r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4122
Expires: Thu, 02 Feb 2023 19:20:38 GMT
Date: Thu, 02 Feb 2023 18:11:56 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d4e95d0d8982bcd07804baf6fc88231c
5027abda0875bd2529dd4d6691784c74da71a9ee
373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6125
Expires: Thu, 02 Feb 2023 19:54:01 GMT
Date: Thu, 02 Feb 2023 18:11:56 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9a76feabb767086ae0fa54e0ffbf763f
3655d78994a1e9838340669462728b67c8c12e54
bf215ab858c7785b7c01f7d3d437a918f056f00fe9b065820e1cdd09b7bba8f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BF215AB858C7785B7C01F7D3D437A918F056F00FE9B065820E1CDD09B7BBA8F9"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7203
Expires: Thu, 02 Feb 2023 20:11:59 GMT
Date: Thu, 02 Feb 2023 18:11:56 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 02 Feb 2023 17:43:31 GMT
content-type: application/json
age: 1705
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: jjHWRfg9/oGXmuzaHdIbhRjYjDu9VatAvGddih2XA2NADONHokyuazSd58fE+uCck3Co4IGtt+Ck8rPM4Jd0Ug==
x-amz-request-id: 4B9SW80VEBHV7E6E
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 02 Feb 2023 17:52:04 GMT
age: 1192
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 18:11:56 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
jjnmes.ga/sicc-bp-pp/
200 OK 27 kB IP
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3911), with CRLF line terminators
Hash 1dffdeb49fd4a8f44ea5a79e34357751
4ad4b0262bb6cd694e497c7c94c668e7d0b13a38
7b60a062d0d260340bffdf0b58efa1ecffea0ed50d14c62862df6091378fccda
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/ HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:55 GMT
Server: Apache
Set-Cookie: COOKIE_KEY=167536151527; expires=Sun, 30-Jan-2033 18:11:55 GMT; Max-Age=315360000
COOKIE_KEY=167536151517; expires=Sun, 30-Jan-2033 18:11:55 GMT; Max-Age=315360000
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 02 Feb 2023 17:49:05 GMT
age: 1372
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
jjnmes.ga/sicc-bp-pp/css/retina.css
200 OK 54 B URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/retina.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash ab8dd1efc4d35cfc2bd56e4ace43a9c4
c8a6572e9648197bc2fb41d0ad4d34c917d4709c
b9046229b1ec61510b1e34c28da4adf2174e08fd62b30daba49f8616cdb9e9a8
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/retina.css HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:56 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sun, 22 Nov 2020 19:41:24 GMT
Accept-Ranges: bytes
Content-Length: 54
Keep-Alive: timeout=5, max=100
Content-Type: text/css
jjnmes.ga/sicc-bp-pp/css/bootstrap.js
200 OK 69 kB URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/bootstrap.js
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash e3676b6eb90f0f6739c89d56a3efa245
83188f24cfbd8e33b69b23139202c0cf2f390063
31d80f65a2c078aa3ca5051504f29d8986df61f04bc998036527374eef1c286b
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/bootstrap.js HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:56 GMT
Server: Apache
Last-Modified: Sun, 22 Nov 2020 19:41:24 GMT
Accept-Ranges: bytes
Content-Length: 69214
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
jjnmes.ga/sicc-bp-pp/css/megamenu-pi.css
200 OK 27 kB URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/megamenu-pi.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash 15c2836c84b3a4b5e00d26fa1ede141c
d1d8e6910bffc1efa92b4515f510292ee89b4502
eba3a9e033961c3c7da8860e0e446e771c71c7dfa7513e140f08441a31e352e6
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/megamenu-pi.css HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:56 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sun, 22 Nov 2020 20:43:04 GMT
Accept-Ranges: bytes
Content-Length: 26732
Keep-Alive: timeout=5, max=100
Content-Type: text/css
jjnmes.ga/sicc-bp-pp/css/alignment.css
404 Not Found 315 B URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/alignment.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/alignment.css HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 18:11:56 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
jjnmes.ga/sicc-bp-pp/css/custom-form-element.css
200 OK 15 kB URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/custom-form-element.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash ba06ea3eaec30e9987c3c02ecab7d8b5
ba1829220be9e28cfaacc227b2273b3b187c35d1
80ee3a10dd6c0546f059afd992f30961be8496c232939757bc0ed9ce82a7e41d
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/custom-form-element.css HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:56 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sun, 22 Nov 2020 21:03:10 GMT
Accept-Ranges: bytes
Content-Length: 15224
Keep-Alive: timeout=5, max=100
Content-Type: text/css
jjnmes.ga/sicc-bp-pp/css/spaces.css
200 OK 30 kB URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/spaces.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash a0339ef2039b90034b16e341e508b5e8
dab67a84e5a8228a6f9ed90f05b8a7b983912b3c
9fb634a5bbfbee4fc2503595fa18a98142ca8cf0bb29984d065edfeef0006bdd
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/spaces.css HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:56 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sun, 22 Nov 2020 20:23:24 GMT
Accept-Ranges: bytes
Content-Length: 29954
Keep-Alive: timeout=5, max=100
Content-Type: text/css
jjnmes.ga/sicc-bp-pp/css/typography.css
200 OK 5.1 kB URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/typography.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type assembler source, ASCII text
Hash fb76402d854d5f5153d3695f59020d1b
7693cea9ba1533ac58e5fe34f6989f8157d4ec4a
867e8e154140f607aeff52b8269a5736156905a484c71d514df54b5d16569aa8
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/typography.css HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:56 GMT
Server: Apache
Last-Modified: Sun, 22 Nov 2020 19:57:04 GMT
Accept-Ranges: bytes
Content-Length: 5124
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9297
Expires: Thu, 02 Feb 2023 20:46:54 GMT
Date: Thu, 02 Feb 2023 18:11:57 GMT
Connection: keep-alive
jjnmes.ga/sicc-bp-pp/css/widgets.min.css
200 OK 118 kB URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/widgets.min.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (64904)
Size 118 kB (118484 bytes)
Hash 8200d741b70ac374fe409573911d0615
a26eccccc0c45fe15f3012f10985115b4c6a018e
d1a2ff38675a04a2df7488cf9504b849938354ec97676e58bdb6d5e69c3f2640
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/widgets.min.css HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:56 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Sun, 22 Nov 2020 19:41:24 GMT
Accept-Ranges: bytes
Content-Length: 118484
Keep-Alive: timeout=5, max=100
Content-Type: text/css
jjnmes.ga/sicc-bp-pp/css/vex.css
200 OK 2.3 kB URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/vex.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash ccd6f295f9a720bdcf3259538a9aab84
4c0f836eb0ca715107ff1549480d585e7df94ae6
fde68bc921bfacf0a8c23316c92b664cf1ad694efd34a8aaa1d814d97fcf27f8
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/vex.css HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:56 GMT
Server: Apache
Last-Modified: Mon, 26 Feb 2018 00:16:54 GMT
Accept-Ranges: bytes
Content-Length: 2286
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
jjnmes.ga/sicc-bp-pp/css/vex-theme-default.css
200 OK 7.3 kB URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/vex-theme-default.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1266)
Hash 18ed33bd539a3d0c01784c6522003d88
0227f92a82019f26602f681c16349a5515d49b96
93c94da755c23b3b6001fa5888fd7e958c2a63cdb2957ae5f99e45d7be85b1c4
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/vex-theme-default.css HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:56 GMT
Server: Apache
Last-Modified: Mon, 26 Feb 2018 00:16:54 GMT
Accept-Ranges: bytes
Content-Length: 7322
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
jjnmes.ga/sicc-bp-pp/css/vex-theme-os.css
200 OK 7.2 kB URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/vex-theme-os.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1191)
Hash 8a0b5518d18352e7196f4f48bbfdabed
e855260bc2fbca430413e9ad9d18102e259c8e6b
52651a8e503058723e76000a1b9a6d303d52a7d277753d2b93cd6589df505a45
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/vex-theme-os.css HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:56 GMT
Server: Apache
Last-Modified: Mon, 26 Feb 2018 00:16:54 GMT
Accept-Ranges: bytes
Content-Length: 7184
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
jjnmes.ga/sicc-bp-pp/css/vex-theme-plain.css
200 OK 5.8 kB URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/vex-theme-plain.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1236)
Hash fc7131a7c013f1afd6dde558fafabd08
6a0ea299b97e189d451461b09c30c8a7e720eb74
4c179ad9f6becc92e05f0aafc83324d960c196264a20663586939fc7e8c665b5
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/vex-theme-plain.css HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:56 GMT
Server: Apache
Last-Modified: Mon, 26 Feb 2018 00:16:54 GMT
Accept-Ranges: bytes
Content-Length: 5788
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
jjnmes.ga/sicc-bp-pp/css/jquery.min.js
200 OK 97 kB URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/jquery.min.js
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (32077)
Hash 4f252523d4af0b478c810c2547a63e19
5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/jquery.min.js HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:56 GMT
Server: Apache
Last-Modified: Sun, 22 Nov 2020 19:41:24 GMT
Accept-Ranges: bytes
Content-Length: 97163
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
jjnmes.ga/sicc-bp-pp/css/vex-theme-flat-attack.css
200 OK 16 kB URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/vex-theme-flat-attack.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1742)
Hash 38081b97dd9972dbd79dc9ce31edb88f
154a4ae990b457e919e6f9fa3c40778a686ef3c2
53ea4f0f384079ab87ab0298be34aa83911cf1e78ae4a454f792dda5197d2b0b
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/vex-theme-flat-attack.css HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:56 GMT
Server: Apache
Last-Modified: Mon, 26 Feb 2018 00:16:54 GMT
Accept-Ranges: bytes
Content-Length: 15479
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
jjnmes.ga/sicc-bp-pp/css/vex-theme-wireframe.css
200 OK 6.1 kB URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/vex-theme-wireframe.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1296)
Hash 4e0dd429ae9284e934ef4fd1ffce6d6a
8b5f18faf671fe1f5ce3697f0052908d5b785fd8
d9654bf8b7b4a9d33b266a79d9b6d9d8110f8f8f0951b3c9774ea1246040cfa0
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/vex-theme-wireframe.css HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:56 GMT
Server: Apache
Last-Modified: Mon, 26 Feb 2018 00:16:54 GMT
Accept-Ranges: bytes
Content-Length: 6113
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
jjnmes.ga/sicc-bp-pp/css/chat_custom.css
200 OK 1.8 kB URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/chat_custom.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 6a13212de7de8157c803e82ec2730642
f5dbe79de25b7963d552f3d934732b312d1f8268
03c0383589083e98cfd54e0848682a23bb75ef3ea64f80fb13a32962972e396f
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/chat_custom.css HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:56 GMT
Server: Apache
Last-Modified: Sun, 22 Nov 2020 19:41:24 GMT
Accept-Ranges: bytes
Content-Length: 1787
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ufhb6MNllqZyP5RZ8KQb1Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: O+zfcsk81vDH99fgCY68X6Ai+Kg=
jjnmes.ga/sicc-bp-pp/css/vex.combined.js
200 OK 50 kB URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/vex.combined.js
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (865), with CRLF, LF line terminators
Hash 38652b15497d3667bb98bddeda562b98
c76f4960ccd6fff66ed95b96595de33cde1b7907
2d228c7db872def11bebce9c4eae484c690db51310f43a1c0e7940027dbdd69d
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/vex.combined.js HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:56 GMT
Server: Apache
Last-Modified: Mon, 26 Feb 2018 00:16:54 GMT
Accept-Ranges: bytes
Content-Length: 50360
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
jjnmes.ga/sicc-bp-pp/css/owl.carousel.css
404 Not Found 315 B URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/owl.carousel.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/owl.carousel.css HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 18:11:56 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
jjnmes.ga/sicc-bp-pp/css/base.css
200 OK 371 B URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/base.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash 1baa001674d5845406c35d57faef45c1
aaf97874ad9c8fa8bce7e1cb39c77682581391cf
22e9deb3c6783ddb9e7b4a3c55c6ecb43c8a507af17b20a897560933bfc868dd
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/base.css HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:56 GMT
Server: Apache
Last-Modified: Sun, 22 Nov 2020 19:55:54 GMT
Accept-Ranges: bytes
Content-Length: 371
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
jjnmes.ga/sicc-bp-pp/css/ie10-viewport-bug-workaround.js
200 OK 694 B URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/ie10-viewport-bug-workaround.js
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash b5a0dd7ce1f7c1c6b80b5abe13308dd2
6cc4835430ac4ba8845fd02efdb5688166a5ed8a
ce01c41255d7e61cc44e865184559085737a98cf6911ef67f915692152b88852
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/ie10-viewport-bug-workaround.js HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:56 GMT
Server: Apache
Last-Modified: Sun, 22 Nov 2020 19:41:24 GMT
Accept-Ranges: bytes
Content-Length: 694
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
jjnmes.ga/sicc-bp-pp/css/chat_common.css
200 OK 10 kB URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/chat_common.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash ff457808d971d7a7594ba1d8396c6c62
e557bddd4cd4d3370d99a56345b5358d4fc9a36f
e369d0b29e925769a4f6285b5bb076cc73f7863eceedf48b126ab525130fa7cc
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/chat_common.css HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:57 GMT
Server: Apache
Last-Modified: Sun, 22 Nov 2020 19:41:24 GMT
Accept-Ranges: bytes
Content-Length: 10444
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/css
jjnmes.ga/sicc-bp-pp/css/bootstrap.min.css
200 OK 122 kB URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/bootstrap.min.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (64985)
Size 122 kB (122291 bytes)
Hash 6181a38a601eb664522623bae7db95c9
9671b5fc92e27a915769b59bc60bf26fde343d7e
8b922a249c9f81562d99eee24407bf38c7feac74a10dfe712292c0b032144dfa
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/bootstrap.min.css HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:56 GMT
Server: Apache
Last-Modified: Sun, 22 Nov 2020 19:41:24 GMT
Accept-Ranges: bytes
Content-Length: 122291
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
jjnmes.ga/sicc-bp-pp/css/fonts.css
200 OK 3.6 kB URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/fonts.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash 24dd46d8ba446a5d6de304d6f68a0211
0457120b9f6ed56bb57fcab2674c63295d351718
75e72dc2cd106a9d4b7b1553ab494642a3140a62bbfe94a75953e91a6c4e7085
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/fonts.css HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/css/base.css
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:57 GMT
Server: Apache
Last-Modified: Sun, 22 Nov 2020 20:42:40 GMT
Accept-Ranges: bytes
Content-Length: 3569
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
jjnmes.ga/sicc-bp-pp/css/alignment.css
404 Not Found 315 B URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/alignment.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/alignment.css HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/css/base.css
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 404 Not Found
Date: Thu, 02 Feb 2023 18:11:57 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
jjnmes.ga/sicc-bp-pp/css/extra.css
200 OK 5.0 kB URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/extra.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash 86585fd765202060ac95aca7950d7045
52fac7905559ab0efed7eae93906c29cbd41b933
aa8ac66ddf4aae6766e4f31c46bf6afc43fc83f807e1c181b2e9be18e78b0ed1
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/extra.css HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/css/base.css
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:57 GMT
Server: Apache
Last-Modified: Sun, 22 Nov 2020 20:23:42 GMT
Accept-Ranges: bytes
Content-Length: 4992
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css
firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221675361497931%22
200 OK 21 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221675361497931%22
IP
File type JSON data\012- , ASCII text, with very long lines (20973), with no line terminators
Hash a2e6ce4e26d8f52e26e8ea91bb7e7b8a
f65dd965187a0393563bba16817788185fa59a90
edca9dd868fc07f3fa2eaa828704c758b9185ba6729622495490164efc53b000
GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221675361497931%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 20973
via: 1.1 google
date: Thu, 02 Feb 2023 18:11:57 GMT
last-modified: Thu, 02 Feb 2023 18:11:37 GMT
content-type: application/json
age: 1
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
jjnmes.ga/sicc-bp-pp/css/base-element.css
200 OK 211 kB URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/base-element.css
IP
ASN #46606 UNIFIEDLAYER-AS-1
Size 211 kB (210758 bytes)
Hash 65eb49d9c76af53fc058d5e06a0854a3
e89a41690771f2d58dba249a4a7c1b89b730ee86
c44abf62faf4b9c9f12ffb70c209d73d88fff413374b60d58374ccefcca34f84
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/base-element.css HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/css/base.css
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:57 GMT
Server: Apache
Last-Modified: Sun, 22 Nov 2020 20:51:14 GMT
Accept-Ranges: bytes
Content-Length: 210758
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5337
Expires: Thu, 02 Feb 2023 19:40:55 GMT
Date: Thu, 02 Feb 2023 18:11:58 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5337
Expires: Thu, 02 Feb 2023 19:40:55 GMT
Date: Thu, 02 Feb 2023 18:11:58 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5337
Expires: Thu, 02 Feb 2023 19:40:55 GMT
Date: Thu, 02 Feb 2023 18:11:58 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5337
Expires: Thu, 02 Feb 2023 19:40:55 GMT
Date: Thu, 02 Feb 2023 18:11:58 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab614ba-4572-4b54-9079-a26b68b1ece7.jpeg
200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab614ba-4572-4b54-9079-a26b68b1ece7.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6bb5b89e738516f4862491eec286bf6d
8fb46b9ca85f2c578eb2a56d0007859183e12209
7f164a37b675bf39f8473392b07a2a383397da003303965fb190fd4f455bb43b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab614ba-4572-4b54-9079-a26b68b1ece7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15051
x-amzn-requestid: 72a3f2ae-538e-40dc-9496-86c28334ba0d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc6jGTAIAMFy4A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb76-72178ed13a2e70d462785b90;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:54 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CKTfQzCvXa4oL6Lm2n8Rw_9Uhj69YfgpDTP9s0zoaX5qW1vcqWIXDA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:46:26 GMT
age: 73532
etag: "8fb46b9ca85f2c578eb2a56d0007859183e12209"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1675361497931&_since=%221675307251799%22
200 OK 3.5 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1675361497931&_since=%221675307251799%22
IP
File type ASCII text, with very long lines (3492), with no line terminators
Hash 00caaea680b7ef9b82c2e2d3d10fe440
996cabc0c287edf3dcd39bc3ecf1a1e826b36ee4
6962d35b5f36b14fafd9f88c85ad085a319abdf60d6b7a7d0cbac1e5178328f1
GET /v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1675361497931&_since=%221675307251799%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 3492
via: 1.1 google
date: Thu, 02 Feb 2023 18:11:58 GMT
last-modified: Thu, 02 Feb 2023 18:11:38 GMT
content-type: application/json
age: 0
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F496723d4-47ce-49a5-b3b3-9ae546523015.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F496723d4-47ce-49a5-b3b3-9ae546523015.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 395bb0f71f9eba82f5ca23548d08900f
b1fada280c7ea3eb775a6fa46ce173a51eb045f5
7443babb69532e1ee3ee779e05ad4f62de2c5bf62548bcb5702f8290a527664c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F496723d4-47ce-49a5-b3b3-9ae546523015.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11367
x-amzn-requestid: 67702c15-9a68-46ec-95e5-efb57f08e2f1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5OGfBoAMF3Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6e-033182ba55fdd0230ad5a270;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: H1HIK6zdv95V96NxqSfHCqYtDQNPZ9NLAwG5oM5mwRr3nAUR0BPxlg==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:25:11 GMT
age: 71207
etag: "b1fada280c7ea3eb775a6fa46ce173a51eb045f5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85f439bb-b615-43ac-bd20-2466bff7ff50.jpeg
200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85f439bb-b615-43ac-bd20-2466bff7ff50.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d910c24f5a6108cb74103cd70692a703
9fe648fa464e46d16f685aca1704f3414eda4107
5cbe5e571e62555225621440203ae24a3b8c41ac7f49b6b731bc2c94e620797f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85f439bb-b615-43ac-bd20-2466bff7ff50.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5561
x-amzn-requestid: 76ca969b-a840-4d5c-97c1-2dfd93b8f630
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frdKYE3-IAMFqbw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadbdb-2729fe22420bcc0563c39aff;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:38:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: E91BIw8QT3vXXQY8GIPpnRqnTZV4paZ3wynf7UjLnjeIfwS0tiC1Gg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:12:07 GMT
age: 71991
etag: "9fe648fa464e46d16f685aca1704f3414eda4107"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg
200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7c823f1d6bf1c50d58eb263b85e6e37c
a7b74d11494fb3254df907e5cc1eead070d84617
b2706961eb756383e0988dfdb501dc424aea59697aedd1e4a6c294c314a31935
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5356
x-amzn-requestid: fef22c83-35a4-4990-9008-af5853f838d1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5BEB6oAMFczg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6c-68d3017555c069bc3107d150;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XyDZc0F-b0rxwoS5wvSXBuBfYE7JljMmuXseBjLOBk4HvxU5gE7Oqg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:18:55 GMT
age: 71583
etag: "a7b74d11494fb3254df907e5cc1eead070d84617"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg
200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4bb3a6fba496d54cdbbccaf2b9600386
8e30002699e9fbf2047f9ac11a36d2175fc9c591
927bf3a04b011b4e3bc8d8772a3d5813507f7f523312d43627767b64615562f3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15857
x-amzn-requestid: cfe36b9d-34f6-4f3f-896e-e70ec45c4a04
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmJ2JGGWoAMFSLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bcf3-0dd68dd778b9aba268a129b0;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:02:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: C1kqthy0eZop0UZfG3_op5xeBOVGiPLYfia4uS1l4-kchEzV6ccE9w==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 07:28:37 GMT
age: 38601
etag: "8e30002699e9fbf2047f9ac11a36d2175fc9c591"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ff2ba7c-95eb-402b-8e98-e95f8ac322aa.jpeg
200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ff2ba7c-95eb-402b-8e98-e95f8ac322aa.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0f85742f336de59ca88f7f964a8b33f4
0fc7177f8cb06421a8807e93989f651bda743567
fbd5fd39c39c218b0fa956f8cb8050cbdbfcb109a92303f6175d73cc8c339526
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ff2ba7c-95eb-402b-8e98-e95f8ac322aa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8642
x-amzn-requestid: 79840c68-3e99-428d-9c01-9e4a93a34486
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frdUzH1-oAMFiwQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadc1e-5bb93c5126aaff474900da63;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:39:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Mc8C-oesi4njIn2K2f56GKuyt6erRJAqCU-B4InhTD8oIoqo4s5-Fg==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:18:43 GMT
age: 71595
etag: "0fc7177f8cb06421a8807e93989f651bda743567"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: WVx4qLx5kJVC0u2DvjzuKrxTMMpESEGwmstU/6ROh4mudlydWaSe8Lg2/RWqysjN2Un2x6+yeLM=
x-amz-request-id: ZGPVX7B4NQ6Y1KTH
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 02 Feb 2023 17:43:33 GMT
age: 1705
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
jjnmes.ga/sicc-bp-pp/css/empty-profile.png
200 OK 14 kB URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/empty-profile.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash b9688bc3a99692b0da6095ba34f81b38
5be1365646d4d624fbabd5cb0b69406479fdef63
c51a195594d462642c54d42035f153f23048a30abf538e91b119e7dd35e929dd
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/empty-profile.png HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:57 GMT
Server: Apache
Last-Modified: Sun, 22 Nov 2020 19:41:24 GMT
Accept-Ranges: bytes
Content-Length: 13979
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
jjnmes.ga/sicc-bp-pp/css/icone-default-on-/ico-vieni-in-poste-cerca-up.png
200 OK 669 B URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/icone-default-on-/ico-vieni-in-poste-cerca-up.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 25 x 24, 8-bit/color RGBA, interlaced\012- data
Hash c2183ee46d94411a5660f4b8451e2aa1
c85784401fb87e8e7a6a5e07240b23ce5b6ddeeb
f97dc8796d6188136c4f09f80b425be64a2eda69fb9401bf3adf5f383dc34f10
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/icone-default-on-/ico-vieni-in-poste-cerca-up.png HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:57 GMT
Server: Apache
Last-Modified: Sun, 22 Nov 2020 19:41:24 GMT
Accept-Ranges: bytes
Content-Length: 669
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/png
jjnmes.ga/sicc-bp-pp/css/icone-default-on-/ico-chiamaci.png
200 OK 677 B URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/icone-default-on-/ico-chiamaci.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 25 x 24, 8-bit/color RGBA, interlaced\012- data
Hash 793af7b683aa2f83ef13f04b46290a7e
e43f553eb001023d3c05ee896943a9a58e425ccb
4107c25521da5ee37c5d24e380378112c466e5e3d26925e2e296c7783de26f53
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/icone-default-on-/ico-chiamaci.png HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:57 GMT
Server: Apache
Last-Modified: Sun, 22 Nov 2020 19:41:24 GMT
Accept-Ranges: bytes
Content-Length: 677
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png
jjnmes.ga/sicc-bp-pp/css/small-modal-ico-bp-pp.png
200 OK 13 kB URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/small-modal-ico-bp-pp.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 132 x 132, 8-bit/color RGBA, non-interlaced\012- data
Hash 22e37aed1a37a4d10a2c011e969a1337
05d054f563899fffd3ffd4f5cba486c5273d17d9
d4a66d846de1a39c49b3d03f1c4c4d21cd9f5436f362b7a72fd2eb773f6cfaca
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/small-modal-ico-bp-pp.png HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:57 GMT
Server: Apache
Last-Modified: Sun, 22 Nov 2020 19:41:24 GMT
Accept-Ranges: bytes
Content-Length: 12995
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
jjnmes.ga/sicc-bp-pp/css/logo-poste-italiane.png
200 OK 6.2 kB URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/logo-poste-italiane.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 194 x 25, 8-bit/color RGBA, non-interlaced\012- data
Hash 99ffebe9a3e9a00434679344590600e4
496812738522b36587902625b9ea31c973f95c80
4b76e5a6a06f430c4c3c7a801632cf646f4fac8bbe919ff14938396abb08ae0f
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/logo-poste-italiane.png HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:57 GMT
Server: Apache
Last-Modified: Sun, 22 Nov 2020 19:41:24 GMT
Accept-Ranges: bytes
Content-Length: 6189
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png
jjnmes.ga/sicc-bp-pp/logo-posteid.png
200 OK 8.1 kB URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/logo-posteid.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 170 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 513a7ca24dfd5959091166869efc71cc
85acaab94b209c5882b6a9e44bb314cb5f88c072
64a42f338dfeb8a8d96426afc134df194afce1dcf0fb9771e02905b8e366103a
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/logo-posteid.png HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:57 GMT
Server: Apache
Last-Modified: Mon, 28 Mar 2022 16:40:12 GMT
Accept-Ranges: bytes
Content-Length: 8121
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png
jjnmes.ga/sicc-bp-pp/css/css/Texta-Book.woff
200 OK 32 kB URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/css/Texta-Book.woff
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format, TrueType, length 32412, version 1.0\012- data
Hash e49b4a99e99a162382c9135468cdff61
6fe7b52d7195d20e9d8ad05d4068dd87ddaeff76
0fa4aee030662ed700dc5cb2e13e52b85fb1254a195d9ab0a1a10d79e645c8f8
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/css/Texta-Book.woff HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/css/fonts.css
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:58 GMT
Server: Apache
Last-Modified: Sun, 22 Nov 2020 20:39:58 GMT
Accept-Ranges: bytes
Content-Length: 32412
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: font/woff
jjnmes.ga/sicc-bp-pp/css/css/Texta-Medium.woff
200 OK 43 kB URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/css/Texta-Medium.woff
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format, TrueType, length 42625, version 0.0\012- data
Hash 05ac52aa95e057f4ba3c11da929ce76c
69952f8cd9ff8ae31c5884ac8ef25b8382814e8d
c9ec1880670e2c45729106c55f29fc40cd0a089f3ae54a560d369d151bb9f4fe
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/css/Texta-Medium.woff HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/css/fonts.css
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:58 GMT
Server: Apache
Last-Modified: Sun, 22 Nov 2020 20:26:24 GMT
Accept-Ranges: bytes
Content-Length: 42625
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: font/woff
jjnmes.ga/sicc-bp-pp/css/eye.png
200 OK 645 B URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/eye.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 24 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 5dfd11f759177ca66df6bfb649fa131c
8151b051d99d5988a9761adcc40089bfb20f5576
5931ba755c44c364f074f95a904536fb4076da4e44c811a1934c5fff735c39c4
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/eye.png HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:58 GMT
Server: Apache
Last-Modified: Sun, 22 Nov 2020 20:53:18 GMT
Accept-Ranges: bytes
Content-Length: 645
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png
jjnmes.ga/sicc-bp-pp/css/logo-poste-italiane-medium.png
200 OK 5.2 kB URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/logo-poste-italiane-medium.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 128 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 9cd2e2f9fc86184757f36a95393cd362
24917b0e502b63c8c79d99f02d4de6a47653cbd1
d26cdfa4e4c99bcd4d99047beff09a62f8e0c955654b7a4968acf1ebdc293cb8
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/logo-poste-italiane-medium.png HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:58 GMT
Server: Apache
Last-Modified: Sun, 22 Nov 2020 19:41:24 GMT
Accept-Ranges: bytes
Content-Length: 5213
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/png
jjnmes.ga/sicc-bp-pp/css/icone-default-on-/ico-scrivici.png
200 OK 630 B URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/icone-default-on-/ico-scrivici.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 25 x 24, 8-bit/color RGBA, interlaced\012- data
Hash e08dd2c986ffe801621f2d483838dca8
555a41c4815de5a71bda66ab8698743c60c3cd1d
9ff77f4a96667c4c35e7572f597b733d13f34396c8d5d4c9fac1d61da11c35f0
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/icone-default-on-/ico-scrivici.png HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:58 GMT
Server: Apache
Last-Modified: Sun, 22 Nov 2020 19:41:24 GMT
Accept-Ranges: bytes
Content-Length: 630
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/png
jjnmes.ga/sicc-bp-pp/css/spinner_giallo.gif
200 OK 34 kB URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/spinner_giallo.gif
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type GIF image data, version 89a, 150 x 150\012- data
Hash 442d51dab3205cf4c81de67e4bafdbda
52726f8f87116bd1fd03e9d99c0bb22afd168937
ea638c8244c7a5cc50e617807b1fc35637430f976e8210ef3d560a5eb059e5f5
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/spinner_giallo.gif HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:58 GMT
Server: Apache
Last-Modified: Sun, 22 Nov 2020 19:41:24 GMT
Accept-Ranges: bytes
Content-Length: 33869
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/gif
jjnmes.ga/sicc-bp-pp/css/css/Texta-Regular.woff
200 OK 40 kB URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/css/css/Texta-Regular.woff
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format, TrueType, length 40366, version 0.0\012- data
Hash b1973e88a012bd03608e39ae736b15a2
11caaa6e08d8c9494af464f3c29092f24c672806
ec14a0be40ca7c2085058395e27b35acae6b8c0d66e4d9d65d2e3c1b5d23efeb
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/css/css/Texta-Regular.woff HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/css/fonts.css
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:58 GMT
Server: Apache
Last-Modified: Sun, 22 Nov 2020 20:26:34 GMT
Accept-Ranges: bytes
Content-Length: 40366
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: font/woff
jjnmes.ga/sicc-bp-pp/favicon.ico
200 OK 1.2 kB URL HTTP/1.1 jjnmes.ga/sicc-bp-pp/favicon.ico
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash bfd48a05b759784bc8ec28c00b95a92e
818738af3aac6ecad4cf040a6244036bb1ef9876
4fe3e0f7740e66c5da79ec34db624238cadbff0cf00696f46bf56f0cf0082db8
Analyzer Verdict Alert urlquery phishing Phishing - Poste Italiane
urlquery phishing Phishing - Poste Italiane
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /sicc-bp-pp/favicon.ico HTTP/1.1
Host: jjnmes.ga
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://jjnmes.ga/sicc-bp-pp/
Cookie: COOKIE_KEY=167536151517
HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 18:11:58 GMT
Server: Apache
Last-Modified: Sun, 22 Nov 2020 19:57:38 GMT
Accept-Ranges: bytes
Content-Length: 1150
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: image/x-icon
162.240.17.225
23.33.119.27