urlquery - report: 190.14.39.165/

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	IP	Comment
ocsp.digicert.com (2)	86	2012-05-21 07:02:23 UTC	2020-05-02 20:58:10 UTC	93.184.220.29
firefox.settings.services.mozilla.com (2)	867	2020-06-04 20:08:41 UTC	2022-11-27 05:29:56 UTC	34.102.187.140
content-signature-2.cdn.mozilla.net (1)	1152	No data	No data	34.160.144.191
contile.services.mozilla.com (1)	1114	2021-05-27 18:32:35 UTC	2022-11-27 05:29:57 UTC	34.117.237.239
ocsp.pki.goog (2)	175	2018-07-01 06:43:07 UTC	2020-05-02 20:58:16 UTC	142.250.74.3
www.googletagmanager.com (1)	75	2013-05-22 02:07:37 UTC	2022-11-27 06:32:27 UTC	142.250.74.168
img-getpocket.cdn.mozilla.net (6)	1631	2018-06-21 23:36:00 UTC	2020-02-19 04:43:25 UTC	34.120.237.76
r3.o.lencr.org (3)	344	No data	No data	23.36.76.226
push.services.mozilla.com (1)	2140	2014-10-24 08:27:06 UTC	2020-05-03 10:09:39 UTC	52.35.167.249
region1.google-analytics.com (1)	0	2022-03-17 11:26:33 UTC	2022-11-27 06:32:50 UTC	216.239.34.36	Domain (google-analytics.com) ranked at: 8401
190.14.39.165 (26)	0	2022-09-16 18:55:28 UTC	2022-11-27 15:35:19 UTC	190.14.39.165	Unknown ranking

Scan Date	Severity	Indicator	Comment
2022-11-24	2	190.14.39.165/	Deniz Bank
2022-11-24	2	190.14.39.165/	Deniz Bank
2022-11-24	2	190.14.39.165/	Deniz Bank
2022-11-24	2	190.14.39.165/	Deniz Bank
2022-11-24	2	190.14.39.165/	Deniz Bank
2022-11-24	2	190.14.39.165/	Deniz Bank
2022-11-24	2	190.14.39.165/	Deniz Bank
2022-11-24	2	190.14.39.165/	Deniz Bank
2022-11-24	2	190.14.39.165/	Deniz Bank
2022-11-24	2	190.14.39.165/	Deniz Bank
2022-11-24	2	190.14.39.165/	Deniz Bank
2022-11-24	2	190.14.39.165/	Deniz Bank
2022-11-24	2	190.14.39.165/	Deniz Bank
2022-11-24	2	190.14.39.165/	Deniz Bank
2022-11-24	2	190.14.39.165/	Deniz Bank
2022-11-24	2	190.14.39.165/	Deniz Bank
2022-11-24	2	190.14.39.165/	Deniz Bank
2022-11-24	2	190.14.39.165/	Deniz Bank
2022-11-24	2	190.14.39.165/	Deniz Bank
2022-11-24	2	190.14.39.165/	Deniz Bank
2022-11-24	2	190.14.39.165/	Deniz Bank
2022-11-24	2	190.14.39.165/	Deniz Bank
2022-11-24	2	190.14.39.165/	Deniz Bank
2022-11-24	2	190.14.39.165/	Deniz Bank
2022-11-24	2	190.14.39.165/	Deniz Bank

Scan Date	Severity	Indicator	Comment
2022-11-27	2	190.14.39.165/ruxitagentjs_ICA27SVfqrux_10221210805073954.js	Phishing
2022-11-27	2	190.14.39.165/_assets/js/analytics.js	Phishing
2022-11-27	2	190.14.39.165/	Phishing
2022-11-27	2	190.14.39.165/polyfills.e7c27bf15bf48a72de71.js	Phishing
2022-11-27	2	190.14.39.165/scripts.e8b3c78207fa4f6d6f74.js	Phishing
2022-11-27	2	190.14.39.165/vendor.67eb8a7592425af0ba81.js	Phishing
2022-11-27	2	190.14.39.165/main.c01c0c9a76089d1c0f34.js	Phishing
2022-11-27	2	190.14.39.165/runtime.c298608e9647c69cc550.js	Phishing
2022-11-27	2	190.14.39.165/_assets/img/login/login-footer-logo.svg	Phishing
2022-11-27	2	190.14.39.165/assets/opensans-regular-webfont.a66a53e7f788b1ab7e41.woff2	Phishing
2022-11-27	2	190.14.39.165/assets/opensans-semibold-webfont.1045337df148fc781940.woff2	Phishing
2022-11-27	2	190.14.39.165/assets/icomoon.6ff42eccb86b1fcbfe3f.woff2?bezj20	Phishing
2022-11-27	2	190.14.39.165/assets/opensans-bold-webfont.7b013a3110831768093f.woff2	Phishing
2022-11-27	2	190.14.39.165/assets/opensans-semibold-webfont.ba28aba0329c0fc0e825.woff	Phishing
2022-11-27	2	190.14.39.165/assets/opensans-regular-webfont.d389759376bc2ac55ee9.woff	Phishing
2022-11-27	2	190.14.39.165/assets/opensans-bold-webfont.c04f02eb3292e49d2d4e.woff	Phishing
2022-11-27	2	190.14.39.165/assets/icomoon.0014b4e7989bbfeaaef5.woff?bezj20	Phishing
2022-11-27	2	190.14.39.165/_assets/img/logo-light.svg	Phishing

Scan Date	Severity	Indicator	Comment
2022-11-27	2	190.14.39.165	Sinkholed
2022-11-27	2	190.14.39.165	Sinkholed
2022-11-27	2	190.14.39.165	Sinkholed
2022-11-27	2	190.14.39.165	Sinkholed
2022-11-27	2	190.14.39.165	Sinkholed
2022-11-27	2	190.14.39.165	Sinkholed
2022-11-27	2	190.14.39.165	Sinkholed
2022-11-27	2	190.14.39.165	Sinkholed
2022-11-27	2	190.14.39.165	Sinkholed
2022-11-27	2	190.14.39.165	Sinkholed
2022-11-27	2	190.14.39.165	Sinkholed
2022-11-27	2	190.14.39.165	Sinkholed
2022-11-27	2	190.14.39.165	Sinkholed
2022-11-27	2	190.14.39.165	Sinkholed
2022-11-27	2	190.14.39.165	Sinkholed
2022-11-27	2	190.14.39.165	Sinkholed
2022-11-27	2	190.14.39.165	Sinkholed
2022-11-27	2	190.14.39.165	Sinkholed
2022-11-27	2	190.14.39.165	Sinkholed
2022-11-27	2	190.14.39.165	Sinkholed
2022-11-27	2	190.14.39.165	Sinkholed
2022-11-27	2	190.14.39.165	Sinkholed
2022-11-27	2	190.14.39.165	Sinkholed
2022-11-27	2	190.14.39.165	Sinkholed
2022-11-27	2	190.14.39.165	Sinkholed
2022-11-27	2	190.14.39.165	Sinkholed

Date	UQ / IDS / BL	URL	IP
2022-12-27 23:53:00 +0000	0 - 5 - 9	denizonaylama.tk/	190.14.39.165
2022-12-17 02:05:38 +0000	53 - 0 - 69	www.denizizbankcom.tk/	190.14.39.165
2022-12-17 02:05:20 +0000	53 - 0 - 69	www.denizdenv1acik.tk/	190.14.39.165
2022-12-17 02:04:59 +0000	53 - 0 - 69	www.denizonaylama.gq/	190.14.39.165
2022-12-17 02:04:37 +0000	63 - 0 - 99	www.dijitalsube-acikdenizv8-com.tk/	190.14.39.165

Date	UQ / IDS / BL	URL	IP
2023-02-05 23:06:06 +0000	0 - 1 - 3	yilsonunaozel-isbakforum-basvur-online900tl.cf/	190.14.39.122
2023-02-05 21:05:43 +0000	0 - 2 - 3	piac-aero.com/Loki%201.8/Loki_original.exe	190.14.39.122
2023-02-05 12:57:21 +0000	27 - 28 - 43	denlzbankcom.tk/	190.14.39.135
2023-02-05 06:24:34 +0000	17 - 0 - 24	apple-t2-online-support.com/signin.html?Invit (...)	190.14.39.133
2023-02-05 02:00:59 +0000	0 - 2 - 45	www.mobilformonaydenzzii.top/9e8cc3089f7ce8af (...)	190.14.39.217

Date	UQ / IDS / BL	URL	IP
2022-12-15 14:26:36 +0000	61 - 0 - 96	190.14.39.165/	190.14.39.165
2022-11-27 21:37:13 +0000	28 - 0 - 69	190.14.39.165/	190.14.39.165
2022-11-27 15:36:58 +0000	28 - 0 - 69	190.14.39.165/	190.14.39.165
2022-11-24 13:56:56 +0000	28 - 0 - 44	190.14.39.165/	190.14.39.165

Date	UQ / IDS / BL	URL	IP
2023-02-05 12:57:21 +0000	27 - 28 - 43	denlzbankcom.tk/	190.14.39.135
2023-02-04 15:28:45 +0000	27 - 28 - 18	denlzbankcom.tk/	190.14.39.135
2023-02-04 00:31:54 +0000	27 - 29 - 43	www.denizonaylama.tk/	190.14.39.135
2023-02-03 23:44:16 +0000	27 - 28 - 43	acikdenizmobilv2tk.tk/	190.14.39.135
2023-02-03 23:44:02 +0000	27 - 27 - 69	denlzbankcom.ml/	190.14.39.135

HTTP Transactions (46)

Request	Response
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 560cbbb751ab2884024da3b93fba6bc45c6434797dba72a98c05e7fc2bb94bc1 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1" Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3858 Expires: Sun, 27 Nov 2022 16:41:04 GMT Date: Sun, 27 Nov 2022 15:36:46 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: cdbad2434b7d127a4fc769807a9dc3e7 Sha1: fa98cd9fc2309ab4423f33f683d17bdb17d76713 Sha256: 560cbbb751ab2884024da3b93fba6bc45c6434797dba72a98c05e7fc2bb94bc1
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.digicert.com/ FQDN: ocsp.digicert.com IP: 93.184.220.29 HASH: 64751d193f7af72431e9689581faffcae1a30ff50ea425697b2b80ff61c87909 93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 3590 Cache-Control: max-age=158057 Date: Sun, 27 Nov 2022 15:36:46 GMT Etag: "63833c71-1d7" Expires: Tue, 29 Nov 2022 11:31:03 GMT Last-Modified: Sun, 27 Nov 2022 10:31:13 GMT Server: ECS (ska/F705) X-Cache: HIT Content-Length: 471 --- Additional Info --- Magic: data Size: 471 Md5: 64b2a23eab6e5ae8c010ec7242be930c Sha1: 0673e4385ba01a5a245711bab96cafc34f765793 Sha256: 64751d193f7af72431e9689581faffcae1a30ff50ea425697b2b80ff61c87909
GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/ FQDN: firefox.settings.services.mozilla.com IP: 34.102.187.140 HASH: 0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c 34.102.187.140 HTTP/2 200 OK content-type: application/json access-control-allow-origin: * access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 939 via: 1.1 google date: Sun, 27 Nov 2022 15:19:23 GMT cache-control: public,max-age=3600 age: 1043 alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size: 939 Md5: 4d7e4eed097b9c4e5d509419f1cfc85a Sha1: 290bb3d428a7c6330e2e3d73a952b16f820896c8 Sha256: 0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: 4fd46b0b6a2ea24f5ce175985a3933c04b4c01bd3e32bee2e50a61a65eef7af4 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "4FD46B0B6A2EA24F5CE175985A3933C04B4C01BD3E32BEE2E50A61A65EEF7AF4" Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3711 Expires: Sun, 27 Nov 2022 16:38:38 GMT Date: Sun, 27 Nov 2022 15:36:47 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 3b56944f0e5716fd4fad2ec18994d4be Sha1: 61cafa4de31ba960d1145ec37272f6f6b6944e0c Sha256: 4fd46b0b6a2ea24f5ce175985a3933c04b4c01bd3e32bee2e50a61a65eef7af4
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: content-signature-2.cdn.mozilla.net/chains/remote-setti (...) FQDN: content-signature-2.cdn.mozilla.net IP: 34.160.144.191 HASH: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5 34.160.144.191 HTTP/2 200 OK content-type: binary/octet-stream x-amz-id-2: 2NBzSIrGx++dsWiybQ4tD7eSgWcU8u4I2AMZNPX7pyH2pbA1YbYTX6Pk/LPJjStm25YZx7ULA30k2FGoOB744w== x-amz-request-id: 3NTD38BW8Z6CMPAD content-disposition: attachment accept-ranges: bytes server: AmazonS3 content-length: 5348 via: 1.1 google date: Sun, 27 Nov 2022 14:44:40 GMT age: 3127 last-modified: Thu, 10 Nov 2022 09:21:27 GMT etag: "9ebddc2b260d081ebbefee47c037cb28" cache-control: public,max-age=3600 alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: 9ebddc2b260d081ebbefee47c037cb28 Sha1: 492bad62a7ca6a74738921ef5ae6f0be5edebf39 Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: contile.services.mozilla.com/v1/tiles FQDN: contile.services.mozilla.com IP: 34.117.237.239 HASH: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3 34.117.237.239 HTTP/2 200 OK content-type: application/json server: nginx date: Sun, 27 Nov 2022 15:36:47 GMT content-length: 12 strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6 Sha1: a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.3 HASH: b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6 142.250.74.3 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sun, 27 Nov 2022 15:36:47 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: 0ee1d1a60ec1770ec3e880a25c257f5d Sha1: 015b05feff63bdcf8fae4d1a8c0c83c923a2ca67 Sha256: b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6
GET /gtag/js?id=G-JV07ZMRWNH HTTP/1.1 Host: www.googletagmanager.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: http://190.14.39.165/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	URL: www.googletagmanager.com/gtag/js?id=G-JV07ZMRWNH FQDN: www.googletagmanager.com IP: 142.250.74.168 HASH: dea3c4914d42ad1f74608af7d7cd5ec7167fab53f4fd08f09bfe68abe92a8582 142.250.74.168 HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-headers: Cache-Control content-encoding: br vary: Accept-Encoding date: Sun, 27 Nov 2022 15:36:47 GMT expires: Sun, 27 Nov 2022 15:36:47 GMT cache-control: private, max-age=900 strict-transport-security: max-age=31536000; includeSubDomains cross-origin-resource-policy: cross-origin server: Google Tag Manager content-length: 75989 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" X-Firefox-Spdy: h2 --- Additional Info --- Magic: ASCII text, with very long lines (19102) Size: 75989 Md5: 209e39aa0ecdb70a05bf4a49279c2b00 Sha1: f9b734fc5d9c9f94ab13debcc34255bbc0c7828b Sha256: dea3c4914d42ad1f74608af7d7cd5ec7167fab53f4fd08f09bfe68abe92a8582
POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.pki.goog/gts1c3 FQDN: ocsp.pki.goog IP: 142.250.74.3 HASH: b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6 142.250.74.3 HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sun, 27 Nov 2022 15:36:47 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN --- Additional Info --- Magic: data Size: 472 Md5: 0ee1d1a60ec1770ec3e880a25c257f5d Sha1: 015b05feff63bdcf8fae4d1a8c0c83c923a2ca67 Sha256: b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6
GET /ruxitagentjs_ICA27SVfqrux_10221210805073954.js HTTP/1.1 Host: 190.14.39.165 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://190.14.39.165/	URL: 190.14.39.165/ruxitagentjs_ICA27SVfqrux_10221210805073954.js FQDN: 190.14.39.165 IP: 190.14.39.165 HASH: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 190.14.39.165 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Date: Sun, 27 Nov 2022 15:36:47 GMT Server: Apache Content-Length: 315 Keep-Alive: timeout=3, max=100 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 315 Md5: a34ac19f4afae63adc5d2f7bc970c07f Sha1: a82190fc530c265aa40a045c21770d967f4767b8 Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 Alerts: urlquery: - Phishing - Deniz Bank Blocklists: - openphish: Deniz Bank - fortinet: Phishing - quad9: Sinkholed
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: firefox.settings.services.mozilla.com/v1/buckets/main/c (...) FQDN: firefox.settings.services.mozilla.com IP: 34.102.187.140 HASH: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300 34.102.187.140 HTTP/2 200 OK content-type: application/json access-control-allow-origin: * access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 329 via: 1.1 google date: Sun, 27 Nov 2022 15:11:12 GMT cache-control: public,max-age=3600 age: 1535 last-modified: Fri, 25 Mar 2022 17:45:46 GMT etag: "1648230346554" alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size: 329 Md5: 0333b0655111aa68de771adfcc4db243 Sha1: 63f295a144ac87a7c8e23417626724eeca68a7eb Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /_assets/js/analytics.js HTTP/1.1 Host: 190.14.39.165 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://190.14.39.165/	URL: 190.14.39.165/_assets/js/analytics.js FQDN: 190.14.39.165 IP: 190.14.39.165 HASH: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 190.14.39.165 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Date: Sun, 27 Nov 2022 15:36:47 GMT Server: Apache Content-Length: 315 Keep-Alive: timeout=3, max=100 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 315 Md5: a34ac19f4afae63adc5d2f7bc970c07f Sha1: a82190fc530c265aa40a045c21770d967f4767b8 Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 Alerts: urlquery: - Phishing - Deniz Bank Blocklists: - openphish: Deniz Bank - fortinet: Phishing - quad9: Sinkholed
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: ocsp.digicert.com/ FQDN: ocsp.digicert.com IP: 93.184.220.29 HASH: 50870c499aae4d5dfd6df25a36cd04b6d185b66ef0590e46933984bf52e2483f 93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 1905 Cache-Control: max-age=151310 Date: Sun, 27 Nov 2022 15:36:47 GMT Etag: "638328ac-1d7" Expires: Tue, 29 Nov 2022 09:38:37 GMT Last-Modified: Sun, 27 Nov 2022 09:06:52 GMT Server: ECS (ska/F705) X-Cache: HIT Content-Length: 471 --- Additional Info --- Magic: data Size: 471 Md5: a6fee11dfe1b88cd768a0ca3e2bd0c89 Sha1: 59cec9a44a4a92467678afe65f347f68641a2174 Sha256: 50870c499aae4d5dfd6df25a36cd04b6d185b66ef0590e46933984bf52e2483f
GET / HTTP/1.1 Host: 190.14.39.165 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1	URL: 190.14.39.165/ FQDN: 190.14.39.165 IP: 190.14.39.165 HASH: 658006cacf24b1c85f48788362f7257eeb1daefb60f7638b78ad938314da6994 190.14.39.165 HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Date: Sun, 27 Nov 2022 15:36:46 GMT Server: Apache Keep-Alive: timeout=3, max=100 Connection: Keep-Alive Transfer-Encoding: chunked --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (54347) Size: 266562 Md5: e34f93013390b988675daea8accf807d Sha1: fad481ea58954d5ef5ec21daf20d845db2704ae8 Sha256: 658006cacf24b1c85f48788362f7257eeb1daefb60f7638b78ad938314da6994 Alerts: urlquery: - Phishing - Deniz Bank Blocklists: - openphish: Deniz Bank - fortinet: Phishing - quad9: Sinkholed
GET /polyfills.e7c27bf15bf48a72de71.js HTTP/1.1 Host: 190.14.39.165 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://190.14.39.165/ Cookie: _ga_JV07ZMRWNH=GS1.1.1669563407.1.0.1669563407.0.0.0; _ga=GA1.1.333022119.1669563407	URL: 190.14.39.165/polyfills.e7c27bf15bf48a72de71.js FQDN: 190.14.39.165 IP: 190.14.39.165 HASH: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 190.14.39.165 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Date: Sun, 27 Nov 2022 15:36:47 GMT Server: Apache Content-Length: 315 Keep-Alive: timeout=3, max=100 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 315 Md5: a34ac19f4afae63adc5d2f7bc970c07f Sha1: a82190fc530c265aa40a045c21770d967f4767b8 Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 Alerts: urlquery: - Phishing - Deniz Bank Blocklists: - openphish: Deniz Bank - fortinet: Phishing - quad9: Sinkholed
GET /scripts.e8b3c78207fa4f6d6f74.js HTTP/1.1 Host: 190.14.39.165 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://190.14.39.165/ Cookie: _ga_JV07ZMRWNH=GS1.1.1669563407.1.0.1669563407.0.0.0; _ga=GA1.1.333022119.1669563407	URL: 190.14.39.165/scripts.e8b3c78207fa4f6d6f74.js FQDN: 190.14.39.165 IP: 190.14.39.165 HASH: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 190.14.39.165 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Date: Sun, 27 Nov 2022 15:36:47 GMT Server: Apache Content-Length: 315 Keep-Alive: timeout=3, max=100 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 315 Md5: a34ac19f4afae63adc5d2f7bc970c07f Sha1: a82190fc530c265aa40a045c21770d967f4767b8 Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 Alerts: urlquery: - Phishing - Deniz Bank Blocklists: - openphish: Deniz Bank - fortinet: Phishing - quad9: Sinkholed
GET /vendor.67eb8a7592425af0ba81.js HTTP/1.1 Host: 190.14.39.165 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://190.14.39.165/ Cookie: _ga_JV07ZMRWNH=GS1.1.1669563407.1.0.1669563407.0.0.0; _ga=GA1.1.333022119.1669563407	URL: 190.14.39.165/vendor.67eb8a7592425af0ba81.js FQDN: 190.14.39.165 IP: 190.14.39.165 HASH: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 190.14.39.165 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Date: Sun, 27 Nov 2022 15:36:47 GMT Server: Apache Content-Length: 315 Keep-Alive: timeout=3, max=100 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 315 Md5: a34ac19f4afae63adc5d2f7bc970c07f Sha1: a82190fc530c265aa40a045c21770d967f4767b8 Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 Alerts: urlquery: - Phishing - Deniz Bank Blocklists: - openphish: Deniz Bank - fortinet: Phishing - quad9: Sinkholed
GET /main.c01c0c9a76089d1c0f34.js HTTP/1.1 Host: 190.14.39.165 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://190.14.39.165/ Cookie: _ga_JV07ZMRWNH=GS1.1.1669563407.1.0.1669563407.0.0.0; _ga=GA1.1.333022119.1669563407	URL: 190.14.39.165/main.c01c0c9a76089d1c0f34.js FQDN: 190.14.39.165 IP: 190.14.39.165 HASH: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 190.14.39.165 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Date: Sun, 27 Nov 2022 15:36:47 GMT Server: Apache Content-Length: 315 Keep-Alive: timeout=3, max=99 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 315 Md5: a34ac19f4afae63adc5d2f7bc970c07f Sha1: a82190fc530c265aa40a045c21770d967f4767b8 Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 Alerts: urlquery: - Phishing - Deniz Bank Blocklists: - openphish: Deniz Bank - fortinet: Phishing - quad9: Sinkholed
GET /runtime.c298608e9647c69cc550.js HTTP/1.1 Host: 190.14.39.165 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://190.14.39.165/ Cookie: _ga_JV07ZMRWNH=GS1.1.1669563407.1.0.1669563407.0.0.0; _ga=GA1.1.333022119.1669563407	URL: 190.14.39.165/runtime.c298608e9647c69cc550.js FQDN: 190.14.39.165 IP: 190.14.39.165 HASH: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 190.14.39.165 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Date: Sun, 27 Nov 2022 15:36:47 GMT Server: Apache Content-Length: 315 Keep-Alive: timeout=3, max=99 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 315 Md5: a34ac19f4afae63adc5d2f7bc970c07f Sha1: a82190fc530c265aa40a045c21770d967f4767b8 Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 Alerts: urlquery: - Phishing - Deniz Bank Blocklists: - openphish: Deniz Bank - fortinet: Phishing - quad9: Sinkholed
GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: N00kPq5XK47ByjK1w8LSng== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket	URL: push.services.mozilla.com/ FQDN: push.services.mozilla.com IP: 52.35.167.249 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 52.35.167.249 HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: eZ5ScSasgu6h8PCYVuGeJ6OfR4w= --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-JV07ZMRWNH&gtm=2oeb90&_p=1854075844&cid=333022119.1669563407&ul=en-us&sr=1280x1024&_s=1&sid=1669563407&sct=1&seg=0&dl=http%3A%2F%2F190.14.39.165%2F&dt=DenizBank%20%C4%B0nternet%20Bankac%C4%B1l%C4%B1%C4%9F%C4%B1&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1 Host: region1.google-analytics.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: http://190.14.39.165 Connection: keep-alive Referer: http://190.14.39.165/ Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Content-Length: 0	URL: region1.google-analytics.com/g/collect?v=2&tid=G-JV07ZM (...) FQDN: region1.google-analytics.com IP: 216.239.34.36 HASH: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 216.239.34.36 HTTP/2 204 No Content content-type: text/plain access-control-allow-origin: http://190.14.39.165 date: Sun, 27 Nov 2022 15:36:48 GMT pragma: no-cache expires: Fri, 01 Jan 1990 00:00:00 GMT cache-control: no-cache, no-store, must-revalidate access-control-allow-credentials: true cross-origin-resource-policy: cross-origin server: Golfe2 content-length: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" X-Firefox-Spdy: h2 --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /styles.14f38c16c3244b5492af.css HTTP/1.1 Host: 190.14.39.165 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://190.14.39.165/	URL: 190.14.39.165/styles.14f38c16c3244b5492af.css FQDN: 190.14.39.165 IP: 190.14.39.165 HASH: 0ab27addfe127020ce7b9a6a5e3b57a133915e23edbe0852cff7b511507e56ea 190.14.39.165 HTTP/1.1 200 OK Content-Type: text/css Date: Sun, 27 Nov 2022 15:36:47 GMT Server: Apache Last-Modified: Fri, 28 Oct 2022 17:57:05 GMT Accept-Ranges: bytes Content-Length: 590413 Keep-Alive: timeout=3, max=99 Connection: Keep-Alive --- Additional Info --- Magic: ASCII text, with very long lines (53193), with CRLF line terminators Size: 590413 Md5: e15084a5fa844a4667363a77dbba388a Sha1: c2fc998a4874ca1ed1f87bc32562270b3a4711d2 Sha256: 0ab27addfe127020ce7b9a6a5e3b57a133915e23edbe0852cff7b511507e56ea Alerts: urlquery: - Phishing - Deniz Bank Blocklists: - openphish: Deniz Bank - quad9: Sinkholed
GET /_assets/img/login/login-footer-logo.svg HTTP/1.1 Host: 190.14.39.165 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://190.14.39.165/ Cookie: _ga_JV07ZMRWNH=GS1.1.1669563407.1.0.1669563407.0.0.0; _ga=GA1.1.333022119.1669563407	URL: 190.14.39.165/_assets/img/login/login-footer-logo.svg FQDN: 190.14.39.165 IP: 190.14.39.165 HASH: 59c1a112d5d610c1399aa46d5b549c5aad1e4b283aaf785545e818d053f25378 190.14.39.165 HTTP/1.1 200 OK Content-Type: image/svg+xml Date: Sun, 27 Nov 2022 15:36:48 GMT Server: Apache Last-Modified: Fri, 28 Oct 2022 17:57:05 GMT Accept-Ranges: bytes Content-Length: 2239 Keep-Alive: timeout=3, max=98 Connection: Keep-Alive --- Additional Info --- Magic: SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1863), with CRLF line terminators Size: 2239 Md5: c0ddebba4f15d5e966e993727605c03d Sha1: df6ba82ac9022f0309037baa9dbf6fbcfaaca543 Sha256: 59c1a112d5d610c1399aa46d5b549c5aad1e4b283aaf785545e818d053f25378 Alerts: urlquery: - Phishing - Deniz Bank Blocklists: - openphish: Deniz Bank - fortinet: Phishing - quad9: Sinkholed
GET /sifre.png HTTP/1.1 Host: 190.14.39.165 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://190.14.39.165/	URL: 190.14.39.165/sifre.png FQDN: 190.14.39.165 IP: 190.14.39.165 HASH: 7ef622314ab427c8beae5b61a48b8e16710531e05406b135c0c5b4e8f1b22e17 190.14.39.165 HTTP/1.1 200 OK Content-Type: image/png Date: Sun, 27 Nov 2022 15:36:48 GMT Server: Apache Last-Modified: Fri, 28 Oct 2022 17:57:05 GMT Accept-Ranges: bytes Content-Length: 2496 Keep-Alive: timeout=3, max=98 Connection: Keep-Alive --- Additional Info --- Magic: JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 36x34, components 3\012- data Size: 2496 Md5: 116f84727996ddda2d71b3c85cf358ac Sha1: a90ef391e339ddafbe5ae9f1f3d7d8d5cbf4a4e8 Sha256: 7ef622314ab427c8beae5b61a48b8e16710531e05406b135c0c5b4e8f1b22e17 Alerts: urlquery: - Phishing - Deniz Bank Blocklists: - openphish: Deniz Bank - quad9: Sinkholed
GET /_assets/img/enbd.png HTTP/1.1 Host: 190.14.39.165 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://190.14.39.165/ Cookie: _ga_JV07ZMRWNH=GS1.1.1669563407.1.0.1669563407.0.0.0; _ga=GA1.1.333022119.1669563407	URL: 190.14.39.165/_assets/img/enbd.png FQDN: 190.14.39.165 IP: 190.14.39.165 HASH: 1b74331ad061c583ad54561f95596a8481b95d863a431fc4daf3a9ee7d151975 190.14.39.165 HTTP/1.1 200 OK Content-Type: image/png Date: Sun, 27 Nov 2022 15:36:48 GMT Server: Apache Last-Modified: Fri, 28 Oct 2022 17:57:05 GMT Accept-Ranges: bytes Content-Length: 3806 Keep-Alive: timeout=3, max=99 Connection: Keep-Alive --- Additional Info --- Magic: PNG image data, 186 x 72, 8-bit/color RGBA, non-interlaced\012- data Size: 3806 Md5: 58cf11a4b5f8ebdc29ec2e7b787c8d69 Sha1: cd2686b1f04cfa4afb69b228fd7177d65e907d32 Sha256: 1b74331ad061c583ad54561f95596a8481b95d863a431fc4daf3a9ee7d151975 Alerts: urlquery: - Phishing - Deniz Bank Blocklists: - openphish: Deniz Bank - quad9: Sinkholed
GET /user.png HTTP/1.1 Host: 190.14.39.165 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://190.14.39.165/	URL: 190.14.39.165/user.png FQDN: 190.14.39.165 IP: 190.14.39.165 HASH: 97090cea6a2bbb16d13fa490185bc7e25d41935e376d4edfee651c474f466309 190.14.39.165 HTTP/1.1 200 OK Content-Type: image/png Date: Sun, 27 Nov 2022 15:36:48 GMT Server: Apache Last-Modified: Fri, 28 Oct 2022 17:57:05 GMT Accept-Ranges: bytes Content-Length: 2255 Keep-Alive: timeout=3, max=99 Connection: Keep-Alive --- Additional Info --- Magic: JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 27x34, components 3\012- data Size: 2255 Md5: cc0a5532279fefa0f24e6c6a91442acc Sha1: 1a16230291c3c234087a39fa0314a71591f171fb Sha256: 97090cea6a2bbb16d13fa490185bc7e25d41935e376d4edfee651c474f466309 Alerts: urlquery: - Phishing - Deniz Bank Blocklists: - openphish: Deniz Bank - quad9: Sinkholed
GET /_assets/img/loading.gif HTTP/1.1 Host: 190.14.39.165 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://190.14.39.165/	URL: 190.14.39.165/_assets/img/loading.gif FQDN: 190.14.39.165 IP: 190.14.39.165 HASH: 4d54a976b6fa75c73ec219bf5ca96537d46c387c138842fe3d76be0d9e111e0a 190.14.39.165 HTTP/1.1 200 OK Content-Type: image/gif Date: Sun, 27 Nov 2022 15:36:48 GMT Server: Apache Last-Modified: Fri, 28 Oct 2022 17:57:05 GMT Accept-Ranges: bytes Content-Length: 37840 Keep-Alive: timeout=3, max=98 Connection: Keep-Alive --- Additional Info --- Magic: GIF image data, version 89a, 96 x 96\012- data Size: 37840 Md5: a5ac552d6a23421d7697f897729a2def Sha1: 836cb1e7a61967b762898a3ce32e64ca7713119c Sha256: 4d54a976b6fa75c73ec219bf5ca96537d46c387c138842fe3d76be0d9e111e0a Alerts: urlquery: - Phishing - Deniz Bank Blocklists: - openphish: Deniz Bank - quad9: Sinkholed
GET /assets/opensans-regular-webfont.a66a53e7f788b1ab7e41.woff2 HTTP/1.1 Host: 190.14.39.165 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Connection: keep-alive Referer: http://190.14.39.165/styles.14f38c16c3244b5492af.css Cookie: _ga_JV07ZMRWNH=GS1.1.1669563407.1.0.1669563407.0.0.0; _ga=GA1.1.333022119.1669563407	URL: 190.14.39.165/assets/opensans-regular-webfont.a66a53e7f (...) FQDN: 190.14.39.165 IP: 190.14.39.165 HASH: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 190.14.39.165 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Date: Sun, 27 Nov 2022 15:36:48 GMT Server: Apache Content-Length: 315 Keep-Alive: timeout=3, max=97 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 315 Md5: a34ac19f4afae63adc5d2f7bc970c07f Sha1: a82190fc530c265aa40a045c21770d967f4767b8 Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 Alerts: urlquery: - Phishing - Deniz Bank Blocklists: - openphish: Deniz Bank - fortinet: Phishing - quad9: Sinkholed
GET /assets/opensans-semibold-webfont.1045337df148fc781940.woff2 HTTP/1.1 Host: 190.14.39.165 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Connection: keep-alive Referer: http://190.14.39.165/styles.14f38c16c3244b5492af.css Cookie: _ga_JV07ZMRWNH=GS1.1.1669563407.1.0.1669563407.0.0.0; _ga=GA1.1.333022119.1669563407	URL: 190.14.39.165/assets/opensans-semibold-webfont.1045337d (...) FQDN: 190.14.39.165 IP: 190.14.39.165 HASH: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 190.14.39.165 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Date: Sun, 27 Nov 2022 15:36:48 GMT Server: Apache Content-Length: 315 Keep-Alive: timeout=3, max=97 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 315 Md5: a34ac19f4afae63adc5d2f7bc970c07f Sha1: a82190fc530c265aa40a045c21770d967f4767b8 Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 Alerts: urlquery: - Phishing - Deniz Bank Blocklists: - openphish: Deniz Bank - fortinet: Phishing - quad9: Sinkholed
GET /assets/icomoon.6ff42eccb86b1fcbfe3f.woff2?bezj20 HTTP/1.1 Host: 190.14.39.165 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Connection: keep-alive Referer: http://190.14.39.165/styles.14f38c16c3244b5492af.css Cookie: _ga_JV07ZMRWNH=GS1.1.1669563407.1.0.1669563407.0.0.0; _ga=GA1.1.333022119.1669563407	URL: 190.14.39.165/assets/icomoon.6ff42eccb86b1fcbfe3f.woff2 (...) FQDN: 190.14.39.165 IP: 190.14.39.165 HASH: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 190.14.39.165 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Date: Sun, 27 Nov 2022 15:36:48 GMT Server: Apache Content-Length: 315 Keep-Alive: timeout=3, max=98 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 315 Md5: a34ac19f4afae63adc5d2f7bc970c07f Sha1: a82190fc530c265aa40a045c21770d967f4767b8 Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 Alerts: urlquery: - Phishing - Deniz Bank Blocklists: - openphish: Deniz Bank - fortinet: Phishing - quad9: Sinkholed
GET /assets/opensans-bold-webfont.7b013a3110831768093f.woff2 HTTP/1.1 Host: 190.14.39.165 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Connection: keep-alive Referer: http://190.14.39.165/styles.14f38c16c3244b5492af.css Cookie: _ga_JV07ZMRWNH=GS1.1.1669563407.1.0.1669563407.0.0.0; _ga=GA1.1.333022119.1669563407	URL: 190.14.39.165/assets/opensans-bold-webfont.7b013a311083 (...) FQDN: 190.14.39.165 IP: 190.14.39.165 HASH: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 190.14.39.165 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Date: Sun, 27 Nov 2022 15:36:48 GMT Server: Apache Content-Length: 315 Keep-Alive: timeout=3, max=97 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 315 Md5: a34ac19f4afae63adc5d2f7bc970c07f Sha1: a82190fc530c265aa40a045c21770d967f4767b8 Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 Alerts: urlquery: - Phishing - Deniz Bank Blocklists: - openphish: Deniz Bank - fortinet: Phishing - quad9: Sinkholed
GET /assets/opensans-semibold-webfont.ba28aba0329c0fc0e825.woff HTTP/1.1 Host: 190.14.39.165 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Connection: keep-alive Referer: http://190.14.39.165/styles.14f38c16c3244b5492af.css Cookie: _ga_JV07ZMRWNH=GS1.1.1669563407.1.0.1669563407.0.0.0; _ga=GA1.1.333022119.1669563407	URL: 190.14.39.165/assets/opensans-semibold-webfont.ba28aba0 (...) FQDN: 190.14.39.165 IP: 190.14.39.165 HASH: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 190.14.39.165 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Date: Sun, 27 Nov 2022 15:36:48 GMT Server: Apache Content-Length: 315 Keep-Alive: timeout=3, max=96 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 315 Md5: a34ac19f4afae63adc5d2f7bc970c07f Sha1: a82190fc530c265aa40a045c21770d967f4767b8 Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 Alerts: urlquery: - Phishing - Deniz Bank Blocklists: - openphish: Deniz Bank - fortinet: Phishing - quad9: Sinkholed
GET /assets/icomoon.a16e09ed69c51903026e.ttf?bezj20 HTTP/1.1 Host: 190.14.39.165 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://190.14.39.165/styles.14f38c16c3244b5492af.css Cookie: _ga_JV07ZMRWNH=GS1.1.1669563407.1.0.1669563407.0.0.0; _ga=GA1.1.333022119.1669563407	URL: 190.14.39.165/assets/icomoon.a16e09ed69c51903026e.ttf?bezj20 FQDN: 190.14.39.165 IP: 190.14.39.165 HASH: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 190.14.39.165 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Date: Sun, 27 Nov 2022 15:36:48 GMT Server: Apache Content-Length: 315 Keep-Alive: timeout=3, max=97 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 315 Md5: a34ac19f4afae63adc5d2f7bc970c07f Sha1: a82190fc530c265aa40a045c21770d967f4767b8 Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 Alerts: urlquery: - Phishing - Deniz Bank Blocklists: - quad9: Sinkholed
GET /assets/opensans-regular-webfont.d389759376bc2ac55ee9.woff HTTP/1.1 Host: 190.14.39.165 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Connection: keep-alive Referer: http://190.14.39.165/styles.14f38c16c3244b5492af.css Cookie: _ga_JV07ZMRWNH=GS1.1.1669563407.1.0.1669563407.0.0.0; _ga=GA1.1.333022119.1669563407	URL: 190.14.39.165/assets/opensans-regular-webfont.d38975937 (...) FQDN: 190.14.39.165 IP: 190.14.39.165 HASH: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 190.14.39.165 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Date: Sun, 27 Nov 2022 15:36:48 GMT Server: Apache Content-Length: 315 Keep-Alive: timeout=3, max=96 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 315 Md5: a34ac19f4afae63adc5d2f7bc970c07f Sha1: a82190fc530c265aa40a045c21770d967f4767b8 Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 Alerts: urlquery: - Phishing - Deniz Bank Blocklists: - openphish: Deniz Bank - fortinet: Phishing - quad9: Sinkholed
GET /assets/opensans-bold-webfont.c04f02eb3292e49d2d4e.woff HTTP/1.1 Host: 190.14.39.165 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Connection: keep-alive Referer: http://190.14.39.165/styles.14f38c16c3244b5492af.css Cookie: _ga_JV07ZMRWNH=GS1.1.1669563407.1.0.1669563407.0.0.0; _ga=GA1.1.333022119.1669563407	URL: 190.14.39.165/assets/opensans-bold-webfont.c04f02eb3292 (...) FQDN: 190.14.39.165 IP: 190.14.39.165 HASH: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 190.14.39.165 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Date: Sun, 27 Nov 2022 15:36:49 GMT Server: Apache Content-Length: 315 Keep-Alive: timeout=3, max=96 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 315 Md5: a34ac19f4afae63adc5d2f7bc970c07f Sha1: a82190fc530c265aa40a045c21770d967f4767b8 Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 Alerts: urlquery: - Phishing - Deniz Bank Blocklists: - openphish: Deniz Bank - fortinet: Phishing - quad9: Sinkholed
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	URL: r3.o.lencr.org/ FQDN: r3.o.lencr.org IP: 23.36.76.226 HASH: bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb 23.36.76.226 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB" Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=19224 Expires: Sun, 27 Nov 2022 20:57:13 GMT Date: Sun, 27 Nov 2022 15:36:49 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: aebda342a81ad83f60d2523f54ccda67 Sha1: e590d9326e4a283e0929a8ffccb13cc4308af0e6 Sha256: bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 4803 x-amzn-requestid: 80f7f1c8-0316-4181-83ac-2787b1ae825f x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cOo4iFHoIAMF2-g= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63828836-2c0a081b07e0785b4350c10c;Sampled=0 x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: AVwDLlKoy5pc9NNuR_OakMB0ONGAoO-k2AKwV--b2sjiaqYSKAWlZg== via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google date: Sat, 26 Nov 2022 21:51:37 GMT age: 63912 etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 4803 Md5: cc0a257323f882caff067adb86d906e4 Sha1: cedf2f21be7cd366bd46055b62b5513db3011dfc Sha256: c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa57bc6cf-beaa-443b-9756-cf26e4fe3767.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 7b2d2e302faba8f273b51031fa48b444cb7839733b90e8c9d077ca63637320d8 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 6954 x-amzn-requestid: 94a02687-72f2-4796-a7ea-d3f28b412566 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: b1jHpGBVIAMFsSg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63787efd-22666b18283ae59b1348bf47;Sampled=0 x-amzn-remapped-date: Sat, 19 Nov 2022 07:00:13 GMT x-amz-cf-pop: SEA19-C3 x-cache: Hit from cloudfront x-amz-cf-id: feZayJeKq9jWHQ-rjutNr6buIjLVeIdY0A_ZeGo6NKgoQ6BBT3XQaw== via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 0906d4887f6625f4a4467d8d4fd268d2.cloudfront.net (CloudFront), 1.1 google date: Sun, 27 Nov 2022 08:55:33 GMT age: 24076 etag: "4b4a8c8e8aeccfff25d2748720dcef8fed287126" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 6954 Md5: 2212cf75f99dc67fd45db47f7101d754 Sha1: 4b4a8c8e8aeccfff25d2748720dcef8fed287126 Sha256: 7b2d2e302faba8f273b51031fa48b444cb7839733b90e8c9d077ca63637320d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: bad283c15531000b7a8c126d442154b64a880cc26196a46cbd2e6266a526db67 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 10199 x-amzn-requestid: baee3bbe-7ded-425a-ae39-fccfc8169217 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cOo4iF1VIAMF09g= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63828836-5522727b2f09b27e63b23270;Sampled=0 x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: CXOqm7bjsSV0aJBTkTI7LsMovjgPeISPt3sZotEc7CjZnUL_y4_OoQ== via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google date: Sat, 26 Nov 2022 21:51:41 GMT age: 63908 etag: "ae8aa4ce6ddaccba771fe65446926b60fc5628da" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 10199 Md5: 2cd887044e91d7ed0f1a8d7119ff7dd0 Sha1: ae8aa4ce6ddaccba771fe65446926b60fc5628da Sha256: bad283c15531000b7a8c126d442154b64a880cc26196a46cbd2e6266a526db67
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8197b890-dd48-403d-9c61-3406a67e2578.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 702a09de59300336419371adafae4185f7ad8bca43dc4e633f748f68feb967c3 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 3669 x-amzn-requestid: fb21f001-d5dd-42fa-82ee-0e268f309abf x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cIpZEE_iIAMF2rw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-638022a0-31cae26d5588655f49fa75a6;Sampled=0 x-amzn-remapped-date: Fri, 25 Nov 2022 02:04:16 GMT x-amz-cf-pop: SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: D9yABEpSQcrZMrQYeT5qOQcm4g4-1KhtVzfMqS54xJ-8LtxEx6Adtg== via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google date: Sun, 27 Nov 2022 14:49:40 GMT age: 2829 etag: "767a6fef172a54d7659417d9cb809d955d130562" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 3669 Md5: 48713d6090df316bed8ab2b1e6698d70 Sha1: 767a6fef172a54d7659417d9cb809d955d130562 Sha256: 702a09de59300336419371adafae4185f7ad8bca43dc4e633f748f68feb967c3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34752db1-0be8-4784-9fa0-41e828e40e06.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 05f1f9b7834e7268dc34e3233434217f58cb68ee43a403cd08d0bb0ab4f37815 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 13049 x-amzn-requestid: 2755f206-af23-4597-b4b9-7dae5001d6be x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cBsvpHDJoAMFhFQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-637d5b30-600008f573bd7e0024585eb1;Sampled=0 x-amzn-remapped-date: Tue, 22 Nov 2022 23:28:48 GMT x-amz-cf-pop: SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: MA_O50Lu6RRAFJpzXmVXhkxvYazdX5Lhk2Qa5k9fYUhBta-IWpVT1g== via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google date: Sun, 27 Nov 2022 01:46:48 GMT age: 49801 etag: "3b0ec6a7188dadf986f72fda8110296d9abd6f35" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 13049 Md5: 1db6041a0bdb2319ae85afcc30caaeec Sha1: 3b0ec6a7188dadf986f72fda8110296d9abd6f35 Sha256: 05f1f9b7834e7268dc34e3233434217f58cb68ee43a403cd08d0bb0ab4f37815
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F15290721-a62e-49b8-80c6-967680cff24f.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	URL: img-getpocket.cdn.mozilla.net/296x148/filters:format(jp (...) FQDN: img-getpocket.cdn.mozilla.net IP: 34.120.237.76 HASH: 4224287ba765da59c877ac4f1dec65accc5bec934b7598d9cbbee669ba4ab12e 34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 6883 x-amzn-requestid: 9e3878c9-1817-427e-b121-969a8cbc7ad8 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cL1ySF0tIAMFY4Q= x-content-type-options: nosniff x-amzn-trace-id: Root=1-638169a8-5143ffea77b70cf67ef60ad7;Sampled=0 x-amzn-remapped-date: Sat, 26 Nov 2022 01:19:36 GMT x-amz-cf-pop: SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: GT3Futv4Ztnl2Og2TQFk5311m92Mv_jfvkIZYJXpjJMdkxSB6MI06g== via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google date: Sun, 27 Nov 2022 06:42:16 GMT age: 32073 etag: "590c34be54c9889eec4ff7993e070fda836f711f" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 6883 Md5: f7f16c0f8a8e710210ce77c0e4c1c2a2 Sha1: 590c34be54c9889eec4ff7993e070fda836f711f Sha256: 4224287ba765da59c877ac4f1dec65accc5bec934b7598d9cbbee669ba4ab12e
GET /assets/icomoon.0014b4e7989bbfeaaef5.woff?bezj20 HTTP/1.1 Host: 190.14.39.165 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Connection: keep-alive Referer: http://190.14.39.165/styles.14f38c16c3244b5492af.css Cookie: _ga_JV07ZMRWNH=GS1.1.1669563407.1.0.1669563407.0.0.0; _ga=GA1.1.333022119.1669563407	URL: 190.14.39.165/assets/icomoon.0014b4e7989bbfeaaef5.woff? (...) FQDN: 190.14.39.165 IP: 190.14.39.165 HASH: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 190.14.39.165 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Date: Sun, 27 Nov 2022 15:36:49 GMT Server: Apache Content-Length: 315 Keep-Alive: timeout=3, max=96 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 315 Md5: a34ac19f4afae63adc5d2f7bc970c07f Sha1: a82190fc530c265aa40a045c21770d967f4767b8 Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 Alerts: urlquery: - Phishing - Deniz Bank Blocklists: - openphish: Deniz Bank - fortinet: Phishing - quad9: Sinkholed
GET /_assets/img/logo-light.svg HTTP/1.1 Host: 190.14.39.165 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://190.14.39.165/	URL: 190.14.39.165/_assets/img/logo-light.svg FQDN: 190.14.39.165 IP: 190.14.39.165 HASH: 3da913d79fff46cfe4d58d56e141cfcb31865606284507f7a530db69394330fb 190.14.39.165 HTTP/1.1 200 OK Content-Type: image/svg+xml Date: Sun, 27 Nov 2022 15:36:48 GMT Server: Apache Last-Modified: Fri, 28 Oct 2022 17:57:05 GMT Accept-Ranges: bytes Content-Length: 180545 Keep-Alive: timeout=3, max=99 Connection: Keep-Alive --- Additional Info --- Magic: SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1718), with CRLF line terminators Size: 180545 Md5: 3140e053e7a3dde67e7b2c81b23771d2 Sha1: 5d0558f8da94ace88a622c70b8857bde38d7ba12 Sha256: 3da913d79fff46cfe4d58d56e141cfcb31865606284507f7a530db69394330fb Alerts: urlquery: - Phishing - Deniz Bank Blocklists: - openphish: Deniz Bank - fortinet: Phishing - quad9: Sinkholed
GET /_assets/img/login/bg/autumn.jpg HTTP/1.1 Host: 190.14.39.165 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://190.14.39.165/ Cookie: _ga_JV07ZMRWNH=GS1.1.1669563407.1.0.1669563407.0.0.0; _ga=GA1.1.333022119.1669563407	URL: 190.14.39.165/_assets/img/login/bg/autumn.jpg FQDN: 190.14.39.165 IP: 190.14.39.165 HASH: f7278ca494d765eab007679ace9914b237327326d7cd2840660dc8140a8b5542 190.14.39.165 HTTP/1.1 200 OK Content-Type: image/jpeg Date: Sun, 27 Nov 2022 15:36:48 GMT Server: Apache Last-Modified: Fri, 28 Oct 2022 17:57:05 GMT Accept-Ranges: bytes Content-Length: 387821 Keep-Alive: timeout=3, max=98 Connection: Keep-Alive --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2560x1701, components 3\012- data Size: 387821 Md5: 90062fd1b816f53d1f7ddddf1b2d15c4 Sha1: a0407ae398c54b47de374b9813c8be17ec82bb40 Sha256: f7278ca494d765eab007679ace9914b237327326d7cd2840660dc8140a8b5542 Alerts: urlquery: - Phishing - Deniz Bank Blocklists: - openphish: Deniz Bank - quad9: Sinkholed
GET /_assets/img/appicon.png HTTP/1.1 Host: 190.14.39.165 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://190.14.39.165/ Cookie: _ga_JV07ZMRWNH=GS1.1.1669563407.1.0.1669563407.0.0.0; _ga=GA1.1.333022119.1669563407	URL: 190.14.39.165/_assets/img/appicon.png FQDN: 190.14.39.165 IP: 190.14.39.165 HASH: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 190.14.39.165 HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Date: Sun, 27 Nov 2022 15:36:49 GMT Server: Apache Content-Length: 315 Keep-Alive: timeout=3, max=95 Connection: Keep-Alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size: 315 Md5: a34ac19f4afae63adc5d2f7bc970c07f Sha1: a82190fc530c265aa40a045c21770d967f4767b8 Sha256: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 Alerts: urlquery: - Phishing - Deniz Bank Blocklists: - openphish: Deniz Bank - quad9: Sinkholed

URL	190.14.39.165/
IP	190.14.39.165 (Panama)
ASN	#52469 Offshore Racks S.A
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed	2022-11-27 15:36:58 UTC
Status	Loading report..
IDS alerts	0
Blocklist alert	69
urlquery alerts	28 Phishing - Deniz Bank Phishing - Deniz Bank
Tags	None

Overview

Domain Summary (11)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 190.14.39.165

Last 5 reports on ASN: Offshore Racks S.A

Last 4 reports on domain: 190.14.39.165

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (3)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (46)

Overview

Domain Summary (11)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 190.14.39.165

Last 5 reports on ASN: Offshore Racks S.A

Last 4 reports on domain: 190.14.39.165

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (3)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (46)

Network Intrusion Detection Systems