secure-mt-webaccess.ga/online/netbank/a1b2c3/077f61606bb3a12ee8878f413e4d7c6b/login
92.63.136.171302 Found 239 B URL User Request GET HTTP/1.1 secure-mt-webaccess.ga/online/netbank/a1b2c3/077f61606bb3a12ee8878f413e4d7c6b/login
IP 92.63.136.171:80
ASN #20860 Iomart Cloud Services Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 2a3972dbbb157b5d342cfbff1c4713b1
31091aee7b8a7e9276d69fc0763eb49c8697f97c
9b56255cdadc007c1423f78aad62c7c24b8797f2cc9d7b67a28b731b24a3972f
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /online/netbank/a1b2c3/077f61606bb3a12ee8878f413e4d7c6b/login HTTP/1.1
Host: secure-mt-webaccess.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Fri, 28 Apr 2023 18:05:38 GMT
Server: Apache/2.4.18 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Location: http://secure-mt-webaccess.ga/cgi-sys/suspendedpage.cgi
Content-Length: 239
Connection: close
Content-Type: text/html; charset=iso-8859-1
secure-mt-webaccess.ga/cgi-sys/suspendedpage.cgi
92.63.136.171200 OK 7.6 kB URL User Request GET HTTP/1.1 secure-mt-webaccess.ga/cgi-sys/suspendedpage.cgi
IP 92.63.136.171:80
ASN #20860 Iomart Cloud Services Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4070)
Hash 3a9bc0c9dd2a9d3646d7bd791ff53ed6
a5acaf4e06753f81d370f9d64b01a034674af7a4
50372d9747e35a4c9593b23d07322c2a976c294ab4e2065900f5cdbdd6a016b2
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
suricata medium ET INFO HTTP Request to a *.ga domain
GET /cgi-sys/suspendedpage.cgi HTTP/1.1
Host: secure-mt-webaccess.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 28 Apr 2023 18:05:38 GMT
Server: Apache/2.4.18 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
secure-mt-webaccess.ga/favicon.ico
92.63.136.171302 Found 239 B URL GET HTTP/1.1 secure-mt-webaccess.ga/favicon.ico
IP 92.63.136.171:80
ASN #20860 Iomart Cloud Services Limited
Requested by http://secure-mt-webaccess.ga/cgi-sys/suspendedpage.cgi
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 2a3972dbbb157b5d342cfbff1c4713b1
31091aee7b8a7e9276d69fc0763eb49c8697f97c
9b56255cdadc007c1423f78aad62c7c24b8797f2cc9d7b67a28b731b24a3972f
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
GET /favicon.ico HTTP/1.1
Host: secure-mt-webaccess.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://secure-mt-webaccess.ga/cgi-sys/suspendedpage.cgi
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Fri, 28 Apr 2023 18:05:39 GMT
Server: Apache/2.4.18 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Location: http://secure-mt-webaccess.ga/cgi-sys/suspendedpage.cgi
Content-Length: 239
Connection: close
Content-Type: text/html; charset=iso-8859-1
secure-mt-webaccess.ga/cgi-sys/suspendedpage.cgi
92.63.136.171200 OK 7.6 kB URL User Request GET HTTP/1.1 secure-mt-webaccess.ga/cgi-sys/suspendedpage.cgi
IP 92.63.136.171:80
ASN #20860 Iomart Cloud Services Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4070)
Hash 3a9bc0c9dd2a9d3646d7bd791ff53ed6
a5acaf4e06753f81d370f9d64b01a034674af7a4
50372d9747e35a4c9593b23d07322c2a976c294ab4e2065900f5cdbdd6a016b2
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.ga domain
suricata medium ET INFO HTTP Request to a *.ga domain
GET /cgi-sys/suspendedpage.cgi HTTP/1.1
Host: secure-mt-webaccess.ga
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://secure-mt-webaccess.ga/cgi-sys/suspendedpage.cgi
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 28 Apr 2023 18:05:39 GMT
Server: Apache/2.4.18 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.woff2
172.64.132.15200 OK 39 kB URL GET HTTP/3 use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.woff2
IP 172.64.132.15:443
Requested by http://secure-mt-webaccess.ga/cgi-sys/suspendedpage.cgi
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF8:B8:F9:45:BF:19:61:F1:60:E0:B4:AF:F4:E5:96:31:40:A4:84:69
ValidityMon, 06 Jun 2022 00:00:00 GMT - Mon, 05 Jun 2023 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 38784, version 1.0\012- data
Hash f9b85c9463af7103b9b24bbbf09a06ed
d28d7222bcbeb8ea701a771e85f7efe006e62fb1
62554277d07b20c6bfae7c6267b3198b4846f604a37d4085bf9f54c392210b56
GET /releases/v5.0.6/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://secure-mt-webaccess.ga
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 28 Apr 2023 18:05:39 GMT
content-type: application/font-woff2
content-length: 38784
x-amz-id-2: MdHHRICqb+S594cTd7y1LB6TTkTkY8ZAfNwwKlv8mQWYMueIuHO+CbYy4i/yswK/Apt9IyPqPWU=
x-amz-request-id: PA6VVSQVX7583Z4G
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:27:50 GMT
etag: "f9b85c9463af7103b9b24bbbf09a06ed"
cache-control: max-age=31556926
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mkTgPlLbgAZg%2FzBL9swANElSQgE2OT0ldVTgOsF1pN2uQ%2FWJfMdi%2BBnjElgI3xwTMe2Y2Mrb%2F61Ab0db6YuRMbuBscFFPL9Cpyug%2F1e4bpp7Jr3RnyG6lmGtxLILP86DTMWDHMfr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7bf13c1009ea06fd-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
use.fontawesome.com/releases/v5.0.6/css/all.css
172.64.132.15200 OK 35 kB URL GET HTTP/2 use.fontawesome.com/releases/v5.0.6/css/all.css
IP 172.64.132.15:443
Requested by http://secure-mt-webaccess.ga/cgi-sys/suspendedpage.cgi
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF8:B8:F9:45:BF:19:61:F1:60:E0:B4:AF:F4:E5:96:31:40:A4:84:69
ValidityMon, 06 Jun 2022 00:00:00 GMT - Mon, 05 Jun 2023 23:59:59 GMT
File type ASCII text, with very long lines (34556)
Hash 42eaa52604673b64d6b356c2fd7f87e3
6b59cb703b2d4a7a2691f13008062b46a6bc7fdb
ed0f122470c4d13d86bbabdc38046d743d0228204a56d786d2e17bd83fd358ce
GET /releases/v5.0.6/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://secure-mt-webaccess.ga/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 28 Apr 2023 18:05:39 GMT
content-type: text/css
x-amz-id-2: H9hK29b5iFPEy8TCVIP5G7upJA9ACrAE7U0DxTvyHEokOqcJQDZk0RrIb6gPiJ2nNAhA+oTFP3U=
x-amz-request-id: ZPVHR3KYK4NCQZSJ
last-modified: Wed, 30 Jun 2021 15:27:49 GMT
etag: W/"42eaa52604673b64d6b356c2fd7f87e3"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 313820
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qta7BOsmJvtKxnsb0li67vueG5STCvPMFoxWgMw8SH2Gy0T7Ueuycq8N8ifZEFp8bCtaCN9bpzSkPxucyq2safmHZIOrfH9F4thS4t%2FdKrBXXRzNtHJ6kJTyuYWL259P15Z4x8TK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7bf13c0efa5e773e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2