Report - 12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/?view=login&appIdKey=fcd00c0656cc490&country=

Report Overview

Submitted URL
12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/?view=login&appIdKey=fcd00c0656cc490&country=
IP
63.250.43.9
ASN
#22612 NAMECHEAP-NET
Submitted
2022-10-24 09:40:09
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
30

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-10T05:10:04Z	2.6 kB	58 kB	34.120.237.76
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-10T05:10:00Z	758 B	2.8 kB	143.204.55.115
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-10T05:12:35Z	401 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-10T05:10:00Z	321 B	229 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-10T05:10:02Z	594 B	127 B	35.162.110.205
12telstclients14-be070d.ingress-baronn.ewp.live	unknown	2022-10-23T06:30:59Z	2023-03-05T06:39:52Z	13 kB	232 kB	63.250.43.9
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-10T05:09:10Z	2.3 kB	6.2 kB	23.36.76.226
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-10T10:17:57Z	328 B	963 B	172.64.155.188
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-10T13:49:44Z	329 B	796 B	93.184.220.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-10-24	medium	12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/font/TelstraAkkuratWeb-Light.woff	Phishing
2022-10-24	medium	12telstclients14-be070d.ingress-baronn.ewp.live/myaccount/static-content/css/font/td-original-icons.woff	Phishing
2022-10-24	medium	12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/assets/TelstraAkkurat-Bold.woff	Phishing
2022-10-24	medium	12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/font/TelstraAkkuratWeb-Light.woff	Phishing
2022-10-24	medium	12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/font/TelstraAkkuratWeb-Light.ttf	Phishing
2022-10-24	medium	12telstclients14-be070d.ingress-baronn.ewp.live/myaccount/static-content/css/font/td-original-icons.ttf	Phishing
2022-10-24	medium	12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/assets/TelstraAkkurat-Bold.ttf	Phishing
2022-10-24	medium	12telstclients14-be070d.ingress-baronn.ewp.live/myaccount/static-content/css/font/TelstraAkkuratWeb-Light.woff	Phishing
2022-10-24	medium	12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/font/TelstraAkkurat-Bold.woff	Phishing
2022-10-24	medium	12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/font/Akkurat.woff	Phishing
2022-10-24	medium	12telstclients14-be070d.ingress-baronn.ewp.live/myaccount/static-content/css/font/TelstraAkkuratWeb-Light.ttf	Phishing
2022-10-24	medium	12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/font/Akkurat.woff	Phishing
2022-10-24	medium	12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/font/TelstraAkkurat-Bold.ttf	Phishing
2022-10-24	medium	12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/font/Akkurat.ttf	Phishing
2022-10-24	medium	12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/font/Akkurat.ttf	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (0)

HTTP Transactions (41)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b3537658770790ad6cf0d727f0c0acd2
8365cadda05ef27b2ebd627d545e31886b512bde
df992311f130f15459739841de925c7eec2604d5a68ca6b2a67b6dc8d229212c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF992311F130F15459739841DE925C7EEC2604D5A68CA6B2A67B6DC8D229212C"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3031
Expires: Mon, 24 Oct 2022 10:30:28 GMT
Date: Mon, 24 Oct 2022 09:39:57 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.115

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bdb8b66c705a7b996496d780f50c00b5
403ae92039fcc933870f51f913f78ccaf9652256
c923ed2539f4ce9f4d43743c402fbb2060a52a4cbedbf14c5f5742ab718073d6

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 24 Oct 2022 08:52:56 GMT
Expires: Mon, 24 Oct 2022 08:53:53 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: A7jhCCdgohboVXJR5qfCq4mb8fNgan58L-WiKgeHDlqpYS6U3AMCNg==
Age: 2821

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ae56efd62a0d9249d98573172eb8b28b
5ff4e9959be677ad76c26ca73f9ef4feb9fa2f28
82d9ee4948fce839f7edb1f8490c4213cded3912464a4169b0bf6a61278694bd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "82D9EE4948FCE839F7EDB1F8490C4213CDED3912464A4169B0BF6A61278694BD"
Last-Modified: Sat, 22 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11339
Expires: Mon, 24 Oct 2022 12:48:56 GMT
Date: Mon, 24 Oct 2022 09:39:57 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: /XS77L0HnnGDDyXZZvZsZW8xtWMF/UkUPHl7KjJikrvUo83NDB8aQtU7yqyHnRg/rz7UfjRfxZg=
x-amz-request-id: QKQTHSWFVX2WYS8C
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 24 Oct 2022 09:08:27 GMT
age: 1890
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 24 Oct 2022 09:39:58 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
079cd18da8a3208de6de3d32aeb40fd1
9557eeaabe4857efbe9a4066c436f3243f852b07
25b198244a5a66bf1a6c17f9bddf3ac44c819457b089104fb6277535eef5d57d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 24 Oct 2022 09:39:58 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 22 Oct 2022 22:30:14 GMT
Expires: Sat, 29 Oct 2022 22:30:13 GMT
Etag: "9557eeaabe4857efbe9a4066c436f3243f852b07"
Cache-Control: max-age=477614,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75f1bf900d8cfab8-OSL

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.115

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Mon, 24 Oct 2022 09:33:32 GMT
Cache-Control: max-age=3600
Expires: Mon, 24 Oct 2022 09:54:14 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: nGZqFokC54jrz-qNao3ramziTWZ0CKTEp7KMjOzpmJNZ119rBoR-TQ==
Age: 386

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
60d5d7cce6c32a6bdaf0d4c92ec93a1a
cd29edee660366b41749cfd206bdc08fb421449c
fb90c4cc44b32e4ca4a7d1533bbf4a2fd5c482dda5d232f1be2334f3cefbbb0e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5697
Cache-Control: max-age=86502
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 09:39:58 GMT
Etag: "6354f613-1d7"
Expires: Tue, 25 Oct 2022 09:41:40 GMT
Last-Modified: Sun, 23 Oct 2022 08:06:43 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

35.162.110.205

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.162.110.205:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: WifSALXdCYW7NBsDz1juJA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: xJhLAPGecGFJFa3OeAn2PW57SBU=

12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/log1.css

63.250.43.9

200 OK

80 kB

URL HTTP/2
12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/log1.css
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (464), with CRLF line terminators
Size
80 kB (79500 bytes)
Hash
bdf839db3924607c2f246a162808ee36
8ba9defbccd547069dcf86d089bb75436e0f1f15
95131f5e53e2c4360370e9d30f463772f7e5aaf471b470c9ea049e01a141a831

HTTP Headers

GET /client/telestraclient/manage/src/log1.css HTTP/1.1
Host: 12telstclients14-be070d.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/?view=login&appIdKey=fcd00c0656cc490&country=
Connection: keep-alive
Cookie: idiomaCorreos=es_ES
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 14:09:56 GMT
content-type: text/css
last-modified: Sun, 23 Oct 2022 02:22:22 GMT
vary: Accept-Encoding
etag: W/"6354a55e-707f8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 70202
x-cache: HIT
accept-ranges: bytes
content-length: 79500
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/log2.css

63.250.43.9

200 OK

95 kB

URL HTTP/2
12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/log2.css
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (310), with CRLF line terminators
Size
95 kB (94744 bytes)
Hash
583e2787be9ec4ca8ffe941f3a3ee1ab
9b2fb78be566b97393c33828259555ed0759e134
cee32c7d8ab2417d14892072f13f6033614b2561e1c72ce2143ee502503fd5a1

HTTP Headers

GET /client/telestraclient/manage/src/log2.css HTTP/1.1
Host: 12telstclients14-be070d.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/?view=login&appIdKey=fcd00c0656cc490&country=
Connection: keep-alive
Cookie: idiomaCorreos=es_ES
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 14:09:56 GMT
content-type: text/css
last-modified: Sun, 23 Oct 2022 02:22:22 GMT
vary: Accept-Encoding
etag: W/"6354a55e-cd5da"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 70202
x-cache: HIT
accept-ranges: bytes
content-length: 94744
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/log.css

63.250.43.9

200 OK

8.3 kB

URL HTTP/2
12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/log.css
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with CRLF line terminators
Size
8.3 kB (8328 bytes)
Hash
9f1b46a743b817cd2f8ccf0112061947
e101d41ce47787ac526e70313b4e42b88defebde
a9301c2ff0a85789877981fbaf3d299bff553c7ac872b0ebe4a2fda9484b9cf8

HTTP Headers

GET /client/telestraclient/manage/src/log.css HTTP/1.1
Host: 12telstclients14-be070d.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/?view=login&appIdKey=fcd00c0656cc490&country=
Connection: keep-alive
Cookie: idiomaCorreos=es_ES
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 14:09:56 GMT
content-type: text/css
last-modified: Sun, 23 Oct 2022 02:22:22 GMT
vary: Accept-Encoding
etag: W/"6354a55e-b97f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 70202
x-cache: HIT
accept-ranges: bytes
content-length: 8328
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/log3.css

63.250.43.9

200 OK

18 kB

URL HTTP/2
12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/log3.css
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (4168), with CRLF line terminators
Size
18 kB (18226 bytes)
Hash
9a10b69716374723d2fceb94f97697fd
a80829fdd229f45a5b55baa4d641dc5f58690ba6
9a7bb3665d537ebd3afcb65515455f3a65c3cc6800cee762350472f88f66ac72

HTTP Headers

GET /client/telestraclient/manage/src/log3.css HTTP/1.1
Host: 12telstclients14-be070d.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/?view=login&appIdKey=fcd00c0656cc490&country=
Connection: keep-alive
Cookie: idiomaCorreos=es_ES
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 14:09:56 GMT
content-type: text/css
last-modified: Sun, 23 Oct 2022 02:22:22 GMT
vary: Accept-Encoding
etag: W/"6354a55e-1be2a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
x-cacheable: YES
age: 70202
x-cache: HIT
accept-ranges: bytes
content-length: 18226
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

12telstclients14-be070d.ingress-baronn.ewp.live/favicon.ico

63.250.43.9

204 No Content

0 B

URL HTTP/2
12telstclients14-be070d.ingress-baronn.ewp.live/favicon.ico
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 12telstclients14-be070d.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/?view=login&appIdKey=fcd00c0656cc490&country=
Connection: keep-alive
Cookie: idiomaCorreos=es_ES
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Sun, 23 Oct 2022 14:09:57 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-type: image/png
age: 70202
x-cache: HIT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/font/TelstraAkkuratWeb-Light.woff

63.250.43.9

404 Not Found

146 B

URL HTTP/2
12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/font/TelstraAkkuratWeb-Light.woff
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /client/telestraclient/manage/src/font/TelstraAkkuratWeb-Light.woff HTTP/1.1
Host: 12telstclients14-be070d.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/log3.css
Cookie: idiomaCorreos=es_ES
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Mon, 24 Oct 2022 09:39:59 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

12telstclients14-be070d.ingress-baronn.ewp.live/myaccount/static-content/css/font/td-original-icons.woff

63.250.43.9

404 Not Found

146 B

URL HTTP/2
12telstclients14-be070d.ingress-baronn.ewp.live/myaccount/static-content/css/font/td-original-icons.woff
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /myaccount/static-content/css/font/td-original-icons.woff HTTP/1.1
Host: 12telstclients14-be070d.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/log1.css
Cookie: idiomaCorreos=es_ES
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Mon, 24 Oct 2022 09:39:59 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/assets/TelstraAkkurat-Bold.woff

63.250.43.9

404 Not Found

146 B

URL HTTP/2
12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/assets/TelstraAkkurat-Bold.woff
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /client/telestraclient/manage/src/assets/TelstraAkkurat-Bold.woff HTTP/1.1
Host: 12telstclients14-be070d.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/login.css
Cookie: idiomaCorreos=es_ES
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Mon, 24 Oct 2022 09:39:59 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/font/TelstraAkkuratWeb-Light.woff

63.250.43.9

404 Not Found

146 B

URL HTTP/2
12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/font/TelstraAkkuratWeb-Light.woff
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /client/telestraclient/manage/src/font/TelstraAkkuratWeb-Light.woff HTTP/1.1
Host: 12telstclients14-be070d.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/log3.css
Cookie: idiomaCorreos=es_ES
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Mon, 24 Oct 2022 09:39:59 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/font/TelstraAkkuratWeb-Light.ttf

63.250.43.9

404 Not Found

146 B

URL HTTP/2
12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/font/TelstraAkkuratWeb-Light.ttf
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /client/telestraclient/manage/src/font/TelstraAkkuratWeb-Light.ttf HTTP/1.1
Host: 12telstclients14-be070d.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/log3.css
Cookie: idiomaCorreos=es_ES
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Mon, 24 Oct 2022 09:39:59 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

12telstclients14-be070d.ingress-baronn.ewp.live/myaccount/static-content/css/font/td-original-icons.ttf

63.250.43.9

404 Not Found

146 B

URL HTTP/2
12telstclients14-be070d.ingress-baronn.ewp.live/myaccount/static-content/css/font/td-original-icons.ttf
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /myaccount/static-content/css/font/td-original-icons.ttf HTTP/1.1
Host: 12telstclients14-be070d.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/log1.css
Cookie: idiomaCorreos=es_ES
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Mon, 24 Oct 2022 09:39:59 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/assets/TelstraAkkurat-Bold.ttf

63.250.43.9

404 Not Found

146 B

URL HTTP/2
12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/assets/TelstraAkkurat-Bold.ttf
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /client/telestraclient/manage/src/assets/TelstraAkkurat-Bold.ttf HTTP/1.1
Host: 12telstclients14-be070d.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/login.css
Cookie: idiomaCorreos=es_ES
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Mon, 24 Oct 2022 09:39:59 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

12telstclients14-be070d.ingress-baronn.ewp.live/myaccount/static-content/css/font/TelstraAkkuratWeb-Light.woff

63.250.43.9

404 Not Found

146 B

URL HTTP/2
12telstclients14-be070d.ingress-baronn.ewp.live/myaccount/static-content/css/font/TelstraAkkuratWeb-Light.woff
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /myaccount/static-content/css/font/TelstraAkkuratWeb-Light.woff HTTP/1.1
Host: 12telstclients14-be070d.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/log1.css
Cookie: idiomaCorreos=es_ES
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Mon, 24 Oct 2022 09:39:59 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/font/TelstraAkkurat-Bold.woff

63.250.43.9

404 Not Found

146 B

URL HTTP/2
12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/font/TelstraAkkurat-Bold.woff
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /client/telestraclient/manage/src/font/TelstraAkkurat-Bold.woff HTTP/1.1
Host: 12telstclients14-be070d.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/log3.css
Cookie: idiomaCorreos=es_ES
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Mon, 24 Oct 2022 09:39:59 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/font/Akkurat.woff

63.250.43.9

404 Not Found

146 B

URL HTTP/2
12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/font/Akkurat.woff
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /client/telestraclient/manage/src/font/Akkurat.woff HTTP/1.1
Host: 12telstclients14-be070d.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/login.css
Cookie: idiomaCorreos=es_ES
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Mon, 24 Oct 2022 09:40:00 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
398e3c90084d7d71fc1e9fd833116f5f
3e202da5559a8f219144adee3639d063a98559c0
724547db3ed9f1779308e9dd6604664e6ffa3580ca076fbdc1dfb1b75591bba4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3903
Expires: Mon, 24 Oct 2022 10:45:03 GMT
Date: Mon, 24 Oct 2022 09:40:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
398e3c90084d7d71fc1e9fd833116f5f
3e202da5559a8f219144adee3639d063a98559c0
724547db3ed9f1779308e9dd6604664e6ffa3580ca076fbdc1dfb1b75591bba4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3903
Expires: Mon, 24 Oct 2022 10:45:03 GMT
Date: Mon, 24 Oct 2022 09:40:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
398e3c90084d7d71fc1e9fd833116f5f
3e202da5559a8f219144adee3639d063a98559c0
724547db3ed9f1779308e9dd6604664e6ffa3580ca076fbdc1dfb1b75591bba4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3903
Expires: Mon, 24 Oct 2022 10:45:03 GMT
Date: Mon, 24 Oct 2022 09:40:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
398e3c90084d7d71fc1e9fd833116f5f
3e202da5559a8f219144adee3639d063a98559c0
724547db3ed9f1779308e9dd6604664e6ffa3580ca076fbdc1dfb1b75591bba4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3903
Expires: Mon, 24 Oct 2022 10:45:03 GMT
Date: Mon, 24 Oct 2022 09:40:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
398e3c90084d7d71fc1e9fd833116f5f
3e202da5559a8f219144adee3639d063a98559c0
724547db3ed9f1779308e9dd6604664e6ffa3580ca076fbdc1dfb1b75591bba4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3903
Expires: Mon, 24 Oct 2022 10:45:03 GMT
Date: Mon, 24 Oct 2022 09:40:00 GMT
Connection: keep-alive

12telstclients14-be070d.ingress-baronn.ewp.live/myaccount/static-content/css/font/TelstraAkkuratWeb-Light.ttf

63.250.43.9

404 Not Found

146 B

URL HTTP/2
12telstclients14-be070d.ingress-baronn.ewp.live/myaccount/static-content/css/font/TelstraAkkuratWeb-Light.ttf
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /myaccount/static-content/css/font/TelstraAkkuratWeb-Light.ttf HTTP/1.1
Host: 12telstclients14-be070d.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/log1.css
Cookie: idiomaCorreos=es_ES
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Mon, 24 Oct 2022 09:40:00 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3257320-582a-498d-9e0c-531ea65fbbe0.jpeg

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3257320-582a-498d-9e0c-531ea65fbbe0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 772-513, spot sensor temperature 0.000000, unit celsius, color scheme 1, calibration: offset 0.000000, slope 241254190455726276608.000000\012- data
Size
14 kB (13962 bytes)
Hash
88436497b6fe5e22155afc45e9e8fe3e
5004575548d76d878a7f27bb3fc4a9a10e8f6909
304c2388dd96c82582d490cd473174b11eac53bf408a29ed78e23d77139ef243

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3257320-582a-498d-9e0c-531ea65fbbe0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13962
x-amzn-requestid: 84f8b505-da9d-421c-b00a-3d6407aac332
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelDQETqoAMFwxw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b547-566c7abb12b09a565be85833;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:42:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: N-R8_VOQSIhikiT-qqPi0ABMoZnr234hdcdinyzBath9A8M6aUZ37A==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 21:54:05 GMT
age: 42355
etag: "5004575548d76d878a7f27bb3fc4a9a10e8f6909"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F456d7d5b-fd41-4fa5-8e9e-d89e82b0dc48.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (8953 bytes)
Hash
7ad00d9f89cc4d7f29fd53f89b4545f3
c4dbc6b4b8b9cf4f8868ddc060ee731cf43153d7
6d8e82f5aced08627c83945bc8f011bbaea66789427624baaef5104858472ea2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F456d7d5b-fd41-4fa5-8e9e-d89e82b0dc48.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8953
x-amzn-requestid: 5085f7ea-72de-43e0-a670-d221fc6af736
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelBzHcPIAMFpqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b53e-1c4bfd5c56b0af173eb43001;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:42:22 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: pCvtOb9B5beB4xJFbTvDQxO37bcXmPVCAwUOw7hOZLHTe_W-ii4T6Q==
via: 1.1 7dcaa43cd0535d889b549e6a30a57aa0.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 22:35:31 GMT
etag: "c4dbc6b4b8b9cf4f8868ddc060ee731cf43153d7"
content-type: image/jpeg
age: 39869
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13985f97-93f1-44be-8be0-92fb128d3c51.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11927 bytes)
Hash
5516af00c2c5dcb5a8c873b6f61ea0df
088236fab64197c530ba85242bf798f13669179e
c7a99982b8af0e2b28bab9cf5b24fc75b50ae172d5c529efec9161c7d436ff90

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13985f97-93f1-44be-8be0-92fb128d3c51.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11927
x-amzn-requestid: 78067be5-c9cf-4ee0-a5b0-86fd32baca38
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelCxGiFIAMFWHw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b544-5df3064a5b15f2ee370e4016;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:42:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: tzYdJmmDsOLwZBBJ2z_RXL17am3WgRC372zZQ3Va8hBlsEC5bLvjdw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 21:46:36 GMT
age: 42804
etag: "088236fab64197c530ba85242bf798f13669179e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3c8789d-73b5-42b5-8b99-9a20d2d75944.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.9 kB (7889 bytes)
Hash
e1bb8b1b400a1ae9d33c235e6a338c4b
834ac948f07711ed1dfe30ed365ab6c68967d932
1ef29fa4db7b8a00df3a0df1494aa41f8737664828695a4294e3ec8c9e5711e4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3c8789d-73b5-42b5-8b99-9a20d2d75944.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7889
x-amzn-requestid: d26a99e5-9968-4201-b15d-56b77bea6493
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aWA8qHTXoAMF-3A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63524850-3487dcfd713681d230056e2a;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 07:20:48 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: p6NHphNbTUfxXeo6h5srWFVAa7W3f1EUFm4uBUU9yc-wsYrHB7e1DA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 08:34:45 GMT
age: 3915
etag: "834ac948f07711ed1dfe30ed365ab6c68967d932"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/login.css

63.250.43.9

200 OK

21 kB

URL HTTP/2
12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/login.css
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
data
Size
21 kB (21241 bytes)
Hash
b66134f6292dd188e34c205cd87a350e
26f084dcfc99684a001123484bec17cff83a2402
f820997188ffed98b97ae6d27674212b4eb3fdc346cddb578b38b3c15b14bfe3

HTTP Headers

GET /client/telestraclient/manage/src/login.css HTTP/1.1
Host: 12telstclients14-be070d.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/?view=login&appIdKey=fcd00c0656cc490&country=
Connection: keep-alive
Cookie: idiomaCorreos=es_ES
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 24 Oct 2022 09:39:58 GMT
content-type: text/css
last-modified: Sun, 23 Oct 2022 02:22:22 GMT
vary: Accept-Encoding
etag: W/"6354a55e-139ae"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
content-encoding: gzip
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F21cfb8fe-4b68-43f0-a196-17c9a1dd3acb.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10072 bytes)
Hash
af3d4b4d16ad8b30805be96afa6472e3
bceb257123711c43994e5a03e9caf22eeee16423
30d7fea8d87522ce3ba2abf2c47e0025af1b7c05d6b4ea9f26aaa1f06aff4a67

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F21cfb8fe-4b68-43f0-a196-17c9a1dd3acb.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10072
x-amzn-requestid: 2f26fcdb-0540-49ea-be46-83c00182fcc3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelB0FKvoAMFVFg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b53e-1be524647e3db4a211e4c4ff;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:42:22 GMT
x-amz-cf-pop: SEA73-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 28s2Fwd7CYJpmy57dsIok6owygvyqng_WwlfbKApRjznSlULtnSJqw==
via: 1.1 e77661e211afe9242e85e573f12d5534.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 21:56:12 GMT
age: 42228
etag: "bceb257123711c43994e5a03e9caf22eeee16423"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/font/Akkurat.woff

63.250.43.9

404 Not Found

146 B

URL HTTP/2
12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/font/Akkurat.woff
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /client/telestraclient/manage/src/font/Akkurat.woff HTTP/1.1
Host: 12telstclients14-be070d.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/log3.css
Cookie: idiomaCorreos=es_ES
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Mon, 24 Oct 2022 09:40:00 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/font/TelstraAkkurat-Bold.ttf

63.250.43.9

404 Not Found

146 B

URL HTTP/2
12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/font/TelstraAkkurat-Bold.ttf
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /client/telestraclient/manage/src/font/TelstraAkkurat-Bold.ttf HTTP/1.1
Host: 12telstclients14-be070d.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/log3.css
Cookie: idiomaCorreos=es_ES
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Mon, 24 Oct 2022 09:40:00 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/font/Akkurat.ttf

63.250.43.9

404 Not Found

146 B

URL HTTP/2
12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/font/Akkurat.ttf
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /client/telestraclient/manage/src/font/Akkurat.ttf HTTP/1.1
Host: 12telstclients14-be070d.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/login.css
Cookie: idiomaCorreos=es_ES
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Mon, 24 Oct 2022 09:40:00 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/font/Akkurat.ttf

63.250.43.9

404 Not Found

146 B

URL HTTP/2
12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/font/Akkurat.ttf
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /client/telestraclient/manage/src/font/Akkurat.ttf HTTP/1.1
Host: 12telstclients14-be070d.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/src/log3.css
Cookie: idiomaCorreos=es_ES
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Mon, 24 Oct 2022 09:40:00 GMT
content-type: text/html
content-length: 146
age: 0
x-cache: MISS
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/?view=login&appIdKey=fcd00c0656cc490&country=

63.250.43.9

200 OK

0 B

URL HTTP/2
12telstclients14-be070d.ingress-baronn.ewp.live/client/telestraclient/manage/?view=login&appIdKey=fcd00c0656cc490&country=
IP
63.250.43.9:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /client/telestraclient/manage/?view=login&appIdKey=fcd00c0656cc490&country= HTTP/1.1
Host: 12telstclients14-be070d.ingress-baronn.ewp.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: idiomaCorreos=es_ES
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx
date: Mon, 24 Oct 2022 09:39:58 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: public
referrer-policy: strict-origin-when-cross-origin
content-encoding: gzip
age: 0
x-cache: MISS
accept-ranges: bytes
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (0)

HTTP Transactions (41)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size