth/css/css_gI82JN7fIF-SGN50PytbEmxnJWEAQxvtbUTFwMI-s0M.kpMc62oK0cmz.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
content-length: 95
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_SxLAHwP370XBgXUS2Z62BuUN3Co-7x1Xcq1Yl0eCpZc.Sk-ip5PYfIjx.css
89.46.104.45200 OK 96 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_SxLAHwP370XBgXUS2Z62BuUN3Co-7x1Xcq1Yl0eCpZc.Sk-ip5PYfIjx.css
IP 89.46.104.45:0
Hash 02de344715c6ec9a3745ff2186d32b9d
f2f39b2ca9e9397b53ab76a7b3938edc138a24cf
4a4fa2a793d87c88f1509f370dbc40b6deec2188b6a918f92365f873b7bc566d
GET /omanpost/auth/css/css_SxLAHwP370XBgXUS2Z62BuUN3Co-7x1Xcq1Yl0eCpZc.Sk-ip5PYfIjx.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
content-length: 96
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_M_0qFAIRstYTrNLFLKdq90tmSs-HI22nuKcKoGYWres.C2HgH6D6Auuj.css
89.46.104.45200 OK 163 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_M_0qFAIRstYTrNLFLKdq90tmSs-HI22nuKcKoGYWres.C2HgH6D6Auuj.css
IP 89.46.104.45:0
Hash 47dd1a9ab77932b92b6c8e68b9b41e77
ee55f889a03fdcf021fa916b6b7cfed8db417249
0b61e01fa0fa02eba3c6a074427ddf2a6cf98c01727b2796309b2b5b005fac70
GET /omanpost/auth/css/css_M_0qFAIRstYTrNLFLKdq90tmSs-HI22nuKcKoGYWres.C2HgH6D6Auuj.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
content-length: 163
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_bVow4uEk4HTxJlij7iBDGWb2uzTpNXMPgpIeHq8jiPw.0Qb5zpcCHmzp.css
89.46.104.45200 OK 255 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_bVow4uEk4HTxJlij7iBDGWb2uzTpNXMPgpIeHq8jiPw.0Qb5zpcCHmzp.css
IP 89.46.104.45:0
Hash 3f385ed519713c40ed2b0a54d46fa41f
f6cb306ad8abac4c5118c3f6156027c48c20a53a
d106f9ce97021e6ce9a05e593a70ec7e4956667eab83726c9eb1b473b709fb8e
GET /omanpost/auth/css/css_bVow4uEk4HTxJlij7iBDGWb2uzTpNXMPgpIeHq8jiPw.0Qb5zpcCHmzp.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
content-length: 255
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_CBqy8DMdqdIgL5smEe0nXdZjoPEd2JboOy2R6U8-hFs.hI45W2fFp3YR.css
89.46.104.45200 OK 254 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_CBqy8DMdqdIgL5smEe0nXdZjoPEd2JboOy2R6U8-hFs.hI45W2fFp3YR.css
IP 89.46.104.45:0
Hash 2b0eab579f340584d882972331e29be5
92490a444067d58a48585e254f8c69a3bb13e5b9
848e395b67c5a776114425ac9ea4cc4f809cdca2caf2685fd2f6a94eba4c7238
GET /omanpost/auth/css/css_CBqy8DMdqdIgL5smEe0nXdZjoPEd2JboOy2R6U8-hFs.hI45W2fFp3YR.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
content-length: 254
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_wCWV-1NThDs5c7UFjqb-yORX0g5eUrJTJOFQw4SpzKk.Miyqnl_bmWpa.css
89.46.104.45200 OK 171 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_wCWV-1NThDs5c7UFjqb-yORX0g5eUrJTJOFQw4SpzKk.Miyqnl_bmWpa.css
IP 89.46.104.45:0
Hash b2ebfb826e035334340193b42246b180
b421704f2c038d22d83c36053f2624075dcc41d6
322caa9e5fdb996a5afa9ef6283b3f0646c72c2add2f2540a82ac24e7c7d917a
GET /omanpost/auth/css/css_wCWV-1NThDs5c7UFjqb-yORX0g5eUrJTJOFQw4SpzKk.Miyqnl_bmWpa.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
content-length: 171
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_UH9Z3L5qClRdM0x1B7Sasv3k-ZXXUOwMNo2eyMliSqA.oIp3LEn-9Xf9.css
89.46.104.45200 OK 202 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_UH9Z3L5qClRdM0x1B7Sasv3k-ZXXUOwMNo2eyMliSqA.oIp3LEn-9Xf9.css
IP 89.46.104.45:0
Hash 98d24ff864c7699dfa6da9190c5e70df
9a9039a3d467a594dbb90f18926dccc87264be47
a08a772c49fef577fd5e0a37663d6d010473be40763496bedb29cf77176bc7b8
GET /omanpost/auth/css/css_UH9Z3L5qClRdM0x1B7Sasv3k-ZXXUOwMNo2eyMliSqA.oIp3LEn-9Xf9.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
content-length: 202
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_J0nq0fKbdRqUnBfru6HIC8wYujuHkypo5e2sToPfR2U.tG4PQo_c5AZ3.css
89.46.104.45200 OK 126 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_J0nq0fKbdRqUnBfru6HIC8wYujuHkypo5e2sToPfR2U.tG4PQo_c5AZ3.css
IP 89.46.104.45:0
Hash f6ed3b44832bebffa09fc3b4b6ce27ab
d10c7833ed17abcaeda4a08f6131efb5429c6676
b46e0f428fdce40677abe43f33575023b1b2d87cc3285138bb06b253313a7665
GET /omanpost/auth/css/css_J0nq0fKbdRqUnBfru6HIC8wYujuHkypo5e2sToPfR2U.tG4PQo_c5AZ3.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
content-length: 126
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css__Jd5jGOK2GKkWJ39lq12bpzDKZcqQg7jBxXFi9MwHsU.2Z3U1YHHAG6r.css
89.46.104.45200 OK 208 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css__Jd5jGOK2GKkWJ39lq12bpzDKZcqQg7jBxXFi9MwHsU.2Z3U1YHHAG6r.css
IP 89.46.104.45:0
Hash 4a3d036007ba8c8c80f4a21a369c72cc
a7d05d2a67021ec0b607299915ca6035c699fe7a
d99dd4d581c7006eabeebac8e77dbeae96fbc430cfa28bfffa222f4348d17127
GET /omanpost/auth/css/css__Jd5jGOK2GKkWJ39lq12bpzDKZcqQg7jBxXFi9MwHsU.2Z3U1YHHAG6r.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
content-length: 208
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_ge77twVlK6eLqiAYlQJBlCuou5uhadLFsUQTdQa_ewc.58lhDsDZIxce.css
89.46.104.45200 OK 169 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_ge77twVlK6eLqiAYlQJBlCuou5uhadLFsUQTdQa_ewc.58lhDsDZIxce.css
IP 89.46.104.45:0
Hash 2bc390c137c5205bbcd7645d6c1c86de
e8cbbd2a263a96347f395d553a40f8ecf7053212
e7c9610ec0d923171ec822d71c9b605456b690320a72f4546af38aedf87737a7
GET /omanpost/auth/css/css_ge77twVlK6eLqiAYlQJBlCuou5uhadLFsUQTdQa_ewc.58lhDsDZIxce.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
content-length: 169
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Last-Modified, ETag, Cache-Control, Alert, Content-Length, Pragma, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 08 Dec 2022 20:07:55 GMT
age: 1101
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_8lKoROJ6Zu-Ki-T_vXUG-vt_fs5ttWI6GG5SZsUQ9fA.fg9D1yGwfSnW.css
89.46.104.45200 OK 203 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_8lKoROJ6Zu-Ki-T_vXUG-vt_fs5ttWI6GG5SZsUQ9fA.fg9D1yGwfSnW.css
IP 89.46.104.45:0
Hash d10589366720f9c15b66df434baab4da
2ece37cadd4a56366eefaa911ede7ce226d68490
7e0f43d721b07d29d6310e31aa037a28371e3d85d5ad27592ab1daab3a589e54
GET /omanpost/auth/css/css_8lKoROJ6Zu-Ki-T_vXUG-vt_fs5ttWI6GG5SZsUQ9fA.fg9D1yGwfSnW.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
content-length: 203
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_YgAHkBJi9Ni-9F7uzPGNgev_md-vkMtl6mCLeP2RGQo.ZqjN8jv0p5CR.css
89.46.104.45200 OK 822 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_YgAHkBJi9Ni-9F7uzPGNgev_md-vkMtl6mCLeP2RGQo.ZqjN8jv0p5CR.css
IP 89.46.104.45:0
Hash a3baaec75a4fcce42976dab08f98515e
ca84e24f2d45f9a7c93176bea0c0930ade73f73b
10e5694d571592ef751a7a6a84f9217722d255b51a45ff20adebb7f440487fa0
GET /omanpost/auth/css/css_YgAHkBJi9Ni-9F7uzPGNgev_md-vkMtl6mCLeP2RGQo.ZqjN8jv0p5CR.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_G0aO7IKLmcwiWC76a0VtNjBbUKBBh45lGO1caWIwU34.J63kRIITpwMJ.css
89.46.104.45200 OK 778 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_G0aO7IKLmcwiWC76a0VtNjBbUKBBh45lGO1caWIwU34.J63kRIITpwMJ.css
IP 89.46.104.45:0
Hash 5e381772bf56e0035a20175789cf6529
0a23f6b04aaf2c8944e7a928ff1cc0bc646b1bea
e91f610d121af0d4daa419ba59a18059d0e96c77161cc3a850388e33dc3a3bbe
GET /omanpost/auth/css/css_G0aO7IKLmcwiWC76a0VtNjBbUKBBh45lGO1caWIwU34.J63kRIITpwMJ.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/3984618.js(1).descarga
89.46.104.45200 OK 62 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/3984618.js(1).descarga
IP 89.46.104.45:0
File type ASCII text, with very long lines (60809)
Hash 05ea727739848047a1887d2b4564ac95
2f04677fd04178e4d7d008bbcb79043b96613040
3b7e7ec3138c53a3429b42e8ca9d4f16468a05d4e3f17627c4aeb4eea6d34d21
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/3984618.js(1).descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-length: 62027
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/270278780604412
89.46.104.45200 OK 299 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/270278780604412
IP 89.46.104.45:0
File type ASCII text, with very long lines (64471)
Size 299 kB (299407 bytes)
Hash f55dc2845557c47b0a3ed135cb8adc0d
7dfb8ac4951d575ef0a795ee8562fecccf2e6604
d51b23e5b21f6debedecea0658421e4ec9152532b466e7ed6dc971128edecaf4
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/270278780604412 HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-length: 299407
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
x-aruba-cache: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/js_002
89.46.104.45200 OK 121 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/js_002
IP 89.46.104.45:0
File type ASCII text, with very long lines (1588)
Size 121 kB (121129 bytes)
Hash cfa9df38680f3df9d492c49f04c75842
0893f793b7c4e2b7628aabc4b615f93745de2c00
98d052577c9f2db7702048f4c61ba0a82762a176b240da7af02537fe5122c44b
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/js_002 HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-length: 121129
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
x-aruba-cache: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/js_003
89.46.104.45200 OK 121 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/js_003
IP 89.46.104.45:0
File type ASCII text, with very long lines (1588)
Size 121 kB (121129 bytes)
Hash 716e59c6c915b8f6512ba76f92859630
179a12e38623059cc63d28d5b8b56cba9df11f43
b5c9ed82a7c0ef270c338ef1211c6ee7b03443ae0b8fae7655e3fa1718920214
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/js_003 HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-length: 121129
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
x-aruba-cache: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/oman_logo.png
89.46.104.45200 OK 18 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/oman_logo.png
IP 89.46.104.45:0
File type PNG image data, 250 x 84, 8-bit/color RGBA, non-interlaced\012- data
Hash c0bfe756370c54e7d039db3f46f37c2f
4e1e9dfa74251110e5e619b83983a74196c71722
1fa32268fe00bb4a6e53e4232819cdddbb2090aa2d70a51a165f95356a5e3447
GET /omanpost/auth/css/oman_logo.png HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: image/png
content-length: 18106
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/js_rj18GuJdEluY6ZXnWFNccOrLx6Cttlxbe0WMNVQOx_M.o9-Lxje6.descarga
89.46.104.45200 OK 6.3 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/js_rj18GuJdEluY6ZXnWFNccOrLx6Cttlxbe0WMNVQOx_M.o9-Lxje6.descarga
IP 89.46.104.45:0
File type ASCII text, with CRLF, LF line terminators
Hash 4d686b082a485c0f9dd11ceb061c2df0
a2bf5bfd17fc8c0b758c5a85cc0a03a27cffe071
a3df8bc637ba760030b5ea14d157217edae0f56a1e1e441b21bff27a9b8ca136
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/js_rj18GuJdEluY6ZXnWFNccOrLx6Cttlxbe0WMNVQOx_M.o9-Lxje6.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-length: 6305
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/js_iv6gm45-1kdip0HTT0CR0mwTVIChorMpRmGgP8rnHtM.WVmF6ocM.descarga
89.46.104.45200 OK 13 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/js_iv6gm45-1kdip0HTT0CR0mwTVIChorMpRmGgP8rnHtM.WVmF6ocM.descarga
IP 89.46.104.45:0
Hash cbf39358ca072a785e07d207e2f2b235
ce33fd2903eca3e3d7fa35e654636273d97112d4
595985ea870cf954d2ba1a1cfb27f79c9651bae95aa10b07126b7f806c55fb8c
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/js_iv6gm45-1kdip0HTT0CR0mwTVIChorMpRmGgP8rnHtM.WVmF6ocM.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-length: 13297
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/js_y7LrBMmE5AnaXhpWkEvbzoNNb1f6p9tLLIgTiGDfqsI.ZYwoFe6V.descarga
89.46.104.45200 OK 1.3 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/js_y7LrBMmE5AnaXhpWkEvbzoNNb1f6p9tLLIgTiGDfqsI.ZYwoFe6V.descarga
IP 89.46.104.45:0
Hash 568d2631ef8b318d7427fbfdf0c3cc75
4fcb5199d7a0d24047f237f7b138f6c25d682edb
658c2815ee95d2a2cdf9e8f9badc41c8d68d05708cd7e68d59f9a53b109dca34
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/js_y7LrBMmE5AnaXhpWkEvbzoNNb1f6p9tLLIgTiGDfqsI.ZYwoFe6V.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-length: 1264
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/js_PROwe7KaFeBw67Kp-oon6LGlQnDnK87XXYlAbI1ZreE.XuwM8l5x.descarga
89.46.104.45200 OK 10 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/js_PROwe7KaFeBw67Kp-oon6LGlQnDnK87XXYlAbI1ZreE.XuwM8l5x.descarga
IP 89.46.104.45:0
Hash 08db111cec5ee0474aeb7ea41585a82e
cd9cfb719d26d548f89afc2b4621615e4ce651d4
5eec0cf25e71a279cb7d4da09287109ad04cdc63da53f6b6a2b2b41504353515
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/js_PROwe7KaFeBw67Kp-oon6LGlQnDnK87XXYlAbI1ZreE.XuwM8l5x.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-length: 10050
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/js_AUXB-GZh0TdDhyDwitzmhxKwq3ZlbmJA-6BCtzpCDdA.O79OPOyR.descarga
89.46.104.45200 OK 126 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/js_AUXB-GZh0TdDhyDwitzmhxKwq3ZlbmJA-6BCtzpCDdA.O79OPOyR.descarga
IP 89.46.104.45:0
File type Unicode text, UTF-8 text, with very long lines (1220), with CRLF, LF line terminators
Size 126 kB (126341 bytes)
Hash 207600fa9b34bb1125dc911472743a2c
a50a3ddf3fdd14f1f714f4a852834beaf145ac6f
3bbf4e3cec91bcbc69c5203207445c051363ad6d04b5fc28d12e6f738bcf6300
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/js_AUXB-GZh0TdDhyDwitzmhxKwq3ZlbmJA-6BCtzpCDdA.O79OPOyR.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-length: 126341
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/global_icon.svg
89.46.104.45200 OK 824 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/global_icon.svg
IP 89.46.104.45:0
Hash 21474a5e9e9c1874a634f78501e1222f
79d8533689c17bffebbb537da362a8de01338ed1
18e27d51c877542ffd90ff28a278764aecd9980490370a03b583b9b57a21000f
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/global_icon.svg HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/js_lnF-InLBc-6arLiK9IW1lijHp9DoGxykvI0kiS3G_yc.SXCVRcvt.descarga
89.46.104.45200 OK 90 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/js_lnF-InLBc-6arLiK9IW1lijHp9DoGxykvI0kiS3G_yc.SXCVRcvt.descarga
IP 89.46.104.45:0
File type ASCII text, with very long lines (65314), with CRLF, LF line terminators
Hash a24f0ded01d280edb584c9ff106cfc21
a80481e47f9dfdb5fca1ba8217bd2141e62d1940
49709545cbed84ec4c955513088ab75b82ec7133a81d622183f087dd2ffe6f19
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/js_lnF-InLBc-6arLiK9IW1lijHp9DoGxykvI0kiS3G_yc.SXCVRcvt.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-length: 89765
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/js_gJvRRp1GvWOwZVZoQbg5O0ejEDFdLlnsw0k7qCB9akg.KWUeg2AF.descarga
89.46.104.45200 OK 31 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/js_gJvRRp1GvWOwZVZoQbg5O0ejEDFdLlnsw0k7qCB9akg.KWUeg2AF.descarga
IP 89.46.104.45:0
File type Unicode text, UTF-8 text, with very long lines (9117)
Hash de5aeabdd5ee483d97b84154e3c13454
1307d58888d9a2bab0516a10955456965862829d
29651e8360056cc009386ba284146d5c5b17022614097a65fd0bcd4d2890177c
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/js_gJvRRp1GvWOwZVZoQbg5O0ejEDFdLlnsw0k7qCB9akg.KWUeg2AF.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-length: 30875
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.71.202.2101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.71.202.2:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: SNI1Yqq9+p/ZkrTKuXD4jQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: mRBlGeAY5ZRQN8dQqHap2OVZHh4=
www.agenziagema.it/omanpost/auth/css/feedback-web-fetcher_002.html
89.46.104.45200 OK 972 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/feedback-web-fetcher_002.html
IP 89.46.104.45:0
Hash a9e4edf1bee0ba071dbc046ba9813546
4452070e8a548ad0dcea2956162290c67d8e44fc
9d5a50fab007298b36ed29afac0cd393fb431a7703ef9c0477fd53d3a1a4da81
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/feedback-web-fetcher_002.html HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 572c04deeaac1fda553977affd257ffa
852655f52482a21a0ea91be9936444935562e120
32e2733487d2887d3412e4c8a7c312d83a8df7d86623e96ac1f547ee20c45cf1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3790
Cache-Control: max-age=167171
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 20:26:17 GMT
Etag: "6392239e-117"
Expires: Sat, 10 Dec 2022 18:52:28 GMT
Last-Modified: Thu, 08 Dec 2022 17:49:18 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 279
www.agenziagema.it/omanpost/auth/css/css_yhEe2kY1QMIEbzO7NJ-hWQzMcMdPprtZ2Mkm_Hfg-pg.l_5ZkiCBh5Ec.css
89.46.104.45200 OK 495 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_yhEe2kY1QMIEbzO7NJ-hWQzMcMdPprtZ2Mkm_Hfg-pg.l_5ZkiCBh5Ec.css
IP 89.46.104.45:0
Hash 7934921a090d0bf718a86c596e5acaaa
d48eef2e9cbc82744e9a766586cb2db9fff90c46
53e04de8bffb314249570a2b3624e28e181c163cab2e058f3174f9c372ab9391
GET /omanpost/auth/css/css_yhEe2kY1QMIEbzO7NJ-hWQzMcMdPprtZ2Mkm_Hfg-pg.l_5ZkiCBh5Ec.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:15 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0e9eef4ed41ef94e9ea175ad243e294e
b6f83e508270413dabe55e2884b5409ca7978e24
0e741ca8d92717128bca7aed937bca43519a8d20a9d3dd8670da656ad51a695e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 20:26:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/api2/info_2x.png
142.250.74.35200 OK 665 B URL HTTP/2 www.gstatic.com/recaptcha/api2/info_2x.png
IP 142.250.74.35:0
File type PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Hash 07bf314aab04047b9e9a959ee6f63da3
17bef6602672e2fd9956381e01356245144003e5
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee
GET /recaptcha/api2/info_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 665
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Dec 2022 08:12:18 GMT
expires: Thu, 15 Dec 2022 08:12:18 GMT
cache-control: public, max-age=604800
age: 44039
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0e9eef4ed41ef94e9ea175ad243e294e
b6f83e508270413dabe55e2884b5409ca7978e24
0e741ca8d92717128bca7aed937bca43519a8d20a9d3dd8670da656ad51a695e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 20:26:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0e9eef4ed41ef94e9ea175ad243e294e
b6f83e508270413dabe55e2884b5409ca7978e24
0e741ca8d92717128bca7aed937bca43519a8d20a9d3dd8670da656ad51a695e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 20:26:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0e9eef4ed41ef94e9ea175ad243e294e
b6f83e508270413dabe55e2884b5409ca7978e24
0e741ca8d92717128bca7aed937bca43519a8d20a9d3dd8670da656ad51a695e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 20:26:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/api2/refresh_2x.png
142.250.74.35200 OK 600 B URL HTTP/2 www.gstatic.com/recaptcha/api2/refresh_2x.png
IP 142.250.74.35:0
File type PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Hash 0f2a4639b8a4cb30c76e8333c00d30a6
57e273a270bb864970d747c74b3f0a7c8e515b13
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98
GET /recaptcha/api2/refresh_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 600
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 03 Dec 2022 06:57:23 GMT
expires: Sat, 10 Dec 2022 06:57:23 GMT
cache-control: public, max-age=604800
age: 480534
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0e9eef4ed41ef94e9ea175ad243e294e
b6f83e508270413dabe55e2884b5409ca7978e24
0e741ca8d92717128bca7aed937bca43519a8d20a9d3dd8670da656ad51a695e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 20:26:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.agenziagema.it
Connection: keep-alive
Referer: https://www.agenziagema.it/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Dec 2022 16:40:43 GMT
expires: Fri, 08 Dec 2023 16:40:43 GMT
cache-control: public, max-age=31536000
age: 13534
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_dgIg2MFpwH0nWqaoaE6rvWQcqkHchwiYDIwzhZoABD4.eA6l7MTULyDx.css
89.46.104.45200 OK 18 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_dgIg2MFpwH0nWqaoaE6rvWQcqkHchwiYDIwzhZoABD4.eA6l7MTULyDx.css
IP 89.46.104.45:0
Hash ae8d919966c1c8e95b68ea3bb95fa70c
01156923f980fc10ca34362cda6ea46eea8649f6
6e8a50c8d6f27d195a90cd979875d73605f1c5a56724623dcdaedc09bf4e7b95
GET /omanpost/auth/css/css_dgIg2MFpwH0nWqaoaE6rvWQcqkHchwiYDIwzhZoABD4.eA6l7MTULyDx.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/api2/audio_2x.png
142.250.74.35200 OK 530 B URL HTTP/2 www.gstatic.com/recaptcha/api2/audio_2x.png
IP 142.250.74.35:0
File type PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced\012- data
Hash 88e0f42c9fa4f94aa8bcd54d1685c180
5ad9d47a49b82718baa3be88550a0b3350270c42
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992
GET /recaptcha/api2/audio_2x.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 530
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 15:42:32 GMT
expires: Tue, 13 Dec 2022 15:42:32 GMT
cache-control: public, max-age=604800
age: 189825
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0e9eef4ed41ef94e9ea175ad243e294e
b6f83e508270413dabe55e2884b5409ca7978e24
0e741ca8d92717128bca7aed937bca43519a8d20a9d3dd8670da656ad51a695e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 20:26:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 572c04deeaac1fda553977affd257ffa
852655f52482a21a0ea91be9936444935562e120
32e2733487d2887d3412e4c8a7c312d83a8df7d86623e96ac1f547ee20c45cf1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3790
Cache-Control: max-age=167171
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 20:26:17 GMT
Etag: "6392239e-117"
Expires: Sat, 10 Dec 2022 18:52:28 GMT
Last-Modified: Thu, 08 Dec 2022 17:49:18 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c7a5f887bbc7d30b9cfe15163c3d8ddb
21d65790a1d10a06d198b54218365aa474126e1c
2a2e7930f967d947cc5293c95221913e24596773577bbf56ff402db6236bbda1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 20:26:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=AW-671103961
142.250.74.168200 OK 53 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=AW-671103961
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash eceb929b8c359289315af274df07d47c
4ccdad1b6710191fee53ecc23cae6feca42dfd82
4f94610c762776757c756c000de886de5a6599427ccdb5de9437698df2603af8
GET /gtag/js?id=AW-671103961 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 08 Dec 2022 20:26:17 GMT
expires: Thu, 08 Dec 2022 20:26:17 GMT
cache-control: private, max-age=900
last-modified: Thu, 08 Dec 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 52882
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a87cef3a4fb8bdb2095a03622cf2b4ca
75a3d2ac88867bced06040434ade7d6972d3734d
c89b58d9b4ae648052032b27bd7b1151df70f38b9dad69d07e586904de03227a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4988
Cache-Control: max-age=113994
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 20:26:17 GMT
Etag: "63914f37-117"
Expires: Sat, 10 Dec 2022 04:06:11 GMT
Last-Modified: Thu, 08 Dec 2022 02:43:03 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 795e67bdfadc3c890a663080413b56b7
fdefde3befb6aceac3c337c34c8d738f5091908c
8375b55cfc13989b0cf96293b7bead2ce5811a993b3445da1776ca7015c36985
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 20:26:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
api.hubapi.com/hs-script-loader-public/v1/config/adwords/enhanced-conversion-event-settings/json?portalId=3984618
104.17.202.204200 OK 2 B URL HTTP/2 api.hubapi.com/hs-script-loader-public/v1/config/adwords/enhanced-conversion-event-settings/json?portalId=3984618
IP 104.17.202.204:0
File type JSON data\012- , ASCII text, with no line terminators
Hash d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
GET /hs-script-loader-public/v1/config/adwords/enhanced-conversion-event-settings/json?portalId=3984618 HTTP/1.1
Host: api.hubapi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.agenziagema.it
Connection: keep-alive
Referer: https://www.agenziagema.it/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 20:26:17 GMT
content-type: application/json;charset=utf-8
content-length: 2
cf-ray: 77683c328e8b0b39-OSL
access-control-allow-origin: https://www.agenziagema.it
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
cf-cache-status: DYNAMIC
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-max-age: 180
x-hubspot-correlation-id: 2ce5ee1f-a04d-4933-8308-8b9e68fd9397
x-trace: 2B227261A751F2BE11FD4B87DB8640C00FB4C723BA000000000000000000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HrPkPZrY6Wh3wglDdh5jWaU5R7iw8LdREy%2Bi0tzPVs1ZDW77p4D9xdlmrECA5WvMsMSfy7v9AtBEcxgueDSDoVrhIC10jICONsKGMy59DvLwlbEUn2ZGO02tIkpaNBY4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/bframe_002.html
89.46.104.45200 OK 4.7 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/css/bframe_002.html
IP 89.46.104.45:0
Hash f03d198024f2b360b58ca01d8dbd904a
b3d152539e9e34ed53a53e50d472d6bddec27bbe
0d2d167721368d5a91fb3e8c63e7ebae1cc4f4761a3a1bfd5fc693c1b95a1cec
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/bframe_002.html HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:17 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a87cef3a4fb8bdb2095a03622cf2b4ca
75a3d2ac88867bced06040434ade7d6972d3734d
c89b58d9b4ae648052032b27bd7b1151df70f38b9dad69d07e586904de03227a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4988
Cache-Control: max-age=113994
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 20:26:17 GMT
Etag: "63914f37-117"
Expires: Sat, 10 Dec 2022 04:06:11 GMT
Last-Modified: Thu, 08 Dec 2022 02:43:03 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16292
Expires: Fri, 09 Dec 2022 00:57:49 GMT
Date: Thu, 08 Dec 2022 20:26:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16292
Expires: Fri, 09 Dec 2022 00:57:49 GMT
Date: Thu, 08 Dec 2022 20:26:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16292
Expires: Fri, 09 Dec 2022 00:57:49 GMT
Date: Thu, 08 Dec 2022 20:26:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16292
Expires: Fri, 09 Dec 2022 00:57:49 GMT
Date: Thu, 08 Dec 2022 20:26:17 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b87d6543345f73653ed4a49b37d7c959
c4f26846b8b72293368ff16915d49297cf12bbb9
aee6aa42e4b5b83b81f74801ff8f0039fc6d38036f42ee81875813c856cf5eef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8659
x-amzn-requestid: 6f420d07-65d5-4bb2-9f1f-e56025de497b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czFSYFArIAMF46w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911c0f-0a295e5c48228d5806b4f107;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 23:04:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: TSh1BNzzIPhWCfYEiqvQJckSPAyhHobe-HK6msEVeEJ1ruX-_rMSSA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:33:19 GMT
age: 75178
etag: "c4f26846b8b72293368ff16915d49297cf12bbb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbba0eea-a6f1-4374-a9c7-dab84270023b.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbba0eea-a6f1-4374-a9c7-dab84270023b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 24d89b69ba37bf23c5d576aff4063caf
3d46a21b4da571d7e4962e335c18a28ca5f81ecf
09b52cdab278805c6e7282f469a02768ee62fc9ef09a6623a337e3d3aaa446fd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbba0eea-a6f1-4374-a9c7-dab84270023b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7268
x-amzn-requestid: ae5c231c-b1be-498a-a242-e8d641f3fe8e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czFDgEzUoAMFgyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911baf-10f06dc37cac69631c823fd9;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 23:03:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: QSv756DvAzOQnKae5wVg75wrQS6oDGPkfIZka86FNQ2vizBnZ7sIDQ==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:12:45 GMT
age: 76412
etag: "3d46a21b4da571d7e4962e335c18a28ca5f81ecf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F079bc299-d390-4250-a91a-db3c535c9ca3.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F079bc299-d390-4250-a91a-db3c535c9ca3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 98d2cf29c710d25bd2f03ff216fdd369
b8eb2e11f9655f19334befc036f21489a6473827
614c9b4a7ace908c1ef807964709cb292b33b48ce1d81ccbd2959c2c0ee156ac
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F079bc299-d390-4250-a91a-db3c535c9ca3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8351
x-amzn-requestid: 607d07ab-6833-4001-82ed-699ea91f84c9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cvlitFk9oAMFakQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638fb611-3e5f14f833b332647ef7358d;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 21:37:21 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 0w5Usq-LJMNHxw9UrwUqSslSVROXVHTmY_UhSHNaGh4k4xqh-FSa0A==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 14:20:11 GMT
age: 21966
etag: "b8eb2e11f9655f19334befc036f21489a6473827"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9301ee5-df75-4967-a2c7-597f869e557b.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9301ee5-df75-4967-a2c7-597f869e557b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 57be99ac898a37d73f2ba4a24f56248f
04e32eb45581201a6a1863200e4d139df48285e6
a20081b64fc019372843360b15aa3461ec9dd3deb50ab398bca0a5e74d5468c2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9301ee5-df75-4967-a2c7-597f869e557b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12534
x-amzn-requestid: 2a01f2ba-cf3a-4f59-8339-214c66bcc0d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czDbyGTcoAMF_TQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911918-5d3eba8d01e4175a71acc6cd;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 22:52:08 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NoZlZ8WFfOuIbkWaC2pJPJQrWtjzz2gCHJWr-u-nMNYmu8MkTf6_PA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:03:58 GMT
age: 76939
etag: "04e32eb45581201a6a1863200e4d139df48285e6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74e98e03-fa9f-4e56-a8ba-5411568d88c8.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74e98e03-fa9f-4e56-a8ba-5411568d88c8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c408efaa98ac2ce63bb1618368d10c15
a51bbb49ebd862d04eaee465d0a35b22dcd21391
077eb8c8739f527828c71c25a1c3aaae46afead3aac093ec11a6d5488ef2f0ec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74e98e03-fa9f-4e56-a8ba-5411568d88c8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9596
x-amzn-requestid: e5e6ceb2-5bad-4146-a9de-92a859716029
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy3_qH63oAMFfLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639106ca-678bed1b7729b8aa2645688d;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:34:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FsbiyZG0110CEANduIIWuLcxFOxfrV0YPvOSy-ScXFIX1qM6qaOdCg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:21:22 GMT
age: 79495
etag: "a51bbb49ebd862d04eaee465d0a35b22dcd21391"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4119e239-0c3b-4175-bfe0-f5d42729d743.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4119e239-0c3b-4175-bfe0-f5d42729d743.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c94003641bb5a7595e7004f80f95d22
3446450df60d732f9021d5bfd5f5f7c6c870d9ec
4d782dbf94b2163e9bc18028cd0c1a391fdcfcb019f23c4c26ea0b44432039ff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4119e239-0c3b-4175-bfe0-f5d42729d743.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7801
x-amzn-requestid: cb8d5aab-409f-4b39-b498-b1ba84f34e06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czFRNHX4oAMFvoQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911c07-7c6e3bfa3f81082b48f43fa9;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 23:04:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 8QHhEAFHTHd-5UqS1S5qwJj_h4WNfix2CgS4MO4zR_psrzgMP3SZ5g==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:16:35 GMT
age: 76182
etag: "3446450df60d732f9021d5bfd5f5f7c6c870d9ec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b5cba4e1962a1fe17c9021f3e418975a
01293d7e4084011451f7d17936ab2427504cdb1a
ecfe30d3abc32ca9f933303d75b2055642d3c7c8197af08fe2c314394699594b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 20:26:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 451a99fa0db70e6fcb884cf188465944
1a80f1c6970d82a7c1a0108c51dbeadcca74137b
84b78f6ab929967946e8bb2c5f60d1f8b1cdebc30945a7d7f30142610efa2bd7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 20:26:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 451a99fa0db70e6fcb884cf188465944
1a80f1c6970d82a7c1a0108c51dbeadcca74137b
84b78f6ab929967946e8bb2c5f60d1f8b1cdebc30945a7d7f30142610efa2bd7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 20:26:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b5cba4e1962a1fe17c9021f3e418975a
01293d7e4084011451f7d17936ab2427504cdb1a
ecfe30d3abc32ca9f933303d75b2055642d3c7c8197af08fe2c314394699594b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 20:26:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b5cba4e1962a1fe17c9021f3e418975a
01293d7e4084011451f7d17936ab2427504cdb1a
ecfe30d3abc32ca9f933303d75b2055642d3c7c8197af08fe2c314394699594b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 20:26:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/vP4jQKq0YJFzU6e21-BGy3GP/recaptcha__es.js
142.250.74.35200 OK 405 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/vP4jQKq0YJFzU6e21-BGy3GP/recaptcha__es.js
IP 142.250.74.35:0
File type ASCII text, with very long lines (701)
Size 405 kB (404972 bytes)
Hash 4df8d3d42228cdf914485b38699661a4
c19e77cecd5853d5eacba3e6cf2d4a41ec795c56
d2ff2a7ba3820089c745d39bdd1410c1c1371cbb0cb4f8e2bbcbd05174847b48
GET /recaptcha/releases/vP4jQKq0YJFzU6e21-BGy3GP/recaptcha__es.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.agenziagema.it
Connection: keep-alive
Referer: https://www.agenziagema.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 404972
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 12:43:01 GMT
expires: Thu, 07 Dec 2023 12:43:01 GMT
cache-control: public, max-age=31536000
age: 114197
last-modified: Sun, 02 Oct 2022 20:02:07 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 93d648419c48278e9c279e80be3871b6
25c673a22478b069db73ef6b30f03ec5e7ba5d88
d3c5ce89effd7bde82940c577b4aed6ea4357c7e7ab46005134dcd085ce8aef2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 20:26:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/conversion_async.js
142.250.74.164200 OK 15 kB URL HTTP/2 www.google.com/pagead/conversion_async.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (1654)
Hash a230d90d4cbc810710479aa22bf8e7d7
6cf80adbb744cea7f99dceeb4895de23c9f7ad26
291b67426b9fa61219253b7c6ccfe3c85a67ca150de809edb029f1ea3fdbfb97
GET /pagead/conversion_async.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 08 Dec 2022 20:26:18 GMT
expires: Thu, 08 Dec 2022 20:26:18 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 7620521014390440643
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 15183
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.co.ma/pagead/1p-user-list/671103961/?random=1666694441764&cv=11&fst=1666692000000&bg=ffffff&guid=ON&async=1>m=2oaaj0&u_w=1536&u_h=864&frm=0&url=https%3A%2F%2Fwww.omanpost.om%2Far%2Frate-calculator&ref=https%3A%2F%2Fwww.omanpost.om%2Far%2Fnode&tiba=%D8%AD%D8%A7%D8%B3%D8%A8%D8%A9%20%D8%A7%D9%84%D8%B3%D8%B9%D8%B1%20%7C%20Oman%20Post&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4279109453&rmt_tld=1&ipr=y
142.250.74.131200 OK 42 B URL HTTP/2 www.google.co.ma/pagead/1p-user-list/671103961/?random=1666694441764&cv=11&fst=1666692000000&bg=ffffff&guid=ON&async=1>m=2oaaj0&u_w=1536&u_h=864&frm=0&url=https%3A%2F%2Fwww.omanpost.om%2Far%2Frate-calculator&ref=https%3A%2F%2Fwww.omanpost.om%2Far%2Fnode&tiba=%D8%AD%D8%A7%D8%B3%D8%A8%D8%A9%20%D8%A7%D9%84%D8%B3%D8%B9%D8%B1%20%7C%20Oman%20Post&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4279109453&rmt_tld=1&ipr=y
IP 142.250.74.131:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/671103961/?random=1666694441764&cv=11&fst=1666692000000&bg=ffffff&guid=ON&async=1>m=2oaaj0&u_w=1536&u_h=864&frm=0&url=https%3A%2F%2Fwww.omanpost.om%2Far%2Frate-calculator&ref=https%3A%2F%2Fwww.omanpost.om%2Far%2Fnode&tiba=%D8%AD%D8%A7%D8%B3%D8%A8%D8%A9%20%D8%A7%D9%84%D8%B3%D8%B9%D8%B1%20%7C%20Oman%20Post&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4279109453&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.co.ma
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 20:26:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/671103961/?random=1666694441764&cv=11&fst=1666692000000&bg=ffffff&guid=ON&async=1>m=2oaaj0&u_w=1536&u_h=864&frm=0&url=https%3A%2F%2Fwww.omanpost.om%2Far%2Frate-calculator&ref=https%3A%2F%2Fwww.omanpost.om%2Far%2Fnode&tiba=%D8%AD%D8%A7%D8%B3%D8%A8%D8%A9%20%D8%A7%D9%84%D8%B3%D8%B9%D8%B1%20%7C%20Oman%20Post&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4279109453&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/671103961/?random=1666694441764&cv=11&fst=1666692000000&bg=ffffff&guid=ON&async=1>m=2oaaj0&u_w=1536&u_h=864&frm=0&url=https%3A%2F%2Fwww.omanpost.om%2Far%2Frate-calculator&ref=https%3A%2F%2Fwww.omanpost.om%2Far%2Fnode&tiba=%D8%AD%D8%A7%D8%B3%D8%A8%D8%A9%20%D8%A7%D9%84%D8%B3%D8%B9%D8%B1%20%7C%20Oman%20Post&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4279109453&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/671103961/?random=1666694441764&cv=11&fst=1666692000000&bg=ffffff&guid=ON&async=1>m=2oaaj0&u_w=1536&u_h=864&frm=0&url=https%3A%2F%2Fwww.omanpost.om%2Far%2Frate-calculator&ref=https%3A%2F%2Fwww.omanpost.om%2Far%2Fnode&tiba=%D8%AD%D8%A7%D8%B3%D8%A8%D8%A9%20%D8%A7%D9%84%D8%B3%D8%B9%D8%B1%20%7C%20Oman%20Post&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4279109453&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 20:26:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.co.ma/pagead/1p-user-list/671103961/?random=1666698209040&cv=9&fst=1666695600000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=816&u_aw=1536&u_cd=24&u_his=6&u_tz=480&u_java=false&u_nplug=5&u_nmime=2>m=2oaaj0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fomanpost%2Fcard.php&tiba=Oman%20Post&async=1&fmt=3&is_vtc=1&random=3872249285&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.131200 OK 42 B URL HTTP/2 www.google.co.ma/pagead/1p-user-list/671103961/?random=1666698209040&cv=9&fst=1666695600000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=816&u_aw=1536&u_cd=24&u_his=6&u_tz=480&u_java=false&u_nplug=5&u_nmime=2>m=2oaaj0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fomanpost%2Fcard.php&tiba=Oman%20Post&async=1&fmt=3&is_vtc=1&random=3872249285&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.131:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/671103961/?random=1666698209040&cv=9&fst=1666695600000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=816&u_aw=1536&u_cd=24&u_his=6&u_tz=480&u_java=false&u_nplug=5&u_nmime=2>m=2oaaj0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fomanpost%2Fcard.php&tiba=Oman%20Post&async=1&fmt=3&is_vtc=1&random=3872249285&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.co.ma
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 20:26:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/671103961/?random=1666698209040&cv=9&fst=1666695600000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=816&u_aw=1536&u_cd=24&u_his=6&u_tz=480&u_java=false&u_nplug=5&u_nmime=2>m=2oaaj0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fomanpost%2Fcard.php&tiba=Oman%20Post&async=1&fmt=3&is_vtc=1&random=3872249285&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/671103961/?random=1666698209040&cv=9&fst=1666695600000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=816&u_aw=1536&u_cd=24&u_his=6&u_tz=480&u_java=false&u_nplug=5&u_nmime=2>m=2oaaj0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fomanpost%2Fcard.php&tiba=Oman%20Post&async=1&fmt=3&is_vtc=1&random=3872249285&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/671103961/?random=1666698209040&cv=9&fst=1666695600000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=816&u_aw=1536&u_cd=24&u_his=6&u_tz=480&u_java=false&u_nplug=5&u_nmime=2>m=2oaaj0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fomanpost%2Fcard.php&tiba=Oman%20Post&async=1&fmt=3&is_vtc=1&random=3872249285&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 20:26:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 451a99fa0db70e6fcb884cf188465944
1a80f1c6970d82a7c1a0108c51dbeadcca74137b
84b78f6ab929967946e8bb2c5f60d1f8b1cdebc30945a7d7f30142610efa2bd7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 20:26:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a0905812e8498e6c5c0a9b4b584b972f
039b784fd1e0152ec7f49a54ba027f0b2bd1e833
ee3531ef0f334dcd73a86b1e4365a020d5db69ff7b82bad136eaf1a8e9d3b47f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 20:26:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/cairo/v22/SLXVc1nY6HkvangtZmpQdkhzfH5lkSscRiyS.woff2
216.58.207.227200 OK 33 kB URL HTTP/2 fonts.gstatic.com/s/cairo/v22/SLXVc1nY6HkvangtZmpQdkhzfH5lkSscRiyS.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 32960, version 1.0\012- data
Hash 1a5a13ca74a330792699c3d73f0e7f48
4b966cf8054c187937ba7f3ff8214d0082b264c2
114150d4f5a9a671657e7abcb6fea8aea5ba175eff62f04cbaedff3caaabf450
GET /s/cairo/v22/SLXVc1nY6HkvangtZmpQdkhzfH5lkSscRiyS.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.agenziagema.it
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 32960
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 20:47:35 GMT
expires: Wed, 06 Dec 2023 20:47:35 GMT
cache-control: public, max-age=31536000
age: 171523
last-modified: Tue, 08 Nov 2022 19:56:51 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/cairo/v22/SLXVc1nY6HkvangtZmpQdkhzfH5lkSscQyyS4J0.woff2
216.58.207.227200 OK 29 kB URL HTTP/2 fonts.gstatic.com/s/cairo/v22/SLXVc1nY6HkvangtZmpQdkhzfH5lkSscQyyS4J0.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 28952, version 1.0\012- data
Hash d60bcd5d38f577e0890271e12e304396
a34daf52fa7f291630483054e9d3ff1cd92d3107
1770878bf38528dd8db7b74147b6d5e7a5e17192bf1169b6f4cb9ab7f28bd694
GET /s/cairo/v22/SLXVc1nY6HkvangtZmpQdkhzfH5lkSscQyyS4J0.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.agenziagema.it
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28952
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 20:49:47 GMT
expires: Wed, 06 Dec 2023 20:49:47 GMT
cache-control: public, max-age=31536000
age: 171391
last-modified: Tue, 08 Nov 2022 19:57:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/Fonts/Cairo-Bold.woff
89.46.104.45404 Not Found 96 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/Fonts/Cairo-Bold.woff
IP 89.46.104.45:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9594), with CRLF, LF line terminators
Hash 6f3ad2c937a01f00a67e8dc53fd94568
b443a2868dfb9fe2821a36eb434cdc6e01806973
ed87b9d449d15fdd5d74991cd45013a4b5143fbafe3179b624b01d0fcc80213e
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/Fonts/Cairo-Bold.woff HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/css/blue_bot.css
Cookie: _gcl_au=1.1.1044347765.1670531177
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:18 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-origin: https://app.hu-manity.co
access-control-allow-methods: GET
link: <https://www.agenziagema.it/wp-json/>; rel="https://api.w.org/"
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/Fonts/Cairo-SemiBold.woff
89.46.104.45404 Not Found 33 kB URL HTTP/2 www.agenziagema.it/omanpost/auth/Fonts/Cairo-SemiBold.woff
IP 89.46.104.45:0
Hash 57660f93f4951095b3cfc7e81bcc6152
ed94d0a5848b8d75ee160b88543b7eb88649daf7
d3ae34c55885bfa46e56f755b5eb1a61059153ab08a73a05836ff2527319c41c
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/Fonts/Cairo-SemiBold.woff HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/css/blue_bot.css
Cookie: _gcl_au=1.1.1044347765.1670531177
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:18 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-origin: https://app.hu-manity.co
access-control-allow-methods: GET
link: <https://www.agenziagema.it/wp-json/>; rel="https://api.w.org/"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2556512b197b09798af71bea10bb4bbb
23b647aca5f8294ae82fa8cc7e2215ebe3347b60
3b5bd592342d978bcf8919d1a1e2f87295e2e4af5b5b266e6017b7a25725d08d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 20:26:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c221e4deeb8144b7fc354cce5dc563f8
578e9395e2800e2e19bde2a1d49d9501f6aa3364
258bf83c23b05e8bc9b987e849a194b9f81742ee4268f6453a1e88bfaca959f5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 20:26:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/671103961/?random=1670531177498&cv=9&fst=1670529600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oaaj0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.agenziagema.it%2Fomanpost%2Fauth%2Fcard.php&tiba=Oman%20Post&async=1&fmt=3&is_vtc=1&random=653455859&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/671103961/?random=1670531177498&cv=9&fst=1670529600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oaaj0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.agenziagema.it%2Fomanpost%2Fauth%2Fcard.php&tiba=Oman%20Post&async=1&fmt=3&is_vtc=1&random=653455859&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/671103961/?random=1670531177498&cv=9&fst=1670529600000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oaaj0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.agenziagema.it%2Fomanpost%2Fauth%2Fcard.php&tiba=Oman%20Post&async=1&fmt=3&is_vtc=1&random=653455859&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 20:26:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 32d90ff0cc366730c3633c1201b4c058
f4175292b607197a15085e14bf69df301dff6706
b4b2f80fbe9b02f3d54dc35a3738c31a4d7cb5a5e528fcbce50263d8c458231a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 20:26:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.agenziagema.it/omanpost/auth/css/css_IZAuvYHtwa62RyW-QfI9XOQzI9Ql7rei9_ulW9Rd87g.aqSI4W7FpeU4.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_IZAuvYHtwa62RyW-QfI9XOQzI9Ql7rei9_ulW9Rd87g.aqSI4W7FpeU4.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_IZAuvYHtwa62RyW-QfI9XOQzI9Ql7rei9_ulW9Rd87g.aqSI4W7FpeU4.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/fbevents_002.js
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/fbevents_002.js
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/fbevents_002.js HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/IE_Support.js.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/IE_Support.js.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/IE_Support.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/footer_phone.svg
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/footer_phone.svg
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/footer_phone.svg HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/Fonts/Cairo-Regular.woff2
89.46.104.45404 Not Found 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/Fonts/Cairo-Regular.woff2
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/Fonts/Cairo-Regular.woff2 HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/css/blue_bot.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:18 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-origin: https://app.hu-manity.co
access-control-allow-methods: GET
link: <https://www.agenziagema.it/wp-json/>; rel="https://api.w.org/"
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_NlYuldsbnaLXcf3dKOyimQrINDr_ub0SmbMMEd79TSQ.FEwrmWV0ovFg.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_NlYuldsbnaLXcf3dKOyimQrINDr_ub0SmbMMEd79TSQ.FEwrmWV0ovFg.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_NlYuldsbnaLXcf3dKOyimQrINDr_ub0SmbMMEd79TSQ.FEwrmWV0ovFg.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:15 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_Q1K6lLtK2Nwq-2R8XTxmH58HqZFaow1BJLWTIYtxn7Y.NBaa9xsCtF_r.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_Q1K6lLtK2Nwq-2R8XTxmH58HqZFaow1BJLWTIYtxn7Y.NBaa9xsCtF_r.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_Q1K6lLtK2Nwq-2R8XTxmH58HqZFaow1BJLWTIYtxn7Y.NBaa9xsCtF_r.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_ucxQFlXS0b0PBDka9bgwb5tJEo_xfijNcIa6_02DMWs.aUAQ43IqLoV1.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_ucxQFlXS0b0PBDka9bgwb5tJEo_xfijNcIa6_02DMWs.aUAQ43IqLoV1.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_ucxQFlXS0b0PBDka9bgwb5tJEo_xfijNcIa6_02DMWs.aUAQ43IqLoV1.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/feedback-web-fetcher.html
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/feedback-web-fetcher.html
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/feedback-web-fetcher.html HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/botscript.js.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/botscript.js.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/botscript.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/footer_twitter.svg
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/footer_twitter.svg
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/footer_twitter.svg HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/card.php
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/card.php
IP 89.46.104.45:0
Analyzer Verdict Alert openphish Generic/Spear Phishing
fortinet Phishing
GET /omanpost/auth/card.php HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:15 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-servername: ipvsproxy17.ad.aruba.it
x-aruba-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_k0JAibD3ZCwTt24LYbnbS5BzPCdFlPO7VcjrGu4KVaQ.6LZkxwxDz1Qe.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_k0JAibD3ZCwTt24LYbnbS5BzPCdFlPO7VcjrGu4KVaQ.6LZkxwxDz1Qe.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_k0JAibD3ZCwTt24LYbnbS5BzPCdFlPO7VcjrGu4KVaQ.6LZkxwxDz1Qe.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:15 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_Ih7MNLDbJFLNxyIAMZA6AH7GTsj7Ixfg-YNZd5gREBA.PS4GFM-jKabL.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_Ih7MNLDbJFLNxyIAMZA6AH7GTsj7Ixfg-YNZd5gREBA.PS4GFM-jKabL.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_Ih7MNLDbJFLNxyIAMZA6AH7GTsj7Ixfg-YNZd5gREBA.PS4GFM-jKabL.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/chatbot.js.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/chatbot.js.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/chatbot.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_uRaklTL9qw9LkAwudtpTItWV3KiJP8QHWtGM6P7CNk4.2mNgp1qsab5w.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_uRaklTL9qw9LkAwudtpTItWV3KiJP8QHWtGM6P7CNk4.2mNgp1qsab5w.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_uRaklTL9qw9LkAwudtpTItWV3KiJP8QHWtGM6P7CNk4.2mNgp1qsab5w.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_i0JCJIw_hNFirk25N3COBh3WqFTF0ZCxXh5hJxJtPzo.HkEk6qeEy792.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_i0JCJIw_hNFirk25N3COBh3WqFTF0ZCxXh5hJxJtPzo.HkEk6qeEy792.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_i0JCJIw_hNFirk25N3COBh3WqFTF0ZCxXh5hJxJtPzo.HkEk6qeEy792.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_55HfDL_0KdLcPWXl8PtxRl0jwaj5S_5E1xUa_ZYP5B8.J5dXbEp0FdeI.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_55HfDL_0KdLcPWXl8PtxRl0jwaj5S_5E1xUa_ZYP5B8.J5dXbEp0FdeI.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_55HfDL_0KdLcPWXl8PtxRl0jwaj5S_5E1xUa_ZYP5B8.J5dXbEp0FdeI.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_rBIqZVBIuePlh5HcHJagk0J6UraUAUbgK2dWoQXZhoA.oPtwpbQWbqve.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_rBIqZVBIuePlh5HcHJagk0J6UraUAUbgK2dWoQXZhoA.oPtwpbQWbqve.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_rBIqZVBIuePlh5HcHJagk0J6UraUAUbgK2dWoQXZhoA.oPtwpbQWbqve.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_VAR_3WVo2y_cPblOAShdArfPjLoXFETEpXDNoqZrOAI.kj_gNZCcor2I.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_VAR_3WVo2y_cPblOAShdArfPjLoXFETEpXDNoqZrOAI.kj_gNZCcor2I.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_VAR_3WVo2y_cPblOAShdArfPjLoXFETEpXDNoqZrOAI.kj_gNZCcor2I.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/botscript_002.js
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/botscript_002.js
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/botscript_002.js HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/fbevents.js.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/fbevents.js.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/fbevents.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/js
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/js
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/js HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-length: 137370
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
x-aruba-cache: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_2tv6NKd6VcR1N5ldQj4rs1J-vWrmZJAHL2t1_wtWdnc.UlHsmm1_nMVL.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_2tv6NKd6VcR1N5ldQj4rs1J-vWrmZJAHL2t1_wtWdnc.UlHsmm1_nMVL.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_2tv6NKd6VcR1N5ldQj4rs1J-vWrmZJAHL2t1_wtWdnc.UlHsmm1_nMVL.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:15 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_wKgy1R3NftrbXNqjrGCnKPG2MuBS6VO7bNbGOiDkrg0.bFfU211E5qac.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_wKgy1R3NftrbXNqjrGCnKPG2MuBS6VO7bNbGOiDkrg0.bFfU211E5qac.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_wKgy1R3NftrbXNqjrGCnKPG2MuBS6VO7bNbGOiDkrg0.bFfU211E5qac.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/js_DApJ-CnCHwVGU1_I1tKCdhxCQuDgVApVvNoYr0snX94.R8WD32uV.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/js_DApJ-CnCHwVGU1_I1tKCdhxCQuDgVApVvNoYr0snX94.R8WD32uV.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/js_DApJ-CnCHwVGU1_I1tKCdhxCQuDgVApVvNoYr0snX94.R8WD32uV.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-length: 90739
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/jquery.min.js.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/jquery.min.js.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/jquery.min.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/chatbot-main.js.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/chatbot-main.js.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/chatbot-main.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_EVhfUdaVXkvNw9zO4E0QZZiVgpom3xeBjCA2tKx6tFw.TO4rp1q_wfDC.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_EVhfUdaVXkvNw9zO4E0QZZiVgpom3xeBjCA2tKx6tFw.TO4rp1q_wfDC.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_EVhfUdaVXkvNw9zO4E0QZZiVgpom3xeBjCA2tKx6tFw.TO4rp1q_wfDC.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_pxykVoevkIE8NaLJCyFD9DfdVU9BIYAKeCZ4yQ7dUXI.ito4OuPxuz92.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_pxykVoevkIE8NaLJCyFD9DfdVU9BIYAKeCZ4yQ7dUXI.ito4OuPxuz92.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_pxykVoevkIE8NaLJCyFD9DfdVU9BIYAKeCZ4yQ7dUXI.ito4OuPxuz92.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/270278780604412.js
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/270278780604412.js
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/270278780604412.js HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/fbevents.js
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/fbevents.js
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/fbevents.js HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/inAppChatbot.js.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/inAppChatbot.js.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/inAppChatbot.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/f_003.txt
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/f_003.txt
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/f_003.txt HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_1acd1r1BtUbNq-JXtBWBLQjspJ1JdhsJIk5JPUl3KJU.G6s4gPZTzE0A.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_1acd1r1BtUbNq-JXtBWBLQjspJ1JdhsJIk5JPUl3KJU.G6s4gPZTzE0A.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_1acd1r1BtUbNq-JXtBWBLQjspJ1JdhsJIk5JPUl3KJU.G6s4gPZTzE0A.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/botscript.js
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/botscript.js
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/botscript.js HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/mobileforms.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/mobileforms.css
IP 89.46.104.45:0
GET /omanpost/auth/css/mobileforms.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/3984618.js(2).descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/3984618.js(2).descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/3984618.js(2).descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-length: 2553
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_cNsTyM7C3t4TCUEg0VA4PXzn0H6dE6W18zFbGRnQ-f4.afz3aCt3EXZj.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_cNsTyM7C3t4TCUEg0VA4PXzn0H6dE6W18zFbGRnQ-f4.afz3aCt3EXZj.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_cNsTyM7C3t4TCUEg0VA4PXzn0H6dE6W18zFbGRnQ-f4.afz3aCt3EXZj.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_w6uBS_e4lgzCuQI9WJcAU1zogOA0zSwJuUJPu8ixmEI.3A-1R8NGXOfT.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_w6uBS_e4lgzCuQI9WJcAU1zogOA0zSwJuUJPu8ixmEI.3A-1R8NGXOfT.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_w6uBS_e4lgzCuQI9WJcAU1zogOA0zSwJuUJPu8ixmEI.3A-1R8NGXOfT.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/f_004.txt
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/f_004.txt
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/f_004.txt HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_reN1Rf9p6knCpaEWoTA2UV7CylUfuliY_aLstcUPrjE.WxWebvQdu6Hf.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_reN1Rf9p6knCpaEWoTA2UV7CylUfuliY_aLstcUPrjE.WxWebvQdu6Hf.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_reN1Rf9p6knCpaEWoTA2UV7CylUfuliY_aLstcUPrjE.WxWebvQdu6Hf.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/f_002.txt
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/f_002.txt
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/f_002.txt HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/3984618.js.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/3984618.js.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/3984618.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_dUCv1epc8sqnL7z6gQpbGkGEuBUi3xCV8oJMDzYJbiU.TZ3jD0TRVRE7.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_dUCv1epc8sqnL7z6gQpbGkGEuBUi3xCV8oJMDzYJbiU.TZ3jD0TRVRE7.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_dUCv1epc8sqnL7z6gQpbGkGEuBUi3xCV8oJMDzYJbiU.TZ3jD0TRVRE7.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_Jh9H9K9-BJuuoTSVW_nQAGScCSCEvc18d2M8RZl-7gw.CsAauDK4Ec3C.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_Jh9H9K9-BJuuoTSVW_nQAGScCSCEvc18d2M8RZl-7gw.CsAauDK4Ec3C.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_Jh9H9K9-BJuuoTSVW_nQAGScCSCEvc18d2M8RZl-7gw.CsAauDK4Ec3C.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/bot.js.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/bot.js.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/bot.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/facebook_icon.svg
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/facebook_icon.svg
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/facebook_icon.svg HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/Insta_icon.svg
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/Insta_icon.svg
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/Insta_icon.svg HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/footer_facebook.svg
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/footer_facebook.svg
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/footer_facebook.svg HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/footer_insta.svg
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/footer_insta.svg
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/footer_insta.svg HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/fb.js.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/fb.js.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/fb.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/dxa_resources.js.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/dxa_resources.js.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/dxa_resources.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/recaptcha__es_002.js
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/recaptcha__es_002.js
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/recaptcha__es_002.js HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/recaptcha__es.js.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/recaptcha__es.js.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/recaptcha__es.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/enterprise.js
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/enterprise.js
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/enterprise.js HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/enterprise_002.js
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/enterprise_002.js
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/enterprise_002.js HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_PwuFbWcp4hneFLLsQJ6rldRAtwMWYQOx-Ke7UsY30LI.-86xJfTBOGF2.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_PwuFbWcp4hneFLLsQJ6rldRAtwMWYQOx-Ke7UsY30LI.-86xJfTBOGF2.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_PwuFbWcp4hneFLLsQJ6rldRAtwMWYQOx-Ke7UsY30LI.-86xJfTBOGF2.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:15 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_pU0Gutxb3_AkRm1jpb4J2yHFADrn1GC4X6-BiCbp8OU.PcTIl2kX5I0n.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_pU0Gutxb3_AkRm1jpb4J2yHFADrn1GC4X6-BiCbp8OU.PcTIl2kX5I0n.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_pU0Gutxb3_AkRm1jpb4J2yHFADrn1GC4X6-BiCbp8OU.PcTIl2kX5I0n.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_2ZIQEH23X5MiYNnG0xXxF4-mLNnDM1COX_Q2nrLEUNA.BNwR_30OUEkj.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_2ZIQEH23X5MiYNnG0xXxF4-mLNnDM1COX_Q2nrLEUNA.BNwR_30OUEkj.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_2ZIQEH23X5MiYNnG0xXxF4-mLNnDM1COX_Q2nrLEUNA.BNwR_30OUEkj.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/identity.js
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/identity.js
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/identity.js HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/270278780604412_002.js
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/270278780604412_002.js
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/270278780604412_002.js HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/identity.js.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/identity.js.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/identity.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/collectedforms.js.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/collectedforms.js.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/collectedforms.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/blue_bot.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/blue_bot.css
IP 89.46.104.45:0
GET /omanpost/auth/css/blue_bot.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/footer_linkedin.svg
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/footer_linkedin.svg
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/footer_linkedin.svg HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_uAyU8TXfNv4LwU1hWzuVwVsjR1f9QybnN7Z-VbdCWFs.EFBJOYM0AbU5.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_uAyU8TXfNv4LwU1hWzuVwVsjR1f9QybnN7Z-VbdCWFs.EFBJOYM0AbU5.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_uAyU8TXfNv4LwU1hWzuVwVsjR1f9QybnN7Z-VbdCWFs.EFBJOYM0AbU5.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_yJNsQTgR0By4d-QPblBXferxdxtJYAU88Epv43oeQdg.hi19I6QBMCow.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_yJNsQTgR0By4d-QPblBXferxdxtJYAU88Epv43oeQdg.hi19I6QBMCow.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_yJNsQTgR0By4d-QPblBXferxdxtJYAU88Epv43oeQdg.hi19I6QBMCow.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/js_GddGa8yTmcFeolbLW9PNyZ3-33VlzkW_RE7DJ19C-fY.EA-oSuM2.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/js_GddGa8yTmcFeolbLW9PNyZ3-33VlzkW_RE7DJ19C-fY.EA-oSuM2.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/js_GddGa8yTmcFeolbLW9PNyZ3-33VlzkW_RE7DJ19C-fY.EA-oSuM2.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-length: 210057
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
accept-ranges: bytes
x-servername: ipvsproxy17.ad.aruba.it
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_hnNz6IEhVN5_Of7XB76_NjHZmrmv1ZKZxqG2iC0qBgU.NegrY1KQZCBY.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_hnNz6IEhVN5_Of7XB76_NjHZmrmv1ZKZxqG2iC0qBgU.NegrY1KQZCBY.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_hnNz6IEhVN5_Of7XB76_NjHZmrmv1ZKZxqG2iC0qBgU.NegrY1KQZCBY.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:15 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/feedbackweb-new.js.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/feedbackweb-new.js.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/feedbackweb-new.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/recaptcha__es.js
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/recaptcha__es.js
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/recaptcha__es.js HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_FwDU3h2OfEDALY-gMvi0omrPyWfxcOyIQ2svT7Hyzxc.KZBkzzAnxe-r.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_FwDU3h2OfEDALY-gMvi0omrPyWfxcOyIQ2svT7Hyzxc.KZBkzzAnxe-r.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_FwDU3h2OfEDALY-gMvi0omrPyWfxcOyIQ2svT7Hyzxc.KZBkzzAnxe-r.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/linkedin_icon.svg
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/linkedin_icon.svg
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/linkedin_icon.svg HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_O40hGTtRJP6DjoYkOlfNxDvKxMFENQsiy8CAnElvskw.N4jNf-1Zjlwy.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_O40hGTtRJP6DjoYkOlfNxDvKxMFENQsiy8CAnElvskw.N4jNf-1Zjlwy.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_O40hGTtRJP6DjoYkOlfNxDvKxMFENQsiy8CAnElvskw.N4jNf-1Zjlwy.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/mobileforms.js.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/mobileforms.js.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/mobileforms.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/f.txt
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/f.txt
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/f.txt HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/twitter_icon.svg
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/twitter_icon.svg
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/twitter_icon.svg HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css__bho2B3wcqv1KxA6PF89Vchfhlcup6xthhL5g6Nr8mA.jiwRVixNti_K.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css__bho2B3wcqv1KxA6PF89Vchfhlcup6xthhL5g6Nr8mA.jiwRVixNti_K.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css__bho2B3wcqv1KxA6PF89Vchfhlcup6xthhL5g6Nr8mA.jiwRVixNti_K.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/enterprise.js.descarga
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/enterprise.js.descarga
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/enterprise.js.descarga HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_Lv1bP8JXpB3pSNozo4jmOwtgOWK1g_Pvv99cLDR_lLI.un_You6D4HIa.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_Lv1bP8JXpB3pSNozo4jmOwtgOWK1g_Pvv99cLDR_lLI.un_You6D4HIa.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_Lv1bP8JXpB3pSNozo4jmOwtgOWK1g_Pvv99cLDR_lLI.un_You6D4HIa.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_J6dLcwxLPT2uFEuf2TVbXMPFtkZKGxtZV5vaIL-CqGU.mnKAk4O75PvW.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_J6dLcwxLPT2uFEuf2TVbXMPFtkZKGxtZV5vaIL-CqGU.mnKAk4O75PvW.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_J6dLcwxLPT2uFEuf2TVbXMPFtkZKGxtZV5vaIL-CqGU.mnKAk4O75PvW.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_S0CjRkcjky_yJ41Zxhsu2ZTLiUhSpe5oWS0GzXceUiU.D3o9GnDSOeR8.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_S0CjRkcjky_yJ41Zxhsu2ZTLiUhSpe5oWS0GzXceUiU.D3o9GnDSOeR8.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_S0CjRkcjky_yJ41Zxhsu2ZTLiUhSpe5oWS0GzXceUiU.D3o9GnDSOeR8.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_tc1yUQsgxCuzcFlB0TRLx0d3qsmn6yEH-YwlaT9YFaQ.xgycM7ainxkO.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_tc1yUQsgxCuzcFlB0TRLx0d3qsmn6yEH-YwlaT9YFaQ.xgycM7ainxkO.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_tc1yUQsgxCuzcFlB0TRLx0d3qsmn6yEH-YwlaT9YFaQ.xgycM7ainxkO.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/identity_002.js
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/identity_002.js
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/identity_002.js HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:38 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_OHf71oeIOrre6SR138MouAIETLdJCAkllYsqURtmm0A.gN2SiQ6ztc8p.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_OHf71oeIOrre6SR138MouAIETLdJCAkllYsqURtmm0A.gN2SiQ6ztc8p.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_OHf71oeIOrre6SR138MouAIETLdJCAkllYsqURtmm0A.gN2SiQ6ztc8p.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_xcV1VbAOaq_lTLgSuP5q6fpDB9lgw6_ubXm7g_TqGww.oGRZYK3hUnYK.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_xcV1VbAOaq_lTLgSuP5q6fpDB9lgw6_ubXm7g_TqGww.oGRZYK3hUnYK.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_xcV1VbAOaq_lTLgSuP5q6fpDB9lgw6_ubXm7g_TqGww.oGRZYK3hUnYK.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:15 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/css_jHT2a4ztivwTBQu-edcn4JXhTC1kfypKQ2EnmZiNbrw.LmcmpEXQcHAZ.css
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/css_jHT2a4ztivwTBQu-edcn4JXhTC1kfypKQ2EnmZiNbrw.LmcmpEXQcHAZ.css
IP 89.46.104.45:0
GET /omanpost/auth/css/css_jHT2a4ztivwTBQu-edcn4JXhTC1kfypKQ2EnmZiNbrw.LmcmpEXQcHAZ.css HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/css/f_005.txt
89.46.104.45200 OK 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/css/f_005.txt
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/css/f_005.txt HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/card.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:16 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 08 Dec 2022 09:12:37 GMT
x-servername: ipvsproxy17.ad.aruba.it
content-encoding: gzip
X-Firefox-Spdy: h2
www.agenziagema.it/omanpost/auth/Fonts/Cairo-Regular.woff
89.46.104.45404 Not Found 0 B URL HTTP/2 www.agenziagema.it/omanpost/auth/Fonts/Cairo-Regular.woff
IP 89.46.104.45:0
Analyzer Verdict Alert fortinet Phishing
GET /omanpost/auth/Fonts/Cairo-Regular.woff HTTP/1.1
Host: www.agenziagema.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.agenziagema.it/omanpost/auth/css/blue_bot.css
Cookie: _gcl_au=1.1.1044347765.1670531177
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: aruba-proxy
date: Thu, 08 Dec 2022 20:26:18 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-origin: https://app.hu-manity.co
access-control-allow-methods: GET
link: <https://www.agenziagema.it/wp-json/>; rel="https://api.w.org/"
X-Firefox-Spdy: h2