r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aabe410b4bbe4d8beb0e4561d3aa158e
e1788632902ddea62cdd9e7ad6009a75ffb69788
ad535e27b201e92670770b2b868c58f7c05633ec66490a41ef4592f062834c1f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AD535E27B201E92670770B2B868C58F7C05633EC66490A41EF4592F062834C1F"
Last-Modified: Wed, 09 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12348
Expires: Wed, 09 Nov 2022 19:31:49 GMT
Date: Wed, 09 Nov 2022 16:06:01 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4c6e4047ec266b87485610e26a85bb6f
cd543757597609d7309d02652318359078a965c2
d8aff7a24f3274782b4f41d6dbd181ba817f5a562d992a3a82966481c91f8a90
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1392
Cache-Control: max-age=154095
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 16:06:01 GMT
Etag: "636b8168-1d7"
Expires: Fri, 11 Nov 2022 10:54:16 GMT
Last-Modified: Wed, 09 Nov 2022 10:31:04 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2b57492bf85f4ae6abbd1641b17dc9ab
008e71ec05d47bf025ca64e17da2ea1bd8e71111
17894427c471f7fa02ca274795dc55df1bfc99d7bd83f9ee36249394035110fd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17894427C471F7FA02CA274795DC55DF1BFC99D7BD83F9EE36249394035110FD"
Last-Modified: Wed, 09 Nov 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8312
Expires: Wed, 09 Nov 2022 18:24:33 GMT
Date: Wed, 09 Nov 2022 16:06:01 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4c6e4047ec266b87485610e26a85bb6f
cd543757597609d7309d02652318359078a965c2
d8aff7a24f3274782b4f41d6dbd181ba817f5a562d992a3a82966481c91f8a90
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1392
Cache-Control: max-age=154095
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 16:06:01 GMT
Etag: "636b8168-1d7"
Expires: Fri, 11 Nov 2022 10:54:16 GMT
Last-Modified: Wed, 09 Nov 2022 10:31:04 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ZR76fM/CjtQ47uoOatkblJqlj5RL63c8HHZfA/cc3DZVWIhHrWb7jhcUlmZnwOP3/W2ocXr7b9Y=
x-amz-request-id: QDJ8K9YFBBSADZQ7
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 09 Nov 2022 15:49:02 GMT
age: 1019
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 09 Nov 2022 16:06:01 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
i0.wp.com/www.biketrial.si/wp-content/uploads/2020/10/Posta-Slovenije-Logo.jpg?resize=980%2C320&ssl=1
192.0.77.2200 OK 15 kB URL HTTP/2 i0.wp.com/www.biketrial.si/wp-content/uploads/2020/10/Posta-Slovenije-Logo.jpg?resize=980%2C320&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 980x320, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 6bf3a4e51b6015a9913c69422004bf87
050c340990fba3a0f7a5f587a71da271e8107a3d
ea115da8229def74f887f70220d744ade9fba051998b9d40017d7b8faaf21130
GET /www.biketrial.si/wp-content/uploads/2020/10/Posta-Slovenije-Logo.jpg?resize=980%2C320&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gurbetfm.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 09 Nov 2022 16:06:01 GMT
content-type: image/webp
content-length: 15402
last-modified: Thu, 27 Oct 2022 04:03:45 GMT
expires: Sat, 26 Oct 2024 16:03:45 GMT
cache-control: public, max-age=63115200
link: <https://www.biketrial.si/wp-content/uploads/2020/10/Posta-Slovenije-Logo.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "c6eb12f0788fb576"
vary: Accept
x-nc: HIT arn 7
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash dee3039809fc2026852697eaa005560c
f4f6b76cf09e0a9e756ab6b9b8be26cb6e15b2c7
8091750102499bbd5d92ea3e89cf364e833df30e186963d67a0d66a13751ef8a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 16:06:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.jsdelivr.net/gh/killbot-org/Killbot-JS@latest/dist/main.min.js
151.101.85.229200 OK 1.2 kB URL HTTP/2 cdn.jsdelivr.net/gh/killbot-org/Killbot-JS@latest/dist/main.min.js
IP 151.101.85.229:0
File type ASCII text, with very long lines (2400)
Hash 00d8e4bf35e3ecfb78d1e8a64284059b
560445b7f347a8945bcb2073767fa8593dbef22d
8f2a3c4a3919454b2578b5bbadc9b8f135d5e12ce37e717a6010d808d40a1a05
GET /gh/killbot-org/Killbot-JS@latest/dist/main.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gurbetfm.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: master
x-jsd-version-type: branch
etag: W/"a7c-kmbumraAtj1yBda8Zbl2dRPRYqU"
content-encoding: gzip
accept-ranges: bytes
date: Wed, 09 Nov 2022 16:06:01 GMT
age: 2692
x-served-by: cache-fra-eddf8230107-FRA, cache-bma1625-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1167
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js
142.250.74.164200 OK 555 B URL HTTP/2 www.google.com/recaptcha/api.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (850), with no line terminators
Hash d28d984f39b355bcd90fe9981627ebe8
d88dfa6c97c64015900132845da36b028c90f98d
4b4f811bbc74311f8f6ae9180029819d9673200d06045fd58a11164bfdac5560
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gurbetfm.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Wed, 09 Nov 2022 16:06:01 GMT
date: Wed, 09 Nov 2022 16:06:01 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 555
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.21.226:0
Hash f7d883bf5cab2b98dbbaf4f667b14c0e
37d4ec5b11b7d9da3e23b655ff9defe58cc4f791
872640e6e6d5308b2754f34a9ebf5ed196765c24c6f016100424dd1736203804
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 09 Nov 2022 16:06:01 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "60E9F8F4235A565C9B041177B0D7904DE8BBC198"
Expires: Thu, 10 Nov 2022 02:00:00 GMT
Last-Modified: Wed, 09 Nov 2022 14:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 3016
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7677cb1349330b49-OSL
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 5c4c9c21e826ed9dd1520ac96dea393c
106bc7d84ae02a77a4006f2cae1cf7b5093d36c0
1201a34924da1af919077623ac06926d89f890b33b843d30e1e129fee007783f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 16:06:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gurbetfm.net/.posta-si/oo_files/loading.css
46.31.79.18200 OK 31 kB URL HTTP/2 gurbetfm.net/.posta-si/oo_files/loading.css
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 9642ba5245eb3c9189bcf8f2e031afc8
b76da6174fbf8ab960ec3db229c446fe5198b69e
8bb25ba425d107d14e7e7284c355122bc4cfefc34686116983cb92b6b78cfebd
GET /.posta-si/oo_files/loading.css HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gurbetfm.net/.posta-si/
Cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=31536000, public
expires: Wed, 16 Nov 2022 16:06:01 GMT
content-type: text/css
last-modified: Fri, 24 Jun 2022 18:28:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 31403
date: Wed, 09 Nov 2022 16:06:01 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
gurbetfm.net/.posta-si/oo_files/images/PFDinDisplayPro-Regular.840952ed9468a2c7444f89b6f748e734.woff2
46.31.79.18302 Found 681 B URL HTTP/2 gurbetfm.net/.posta-si/oo_files/images/PFDinDisplayPro-Regular.840952ed9468a2c7444f89b6f748e734.woff2
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash bd86fd629a5a134239668827ad08ea3b
d57b4d848f90f21301d1a17e26d4f195db83ee12
f996e7bfd10c1faa5c8c8232e11e22e3b4c1bf4f2f39fc80a9a1d42fdee182f6
Analyzer Verdict Alert fortinet Phishing
GET /.posta-si/oo_files/images/PFDinDisplayPro-Regular.840952ed9468a2c7444f89b6f748e734.woff2 HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://gurbetfm.net/.posta-si/oo_files/loading.css
Cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
content-type: text/html
content-length: 681
date: Wed, 09 Nov 2022 16:06:01 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
location: https://www.GurbetFM.net/404.html
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
gurbetfm.net/.posta-si/oo_files/images/PFDinDisplayPro-Light.23cdddacd0d56977093551f2faea9a13.woff2
46.31.79.18302 Found 681 B URL HTTP/2 gurbetfm.net/.posta-si/oo_files/images/PFDinDisplayPro-Light.23cdddacd0d56977093551f2faea9a13.woff2
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash bd86fd629a5a134239668827ad08ea3b
d57b4d848f90f21301d1a17e26d4f195db83ee12
f996e7bfd10c1faa5c8c8232e11e22e3b4c1bf4f2f39fc80a9a1d42fdee182f6
Analyzer Verdict Alert fortinet Phishing
GET /.posta-si/oo_files/images/PFDinDisplayPro-Light.23cdddacd0d56977093551f2faea9a13.woff2 HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://gurbetfm.net/.posta-si/oo_files/loading.css
Cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
content-type: text/html
content-length: 681
date: Wed, 09 Nov 2022 16:06:01 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
location: https://www.GurbetFM.net/404.html
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 8ac21b3208ded8bfb8c5a4b97c765b0e
98077ba4f869b62d3de3657edb6ed6ffeb877089
392e83c999991e926c152082131478138a95fc4bf0945060783c95ad590f1f46
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=149793
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 16:06:01 GMT
Etag: "636b760a-116"
Expires: Fri, 11 Nov 2022 09:42:34 GMT
Last-Modified: Wed, 09 Nov 2022 09:42:34 GMT
Server: nginx
Content-Length: 278
www.gurbetfm.net/404.html
46.31.79.18200 OK 510 B URL HTTP/2 www.gurbetfm.net/404.html
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ISO-8859 text
Hash 1c3c480eb3655ac4df050a7b8ca2004b
562fa6c36c757ef37e33fc31b3476424d83704a3
d450a6d7c94508a5a731b4118a02668a106859336b24d173dcbfb303a1279f90
Analyzer Verdict Alert fortinet Phishing
GET /404.html HTTP/1.1
Host: www.gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gurbetfm.net
Referer: https://gurbetfm.net/
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
content-type: text/html
last-modified: Mon, 07 Nov 2022 11:02:48 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 510
date: Wed, 09 Nov 2022 16:06:01 GMT
server: LiteSpeed
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-23=":443"; ma=2592000, h3-24=":443"; ma=2592000
X-Firefox-Spdy: h2
gurbetfm.net/.posta-si/oo_files/images/PFDinDisplayPro-Regular.21be48ba435316c8a4cd39438cd89083.woff
46.31.79.18302 Found 681 B URL HTTP/2 gurbetfm.net/.posta-si/oo_files/images/PFDinDisplayPro-Regular.21be48ba435316c8a4cd39438cd89083.woff
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash bd86fd629a5a134239668827ad08ea3b
d57b4d848f90f21301d1a17e26d4f195db83ee12
f996e7bfd10c1faa5c8c8232e11e22e3b4c1bf4f2f39fc80a9a1d42fdee182f6
Analyzer Verdict Alert fortinet Phishing
GET /.posta-si/oo_files/images/PFDinDisplayPro-Regular.21be48ba435316c8a4cd39438cd89083.woff HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://gurbetfm.net/.posta-si/oo_files/loading.css
Cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
content-type: text/html
content-length: 681
date: Wed, 09 Nov 2022 16:06:02 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
location: https://www.GurbetFM.net/404.html
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
gurbetfm.net/.posta-si/oo_files/images/PFDinDisplayPro-Light.9a5171a196de11651813859c360f195f.woff
46.31.79.18302 Found 681 B URL HTTP/2 gurbetfm.net/.posta-si/oo_files/images/PFDinDisplayPro-Light.9a5171a196de11651813859c360f195f.woff
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash bd86fd629a5a134239668827ad08ea3b
d57b4d848f90f21301d1a17e26d4f195db83ee12
f996e7bfd10c1faa5c8c8232e11e22e3b4c1bf4f2f39fc80a9a1d42fdee182f6
Analyzer Verdict Alert fortinet Phishing
GET /.posta-si/oo_files/images/PFDinDisplayPro-Light.9a5171a196de11651813859c360f195f.woff HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://gurbetfm.net/.posta-si/oo_files/loading.css
Cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
content-type: text/html
content-length: 681
date: Wed, 09 Nov 2022 16:06:02 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
location: https://www.GurbetFM.net/404.html
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c59d06092401e375df491b06ee8e6dbc
2e27b8ff7c08a5349e27969bc2a08e5e19d0c1da
23ee4ab633fcf67dc5d4d1931450e365cec8d436ef1f9ba5f46b6bab974724c4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6112
Cache-Control: max-age=153759
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 16:06:02 GMT
Etag: "636b6da9-1d7"
Expires: Fri, 11 Nov 2022 10:48:41 GMT
Last-Modified: Wed, 09 Nov 2022 09:06:49 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 4dc4a177d25f666a9ba1cf6225354467
8975f2e5cc9cadc4a1e369da45471eb1f0830c5e
6c9e54a13abc265cac7bdee51c6fa49e5e7590fec7a1cc99096c384dabef31be
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 16:06:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/Ixi5IiChXmIG6rRkjUa1qXHT/recaptcha__en.js
142.250.74.163200 OK 162 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/Ixi5IiChXmIG6rRkjUa1qXHT/recaptcha__en.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (590)
Size 162 kB (162282 bytes)
Hash 05e06c50dab6f3d7f8bfde22301888db
64b3c20c788d298a672fabf9627eac914d95ed08
95176711feca1110e764a31e36764d5b331b033ed56fb372b42250329b33e1d6
GET /recaptcha/releases/Ixi5IiChXmIG6rRkjUa1qXHT/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gurbetfm.net
Connection: keep-alive
Referer: https://gurbetfm.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162282
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 07 Nov 2022 15:58:35 GMT
expires: Tue, 07 Nov 2023 15:58:35 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 31 Oct 2022 04:02:45 GMT
content-type: text/javascript
age: 173247
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
push.services.mozilla.com/
34.215.107.141101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.215.107.141:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: jm+OR6qc8MEKB8ON11j04Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: TXaAdTxMMPigTGlvkWM2mtVmNG0=
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 6557f1e57e8da70d2e1061be418f9256
aa28e9891183af5eca7f52fd727bca921e17a680
5306a3a9fbcd8ad30054bc4e4da4d5dd882b3664493d8421471832f2b067dc1f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4661
Cache-Control: max-age=124261
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 16:06:02 GMT
Etag: "636b001a-1d7"
Expires: Fri, 11 Nov 2022 02:37:03 GMT
Last-Modified: Wed, 09 Nov 2022 01:19:22 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
en.posta.si/Style%20Library/PostaSI/img/favicon.ico
193.243.140.72200 OK 1.2 kB URL HTTP/1.1 en.posta.si/Style%20Library/PostaSI/img/favicon.ico
IP 193.243.140.72:0
ASN #28682 Posta Slovenije, d.o.o.
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 45aa48748a220dd53f067db47ea22d28
98eb69bb6ac88097debe6f4c158d2b2a045611fe
64f78ba3a1f9be5d58c0533a64bb5f0c936525a1374437f966bc236256e19032
GET /Style%20Library/PostaSI/img/favicon.ico HTTP/1.1
Host: en.posta.si
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gurbetfm.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Length: 1150
Date: Wed, 09 Nov 2022 16:06:01 GMT
Content-Type: image/x-icon
ETag: "{B2D3A9B4-1CAE-414F-9B25-0A28483C5045},1pub"
Server: Microsoft-IIS/8.0
Accept-Ranges: bytes
Cache-Control: public, max-age=2592000
Last-Modified: Mon, 14 Mar 2022 12:13:09 GMT
X-AspNet-Version: 4.0.30319
SPRequestGuid: 10f576a0-7e4b-0049-019c-491486f4019f
request-id: 10f576a0-7e4b-0049-019c-491486f4019f
X-FRAME-OPTIONS: SAMEORIGIN
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 15.0.0.4927
X-Content-Type-Options: nosniff
X-MS-InvokeApp: 1; RequireReadOnly
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 8ac21b3208ded8bfb8c5a4b97c765b0e
98077ba4f869b62d3de3657edb6ed6ffeb877089
392e83c999991e926c152082131478138a95fc4bf0945060783c95ad590f1f46
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: max-age=149793
Content-Type: application/ocsp-response
Date: Wed, 09 Nov 2022 16:06:02 GMT
Etag: "636b760a-116"
Expires: Fri, 11 Nov 2022 09:42:35 GMT
Last-Modified: Wed, 09 Nov 2022 09:42:34 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 278
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 05 Nov 2022 12:31:58 GMT
expires: Sun, 05 Nov 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 358444
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Nov 2022 21:46:16 GMT
expires: Fri, 03 Nov 2023 21:46:16 GMT
cache-control: public, max-age=31536000
age: 497986
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b6e55fb9c16b8ec503ca6fb935f650f
1e392159765235158a218248677dc21c46bc4f42
89cc50a881ff8fae94b7bfa2732d133df59bae06680f6d2147281ee7bf8ab00b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89CC50A881FF8FAE94B7BFA2732D133DF59BAE06680F6D2147281EE7BF8AB00B"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9184
Expires: Wed, 09 Nov 2022 18:39:07 GMT
Date: Wed, 09 Nov 2022 16:06:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b6e55fb9c16b8ec503ca6fb935f650f
1e392159765235158a218248677dc21c46bc4f42
89cc50a881ff8fae94b7bfa2732d133df59bae06680f6d2147281ee7bf8ab00b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89CC50A881FF8FAE94B7BFA2732D133DF59BAE06680F6D2147281EE7BF8AB00B"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9184
Expires: Wed, 09 Nov 2022 18:39:07 GMT
Date: Wed, 09 Nov 2022 16:06:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b6e55fb9c16b8ec503ca6fb935f650f
1e392159765235158a218248677dc21c46bc4f42
89cc50a881ff8fae94b7bfa2732d133df59bae06680f6d2147281ee7bf8ab00b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89CC50A881FF8FAE94B7BFA2732D133DF59BAE06680F6D2147281EE7BF8AB00B"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9184
Expires: Wed, 09 Nov 2022 18:39:07 GMT
Date: Wed, 09 Nov 2022 16:06:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b6e55fb9c16b8ec503ca6fb935f650f
1e392159765235158a218248677dc21c46bc4f42
89cc50a881ff8fae94b7bfa2732d133df59bae06680f6d2147281ee7bf8ab00b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89CC50A881FF8FAE94B7BFA2732D133DF59BAE06680F6D2147281EE7BF8AB00B"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9184
Expires: Wed, 09 Nov 2022 18:39:07 GMT
Date: Wed, 09 Nov 2022 16:06:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b6e55fb9c16b8ec503ca6fb935f650f
1e392159765235158a218248677dc21c46bc4f42
89cc50a881ff8fae94b7bfa2732d133df59bae06680f6d2147281ee7bf8ab00b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89CC50A881FF8FAE94B7BFA2732D133DF59BAE06680F6D2147281EE7BF8AB00B"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9184
Expires: Wed, 09 Nov 2022 18:39:07 GMT
Date: Wed, 09 Nov 2022 16:06:03 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F609c6c88-4535-488a-8bf4-de0e93b9ae31.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F609c6c88-4535-488a-8bf4-de0e93b9ae31.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 86ec3f22045de1a100eccf27d91593ae
e26769d82108f89057b05096061f1276d34e223a
b863d19ab12945922b4d014c517f5ffe349cefe2bbe1c2f16661371f22378cbd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F609c6c88-4535-488a-8bf4-de0e93b9ae31.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10822
x-amzn-requestid: 1b1e2dfc-4096-45cf-adb3-58f0b1d614bc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bEAXHFhroAMF_Zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364adc6-7b94977b4143970a48bc1857;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 06:14:30 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: vzUPLMO4CDywKUQvQ9gbltVLYlNher7ZTXYC9A00LfwycdEmG7m9wg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 04:21:46 GMT
age: 42257
etag: "e26769d82108f89057b05096061f1276d34e223a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8786d2a2-d21a-4bb6-916d-7fce27ea08f2.jpeg
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8786d2a2-d21a-4bb6-916d-7fce27ea08f2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 39446652ee66d20bd73df20f1a29589c
349ea78f3ad0f2f7376ba22e417226b2e06806d7
655a00944a319ba167e99b43055044cb18bc48d53605ff0d1b6c8b1ba8ee8237
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8786d2a2-d21a-4bb6-916d-7fce27ea08f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4737
x-amzn-requestid: 3e45e647-43a6-43bf-b011-366e3899b400
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bQAvEEr7IAMF_JQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63697b2d-76f4e8dc345994823ef9ce4d;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 21:39:57 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: tgUANh-QVW5J4xKViYY6NCQYFLJBjXYoEupDzvKa2UJ9TZ-sBclIPQ==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 21:56:11 GMT
age: 65392
etag: "349ea78f3ad0f2f7376ba22e417226b2e06806d7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84109408-bbc7-4166-8974-df4b4fbbf1c1.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84109408-bbc7-4166-8974-df4b4fbbf1c1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 11ef1d34ac2d42662fe53fc58c882fdf
16f1e048895ed1ee0c0c071e3939e741113e4969
61c42bae12654cf9bd1e7ca0f616164ff4139dc470fb6c1033176374444d6bda
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F84109408-bbc7-4166-8974-df4b4fbbf1c1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6272
x-amzn-requestid: 7287a2fe-853d-497f-a63e-1d521dd5326e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bG3dSGEIIAMF7Kg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6365d2bb-4c6803ad2d4ea46e68abd386;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 03:04:27 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: LDFjqTNKAf14q52-12SgdxG52y16CzeAmZFIIwxEnUFTYp8ZOTT4Ew==
via: 1.1 6a6653dfb47ccc5082f2a5b9d0d168ce.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 18:20:46 GMT
age: 78317
etag: "16f1e048895ed1ee0c0c071e3939e741113e4969"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e2853cc6ec6223160471401e6871f4b
f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c
bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10462
x-amzn-requestid: 43480a38-fd89-4c47-b8c4-e6ba90b1321c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aMF6oEz_oAMF8Hg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634e5043-6617fd2e59cab00135301cdd;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 07:05:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: C7GYpM3mXSf0hVyGO9Zzlxa3IHXHdyPlXsvr3i0GoQnaPZF6lO-OwA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 09:08:58 GMT
age: 25025
etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff66bafec-6420-4aea-8b22-96b8fe0d292b.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff66bafec-6420-4aea-8b22-96b8fe0d292b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c69b19d2273c3ade32fd0797921c0459
8cafda5659f5b36c855a2bbcaeb03aa715ddeebd
d78b92e1175207b1179c85f9490f937e1647aeae3fe95cf8b3dc336db232945e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff66bafec-6420-4aea-8b22-96b8fe0d292b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8154
x-amzn-requestid: 1d9d6e13-69a4-473d-af4b-ef3d4382f3ca
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bTTU2EyZoAMF94w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636acc1e-0dec203434f42df01d9a1182;Sampled=0
x-amzn-remapped-date: Tue, 08 Nov 2022 21:37:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: GWFybdPyZxzujAi9urpfQ_1HZCiJpmxpzg6j7a2gwdZ5E89xfc1MXg==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 21:54:55 GMT
age: 65468
etag: "8cafda5659f5b36c855a2bbcaeb03aa715ddeebd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b197dc2-1415-4c19-8d36-1fa334168ba5.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b197dc2-1415-4c19-8d36-1fa334168ba5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 29429581f8dc762c69c5916009f70080
9265cae98aa663a5498925b70079abdd8e7031fd
c3deee74c80905a1e92b84868b9987cb30ad7a210dca066b97c325cc2c83872e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1b197dc2-1415-4c19-8d36-1fa334168ba5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9313
x-amzn-requestid: be3f6b0f-cf61-4bec-ad1a-87abdbc45d73
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bTTTwF5AoAMFZAw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636acc17-5ca45b5b1065a4ea492f2ac6;Sampled=0
x-amzn-remapped-date: Tue, 08 Nov 2022 21:37:27 GMT
x-amz-cf-pop: SEA19-C3, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 9lVY7YgQQ0FAP3ItgCSWePY0Msd4RIyBz4eNPc-K51BtnWUjOObv6g==
via: 1.1 31dfa94142c6eaf975b0e5454c00340a.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 21:43:43 GMT
etag: "9265cae98aa663a5498925b70079abdd8e7031fd"
content-type: image/jpeg
age: 66140
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
gurbetfm.net/.posta-si/inc/bootstrap.min.css
46.31.79.18200 OK 19 kB URL HTTP/2 gurbetfm.net/.posta-si/inc/bootstrap.min.css
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
File type ASCII text, with very long lines (65325)
Hash 470bcd9fa4c668677c793a8a5bef2833
201452d2217df2133b31b5124b50f4ad5458e7d4
382730f80001a105bca8c05571f0fd299a3c236e711603740613d03279c905ac
GET /.posta-si/inc/bootstrap.min.css HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gurbetfm.net/.posta-si/login.php
Cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=31536000, public
expires: Wed, 16 Nov 2022 16:06:05 GMT
content-type: text/css
last-modified: Tue, 18 Oct 2022 20:37:36 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 18586
date: Wed, 09 Nov 2022 16:06:05 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
gurbetfm.net/.posta-si/inc/popper.min.js
46.31.79.18200 OK 7.2 kB URL HTTP/2 gurbetfm.net/.posta-si/inc/popper.min.js
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
File type ASCII text, with very long lines (20831)
Hash d535e90b4a783cae10066a0aeb22ff10
b5980713e04b52838ada370182caeb75129cf2f2
1937f9bf142830e288707c5bd66a6c1e4a7025c3f5454eb2a56f4442dc542d97
Analyzer Verdict Alert fortinet Phishing
GET /.posta-si/inc/popper.min.js HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gurbetfm.net/.posta-si/login.php
Cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=31536000, public
expires: Wed, 16 Nov 2022 16:06:05 GMT
content-type: application/javascript
last-modified: Tue, 18 Oct 2022 20:37:38 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 7174
date: Wed, 09 Nov 2022 16:06:05 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
gurbetfm.net/.posta-si/inc/styles.d765e9a1732b928d7ece.css
46.31.79.18200 OK 8.7 kB URL HTTP/2 gurbetfm.net/.posta-si/inc/styles.d765e9a1732b928d7ece.css
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
File type ASCII text, with very long lines (51816)
Hash 8e1b43dc01f448bedfecad4c4fc5f8fc
4f4f4bb4b08dd5a2bce88fb5b78a92e0005ace41
73d38076e14fefe7bfad462143568f5a6b8b4e106d7d7272c2f3477e6eb6b749
GET /.posta-si/inc/styles.d765e9a1732b928d7ece.css HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gurbetfm.net/.posta-si/login.php
Cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=31536000, public
expires: Wed, 16 Nov 2022 16:06:05 GMT
content-type: text/css
last-modified: Tue, 18 Oct 2022 20:37:36 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 8726
date: Wed, 09 Nov 2022 16:06:05 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
gurbetfm.net/.posta-si/inc/api.js
46.31.79.18200 OK 521 B URL HTTP/2 gurbetfm.net/.posta-si/inc/api.js
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
File type ASCII text, with very long lines (945), with no line terminators
Hash 8754f525af8f44a07f63032a678516fa
15b2b8f9c985f9ee62d24843de6568eb0d68052f
e919dab7efb050c3f995b7fc4ceb5f0931b199127b1fedc04a59b8c0b2de461f
Analyzer Verdict Alert fortinet Phishing
GET /.posta-si/inc/api.js HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gurbetfm.net/.posta-si/login.php
Cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=31536000, public
expires: Wed, 16 Nov 2022 16:06:05 GMT
content-type: application/javascript
last-modified: Tue, 18 Oct 2022 20:37:36 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 521
date: Wed, 09 Nov 2022 16:06:05 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
gurbetfm.net/.posta-si/inc/jquery-3.3.1.slim.min.js
46.31.79.18200 OK 24 kB URL HTTP/2 gurbetfm.net/.posta-si/inc/jquery-3.3.1.slim.min.js
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
File type ASCII text, with very long lines (65247)
Hash fefc18f601a94aeb44a8f13233b2528d
be47e664e4ae237e186c957d95bbae198c6b3f91
e818e5432fc9eafa20a852b4dc601d591b2d3a6ea34d0fb3c4ab1a7df8dc7022
Analyzer Verdict Alert fortinet Phishing
GET /.posta-si/inc/jquery-3.3.1.slim.min.js HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gurbetfm.net/.posta-si/login.php
Cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=31536000, public
expires: Wed, 16 Nov 2022 16:06:05 GMT
content-type: application/javascript
last-modified: Tue, 18 Oct 2022 20:37:36 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 23570
date: Wed, 09 Nov 2022 16:06:05 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
gurbetfm.net/.posta-si/inc/bootstrap.bundle.min.js
46.31.79.18200 OK 18 kB URL HTTP/2 gurbetfm.net/.posta-si/inc/bootstrap.bundle.min.js
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
File type ASCII text, with very long lines (65298)
Hash 6a831cd2dd0132b62f69a680e0cc9efd
f9e98e489095df69a760cfff97619a0d84bfea95
52292e1e7c8f6108320be94cb1474a5c9361cf2a745c420e066a93d408fac894
Analyzer Verdict Alert fortinet Phishing
GET /.posta-si/inc/bootstrap.bundle.min.js HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gurbetfm.net/.posta-si/login.php
Cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=31536000, public
expires: Wed, 16 Nov 2022 16:06:05 GMT
content-type: application/javascript
last-modified: Tue, 18 Oct 2022 20:37:38 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 18454
date: Wed, 09 Nov 2022 16:06:05 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
gurbetfm.net/.posta-si/inc/controls.js
46.31.79.18200 OK 26 kB URL HTTP/2 gurbetfm.net/.posta-si/inc/controls.js
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
File type ASCII text, with very long lines (549)
Hash 93f801e858ef988cdaad0debf1e9fdbc
bf1f03fa268440b768f72869f6f5a5cf2fc0f174
48b79468b770ac0f7ee02a0153326dbd025c0ce2a3f4175cbb0eff44fb4672a8
Analyzer Verdict Alert fortinet Phishing
GET /.posta-si/inc/controls.js HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gurbetfm.net/.posta-si/login.php
Cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=31536000, public
expires: Wed, 16 Nov 2022 16:06:05 GMT
content-type: application/javascript
last-modified: Tue, 18 Oct 2022 20:37:36 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 25942
date: Wed, 09 Nov 2022 16:06:05 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
gurbetfm.net/.posta-si/inc/runtime-es2017.aff7cd7a53cdba75d977.js
46.31.79.18200 OK 1.5 kB URL HTTP/2 gurbetfm.net/.posta-si/inc/runtime-es2017.aff7cd7a53cdba75d977.js
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
File type ASCII text, with very long lines (3365), with no line terminators
Hash f321407d0399c59bf0f104318ed99ec9
b824ef940d61ce4c2534072c4df5d1eb094fcc5a
54ea6ddc8762e7789863da9ed7430dc61ae9f313684dae1ee552f7056cb678e2
Analyzer Verdict Alert fortinet Phishing
GET /.posta-si/inc/runtime-es2017.aff7cd7a53cdba75d977.js HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gurbetfm.net/.posta-si/login.php
Cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=31536000, public
expires: Wed, 16 Nov 2022 16:06:06 GMT
content-type: application/javascript
last-modified: Tue, 18 Oct 2022 20:37:36 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1531
date: Wed, 09 Nov 2022 16:06:06 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
gurbetfm.net/.posta-si/inc/polyfills-es2017.e187f5184d97ed61a711.js
46.31.79.18200 OK 12 kB URL HTTP/2 gurbetfm.net/.posta-si/inc/polyfills-es2017.e187f5184d97ed61a711.js
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
File type ASCII text, with very long lines (36771), with no line terminators
Hash 85195f6d5c688920cb95e92c1b514a3a
65d1464e6df16b516946f597ab71842f4ec3c5eb
e7ffd28445da04b8180c294497225eecc3483b292bc30c87590be00198deeaaf
Analyzer Verdict Alert fortinet Phishing
GET /.posta-si/inc/polyfills-es2017.e187f5184d97ed61a711.js HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gurbetfm.net/.posta-si/login.php
Cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=31536000, public
expires: Wed, 16 Nov 2022 16:06:06 GMT
content-type: application/javascript
last-modified: Tue, 18 Oct 2022 20:37:36 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 12112
date: Wed, 09 Nov 2022 16:06:06 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
gurbetfm.net/.posta-si/inc/util.js
46.31.79.18200 OK 60 kB URL HTTP/2 gurbetfm.net/.posta-si/inc/util.js
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
File type ASCII text, with very long lines (590)
Hash 948949c51019f4dcbd6db038e2b4b21c
e81bd8d0875d03a0c87a0366c0a4483b29a0e98b
c8e3d73b5522e2f148149b09f71fc99db110bfb676b94cd254b13ffa9d8fe80c
Analyzer Verdict Alert fortinet Phishing
GET /.posta-si/inc/util.js HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gurbetfm.net/.posta-si/login.php
Cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=31536000, public
expires: Wed, 16 Nov 2022 16:06:05 GMT
content-type: application/javascript
last-modified: Tue, 18 Oct 2022 20:37:36 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 59652
date: Wed, 09 Nov 2022 16:06:05 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
gurbetfm.net/.posta-si/inc/places_impl.js
46.31.79.18200 OK 17 kB URL HTTP/2 gurbetfm.net/.posta-si/inc/places_impl.js
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
File type ASCII text, with very long lines (3326)
Hash 33867104d7716de6ce25f0d363cb31ff
c8f472ce2c773aeaece426a8f87a4ba745e4a162
5f13b2b619f84e0971a025e0e654bc14e78cb24d0b416d26fbf82798c19d28bc
Analyzer Verdict Alert fortinet Phishing
GET /.posta-si/inc/places_impl.js HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gurbetfm.net/.posta-si/login.php
Cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=31536000, public
expires: Wed, 16 Nov 2022 16:06:06 GMT
content-type: application/javascript
last-modified: Tue, 18 Oct 2022 20:37:36 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 17063
date: Wed, 09 Nov 2022 16:06:06 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
gurbetfm.net/.posta-si/inc/posta-logo.svg
46.31.79.18200 OK 2.4 kB URL HTTP/2 gurbetfm.net/.posta-si/inc/posta-logo.svg
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash dac0ccc6c76bd8af4db14d738cb8efa1
90c050a3512f3ba257a94d922f06792c213bac1e
b13dabb235c9e2cb3552da727d48abf911cc109722655cdf569619887613a7d6
Analyzer Verdict Alert fortinet Phishing
GET /.posta-si/inc/posta-logo.svg HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gurbetfm.net/.posta-si/login.php
Cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 16 Nov 2022 16:06:06 GMT
content-type: image/svg+xml
last-modified: Tue, 18 Oct 2022 20:37:36 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2420
date: Wed, 09 Nov 2022 16:06:06 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
gurbetfm.net/.posta-si/style_files/visa.svg
46.31.79.18200 OK 415 B URL HTTP/2 gurbetfm.net/.posta-si/style_files/visa.svg
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (692), with no line terminators
Hash 4d49dc63460acc17705437e7fb1ce461
b7821e61555acc414b18a52f18035b8de5166624
bff975ab9f0af8c8a680ef610c0fbc123c0492aae2c6066afd84ee245a7e454d
Analyzer Verdict Alert fortinet Phishing
GET /.posta-si/style_files/visa.svg HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gurbetfm.net/.posta-si/login.php
Cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 16 Nov 2022 16:06:06 GMT
content-type: image/svg+xml
last-modified: Fri, 24 Jun 2022 17:56:20 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 415
date: Wed, 09 Nov 2022 16:06:06 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
gurbetfm.net/.posta-si/style_files/amex.svg
46.31.79.18200 OK 1.0 kB URL HTTP/2 gurbetfm.net/.posta-si/style_files/amex.svg
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2040), with no line terminators
Hash 090f2f61558b99c1e3a4f80264fc9e07
80bc5b116005a459a30a4b5167a87823037b415f
43b686900e78f0742f867d67c8ac36e616b6868b57dd057ab994841a53d80389
Analyzer Verdict Alert fortinet Phishing
GET /.posta-si/style_files/amex.svg HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gurbetfm.net/.posta-si/login.php
Cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 16 Nov 2022 16:06:06 GMT
content-type: image/svg+xml
last-modified: Fri, 24 Jun 2022 17:56:20 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1019
date: Wed, 09 Nov 2022 16:06:06 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
gurbetfm.net/.posta-si/style_files/mastercard.svg
46.31.79.18200 OK 775 B URL HTTP/2 gurbetfm.net/.posta-si/style_files/mastercard.svg
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1808), with no line terminators
Hash c1d0a81fe572ce960f202e4f017def8e
1eb688b22ac916f79f5210ff2a4b2408e344e6a4
83abdeb4bc23644fe0365607ae6b342099b333edae5d22b13cd17fc2f80d9282
Analyzer Verdict Alert fortinet Phishing
GET /.posta-si/style_files/mastercard.svg HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gurbetfm.net/.posta-si/login.php
Cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 16 Nov 2022 16:06:06 GMT
content-type: image/svg+xml
last-modified: Fri, 24 Jun 2022 17:56:20 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 775
date: Wed, 09 Nov 2022 16:06:06 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
gurbetfm.net/.posta-si/inc/Invalidom-prijazno-podjetje_logo.png
46.31.79.18200 OK 25 kB URL HTTP/2 gurbetfm.net/.posta-si/inc/Invalidom-prijazno-podjetje_logo.png
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
File type PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Hash 5293bcf9eec930639b27b0566384242a
308f6b92bd24e307d3766c61ba8c495339d9b162
a976b281e6483c2494e2bb54c5171f360dd2f1955e71865ba59fbb1f3e762048
GET /.posta-si/inc/Invalidom-prijazno-podjetje_logo.png HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gurbetfm.net/.posta-si/login.php
Cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=31536000, public
expires: Wed, 16 Nov 2022 16:06:06 GMT
content-type: image/png
last-modified: Tue, 18 Oct 2022 20:37:36 GMT
accept-ranges: bytes
content-length: 25255
date: Wed, 09 Nov 2022 16:06:06 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
gurbetfm.net/.posta-si/inc/Prijava%20nepravilnosti.svg
46.31.79.18200 OK 3.9 kB URL HTTP/2 gurbetfm.net/.posta-si/inc/Prijava%20nepravilnosti.svg
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 3338d1660769a936e92f0504a77440c4
57be02479e8f9d705055ae8850f686ee6afc7d60
50e1edf2af01a933b7e2747b59897cd7eafd5c168b6848af28bab53f2d436d17
Analyzer Verdict Alert fortinet Phishing
GET /.posta-si/inc/Prijava%20nepravilnosti.svg HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gurbetfm.net/.posta-si/login.php
Cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 16 Nov 2022 16:06:06 GMT
content-type: image/svg+xml
last-modified: Tue, 18 Oct 2022 20:37:36 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3934
date: Wed, 09 Nov 2022 16:06:06 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
gurbetfm.net/.posta-si/style_files/package.png
46.31.79.18200 OK 33 kB URL HTTP/2 gurbetfm.net/.posta-si/style_files/package.png
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 480x264, components 3\012- data
Hash 44feac16a88fc1100baa691e861c75f5
4b8589e9c6f13c1e1394ffea8439bc3533fee3ed
1dc0a5a441073d1d2adb9ee32b8a06a0efbd57c95da0ece8683a05b19745fe84
GET /.posta-si/style_files/package.png HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gurbetfm.net/.posta-si/login.php
Cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=31536000, public
expires: Wed, 16 Nov 2022 16:06:06 GMT
content-type: image/png
last-modified: Fri, 24 Jun 2022 17:56:20 GMT
accept-ranges: bytes
content-length: 32914
date: Wed, 09 Nov 2022 16:06:06 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
gurbetfm.net/.posta-si/inc/js
46.31.79.18200 OK 88 kB URL HTTP/2 gurbetfm.net/.posta-si/inc/js
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
Hash 2f4537cf215f93ce961715d1c9c6dea8
cfa187e036c2bb6ce5d7501028e58281f3b08eef
d5df0abe3316ed626d27237474e352c000aa7ce1907a9eb1eebe6ad5c146e9fe
Analyzer Verdict Alert fortinet Phishing
GET /.posta-si/inc/js HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gurbetfm.net/.posta-si/login.php
Cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/octet-stream
last-modified: Tue, 18 Oct 2022 20:37:36 GMT
accept-ranges: bytes
content-length: 173083
date: Wed, 09 Nov 2022 16:06:06 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
gurbetfm.net/.posta-si/inc/anchor_data/styles__ltr.css
46.31.79.18200 OK 24 kB URL HTTP/2 gurbetfm.net/.posta-si/inc/anchor_data/styles__ltr.css
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
File type ASCII text, with very long lines (52913), with no line terminators
Hash d37e6dcf8c1196dd3dc60a5d215ef4d1
0ad6f087848c0ef33ebb0b05c828aae2d4bbecbb
0bba3efb24cacb34901e7f946c3e3c03f2a48c55fab6a9249a9dd7f8f22e6545
GET /.posta-si/inc/anchor_data/styles__ltr.css HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gurbetfm.net/.posta-si/inc/anchor.html
Cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=31536000, public
expires: Wed, 16 Nov 2022 16:06:06 GMT
content-type: text/css
last-modified: Tue, 18 Oct 2022 20:37:36 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 24157
date: Wed, 09 Nov 2022 16:06:06 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/vP4jQKq0YJFzU6e21-BGy3GP/recaptcha__en.js
142.250.74.163200 OK 160 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/vP4jQKq0YJFzU6e21-BGy3GP/recaptcha__en.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (608)
Size 160 kB (159789 bytes)
Hash 1230a090d5cedcb9e764406ab9497c1b
3d175bcf4ad9957c3e32611713c01347299b173e
585cafe3d6a3b932804aaa5aeb19a650688a2c15767f513d0d60c1941475c428
GET /recaptcha/releases/vP4jQKq0YJFzU6e21-BGy3GP/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gurbetfm.net
Connection: keep-alive
Referer: https://gurbetfm.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 159789
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Nov 2022 14:59:40 GMT
expires: Fri, 03 Nov 2023 14:59:40 GMT
cache-control: public, max-age=31536000
age: 522386
last-modified: Sun, 02 Oct 2022 20:02:07 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
gurbetfm.net/.posta-si/inc/recaptcha__en.js
46.31.79.18200 OK 0 B URL HTTP/2 gurbetfm.net/.posta-si/inc/recaptcha__en.js
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
Analyzer Verdict Alert fortinet Phishing
GET /.posta-si/inc/recaptcha__en.js HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gurbetfm.net/.posta-si/login.php
Cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=31536000, public
expires: Wed, 16 Nov 2022 16:06:05 GMT
content-type: application/javascript
last-modified: Tue, 18 Oct 2022 20:37:36 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 152434
date: Wed, 09 Nov 2022 16:06:05 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
killbot.org/api/v2/whois?apikey=BguiQBmv8QVNS_Qa-Y6B-LhYKgnL-bmWGKTiTXqHAfaCa
104.21.11.160401 Unauthorized 0 B URL HTTP/2 killbot.org/api/v2/whois?apikey=BguiQBmv8QVNS_Qa-Y6B-LhYKgnL-bmWGKTiTXqHAfaCa
IP 104.21.11.160:0
GET /api/v2/whois?apikey=BguiQBmv8QVNS_Qa-Y6B-LhYKgnL-bmWGKTiTXqHAfaCa HTTP/1.1
Host: killbot.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gurbetfm.net/
Origin: https://gurbetfm.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 401 Unauthorized
date: Wed, 09 Nov 2022 16:06:06 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-max-age: 86400
bug-bounty: Report to live chat :)
access-control-allow-origin: *
access-control-allow-methods: POST, GET
set-cookie: _killbot=l76roc5g7hrmi9hjv123lat7ck59cvk6; expires=Wed, 09-Nov-2022 18:06:05 GMT; Max-Age=7200; path=/; SameSite=Lax; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hRDyTLJl7SdLq%2B1s%2Bm7ofbZpTglkyuXvuCsHDvD%2FG00T9fEY7am93L38olePD4X7UeahaXcALibmfide0fpHcR0kCh79BDORU62qEwyut2Se6FlfHN47Q9hNUv8O%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7677cb2e68310b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gurbetfm.net/.posta-si/inc/main-es2017.de5ef0f12e875c49556c.js
46.31.79.18200 OK 0 B URL HTTP/2 gurbetfm.net/.posta-si/inc/main-es2017.de5ef0f12e875c49556c.js
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
Analyzer Verdict Alert fortinet Phishing
GET /.posta-si/inc/main-es2017.de5ef0f12e875c49556c.js HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gurbetfm.net/.posta-si/login.php
Cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=31536000, public
expires: Wed, 16 Nov 2022 16:06:06 GMT
content-type: application/javascript
last-modified: Tue, 18 Oct 2022 20:37:36 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 342899
date: Wed, 09 Nov 2022 16:06:06 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
gurbetfm.net/.posta-si/inc/js
46.31.79.18200 OK 0 B URL HTTP/2 gurbetfm.net/.posta-si/inc/js
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
Analyzer Verdict Alert fortinet Phishing
GET /.posta-si/inc/js HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gurbetfm.net/.posta-si/login.php
Cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/octet-stream
last-modified: Tue, 18 Oct 2022 20:37:36 GMT
accept-ranges: bytes
content-length: 173083
date: Wed, 09 Nov 2022 16:06:05 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
gurbetfm.net/.posta-si/
46.31.79.18200 OK 0 B IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
Analyzer Verdict Alert openphish Posti Group
fortinet Phishing
GET /.posta-si/ HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
set-cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
content-encoding: gzip
date: Wed, 09 Nov 2022 16:06:01 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-23=":443"; ma=2592000, h3-24=":443"; ma=2592000
X-Firefox-Spdy: h2
gurbetfm.net/.posta-si/pay/unlock.php
46.31.79.18200 OK 0 B URL HTTP/2 gurbetfm.net/.posta-si/pay/unlock.php
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
Analyzer Verdict Alert fortinet Phishing
POST /.posta-si/pay/unlock.php HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 526
Origin: https://gurbetfm.net
Connection: keep-alive
Referer: https://gurbetfm.net/.posta-si/
Cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
content-encoding: gzip
date: Wed, 09 Nov 2022 16:06:04 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
killbot.org/api/v2/whois?apikey=BguiQBmv8QVNS_Qa-Y6B-LhYKgnL-bmWGKTiTXqHAfaCa
104.21.11.160401 Unauthorized 0 B URL HTTP/2 killbot.org/api/v2/whois?apikey=BguiQBmv8QVNS_Qa-Y6B-LhYKgnL-bmWGKTiTXqHAfaCa
IP 104.21.11.160:0
GET /api/v2/whois?apikey=BguiQBmv8QVNS_Qa-Y6B-LhYKgnL-bmWGKTiTXqHAfaCa HTTP/1.1
Host: killbot.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gurbetfm.net/
Origin: https://gurbetfm.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 401 Unauthorized
date: Wed, 09 Nov 2022 16:06:02 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-max-age: 86400
bug-bounty: Report to live chat :)
access-control-allow-origin: *
access-control-allow-methods: POST, GET
set-cookie: _killbot=od60iskksdtqbh1oevcotr1dico6585u; expires=Wed, 09-Nov-2022 18:06:02 GMT; Max-Age=7200; path=/; SameSite=Lax; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FexgmMb%2F%2BlSUIpicRWpb0eceO6lbmPcChuMUT5qg1u1nC9205PfU8CAf53h4fi%2FkJh3m7zXqa%2BL8NKDkGDQDPl56vMZq1eYpDibF8nk1XyJWq8YFiEqVHw5xJzovLA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7677cb151dd00b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gurbetfm.net/.posta-si/login.php
46.31.79.18200 OK 0 B URL HTTP/2 gurbetfm.net/.posta-si/login.php
IP 46.31.79.18:0
ASN #207326 HostLAB Bilisim Teknolojileri A.S.
Analyzer Verdict Alert fortinet Phishing
GET /.posta-si/login.php HTTP/1.1
Host: gurbetfm.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gurbetfm.net/.posta-si/pay/unlock.php
Cookie: PHPSESSID=e0222302210b7e8af7c6ddf2d3aacea1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
content-encoding: gzip
date: Wed, 09 Nov 2022 16:06:05 GMT
server: LiteSpeed
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2