urlquery - report: srv182820.hoster-test.ru/secure/9b7968cf7575c46158c4c76b202ee97c/login

Fully Qualifying Domain Name	Rank	First Seen	Last Seen	Sent bytes	Received bytes	IP
img-getpocket.cdn.mozilla.net (7)	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3801	65439	34.120.237.76
cssjas.blogspot.com (1)	0	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	304	417	142.250.74.161
r3.o.lencr.org (6)	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2028	5321	23.36.77.32
ocsp.digicert.com (2)	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682	1592	93.184.220.29
push.services.mozilla.com (1)	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606	127	52.42.74.230
contile.services.mozilla.com (1)	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333	229	34.117.237.239
srv182820.hoster-test.ru (14)	0	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5813	897312	31.28.24.115
firefox.settings.services.mozilla.com (2)	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782	2373	34.102.187.140
content-signature-2.cdn.mozilla.net (1)	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413	5856	34.160.144.191

Scan Date	Severity	Indicator	Comment
2022-11-27	medium	srv182820.hoster-test.ru/secure/9b7968cf7575c46158c4c76b202ee97c/login	Netflix Inc.

Scan Date	Severity	Indicator	Comment
2022-11-28	medium	srv182820.hoster-test.ru/secure/9b7968cf7575c46158c4c76b202ee97c/login	Malware
2022-11-28	medium	srv182820.hoster-test.ru/secure/9b7968cf7575c46158c4c76b202ee97c/style/js/s (...)	Malware
2022-11-28	medium	srv182820.hoster-test.ru/secure/9b7968cf7575c46158c4c76b202ee97c/style/js/j (...)	Malware
2022-11-28	medium	srv182820.hoster-test.ru/secure/9b7968cf7575c46158c4c76b202ee97c/style/js/j (...)	Malware
2022-11-28	medium	srv182820.hoster-test.ru/secure/9b7968cf7575c46158c4c76b202ee97c/style/js/a (...)	Malware
2022-11-28	medium	srv182820.hoster-test.ru/secure/9b7968cf7575c46158c4c76b202ee97c/style/js/j (...)	Malware
2022-11-28	medium	srv182820.hoster-test.ru/secure/9b7968cf7575c46158c4c76b202ee97c/style/css/ (...)	Malware
2022-11-28	medium	srv182820.hoster-test.ru/secure/9b7968cf7575c46158c4c76b202ee97c/style/css/ (...)	Malware
2022-11-28	medium	cssjas.blogspot.com/	Phishing

Scan Date	Severity	Indicator	Comment
2022-11-28	medium	hoster-test.ru	Sinkholed
2022-11-28	medium	hoster-test.ru	Sinkholed
2022-11-28	medium	hoster-test.ru	Sinkholed
2022-11-28	medium	hoster-test.ru	Sinkholed
2022-11-28	medium	hoster-test.ru	Sinkholed
2022-11-28	medium	hoster-test.ru	Sinkholed
2022-11-28	medium	hoster-test.ru	Sinkholed
2022-11-28	medium	hoster-test.ru	Sinkholed
2022-11-28	medium	hoster-test.ru	Sinkholed
2022-11-28	medium	hoster-test.ru	Sinkholed
2022-11-28	medium	hoster-test.ru	Sinkholed
2022-11-28	medium	hoster-test.ru	Sinkholed
2022-11-28	medium	hoster-test.ru	Sinkholed
2022-11-28	medium	hoster-test.ru	Sinkholed

Date	UQ / IDS / BL	URL	IP
2023-05-25 12:27:26 UTC	0 - 0 - 1	srv190973.hoster-test.ru/spain/pay.php	31.28.24.115
2023-05-21 23:26:35 UTC	0 - 0 - 5	vzm-city.ru/	31.28.24.115
2023-05-19 08:56:19 UTC	0 - 0 - 5	voteinstagram.ru/	31.28.24.115
2023-05-17 07:02:08 UTC	0 - 0 - 0	srv190470.hoster-test.ru	31.28.24.115
2023-05-08 15:36:49 UTC	0 - 0 - 1	srv190217.hoster-test.ru/POSTALE/POSTALE/DSP2 (...)	31.28.24.115

Date	UQ / IDS / BL	URL	IP
2023-05-25 12:27:26 UTC	0 - 0 - 1	srv190973.hoster-test.ru/spain/pay.php	31.28.24.115
2023-05-22 07:53:29 UTC	0 - 52 - 0	www.kizik.ru/	31.28.24.113
2023-05-21 23:26:35 UTC	0 - 0 - 5	vzm-city.ru/	31.28.24.115
2023-05-19 08:56:19 UTC	0 - 0 - 5	voteinstagram.ru/	31.28.24.115
2023-05-18 00:23:11 UTC	0 - 9 - 0	worldoftanks1.ru/1/tankionline2013.zip.zip	83.69.230.5

Date	UQ / IDS / BL	URL	IP
2023-05-25 12:27:26 UTC	0 - 0 - 1	srv190973.hoster-test.ru/spain/pay.php	31.28.24.115
2023-05-17 07:02:08 UTC	0 - 0 - 0	srv190470.hoster-test.ru	31.28.24.115
2023-05-08 15:36:49 UTC	0 - 0 - 1	srv190217.hoster-test.ru/POSTALE/POSTALE/DSP2 (...)	31.28.24.115
2023-04-29 10:52:46 UTC	0 - 0 - 2	srv189454.hoster-test.ru/sar/clients/cc.php	31.28.24.115
2023-04-28 15:37:01 UTC	0 - 0 - 1	srv189647.hoster-test.ru/Correos/pay.php	31.28.24.115

Date	UQ / IDS / BL	URL	IP
2023-04-01 18:46:17 UTC	13 - 0 - 0	djkoveck.com/FS/	82.163.176.111
2023-04-01 18:38:11 UTC	13 - 0 - 0	netfiix-com.bandadeolula.es/FS/N/login	178.128.46.14
2023-03-31 08:09:42 UTC	17 - 0 - 17	app.techguyswa.com.au/	178.128.46.14
2023-03-31 08:08:29 UTC	9 - 0 - 11	netfiix-com.sitand.be/FS/N/login	178.128.46.14
2023-03-28 12:36:12 UTC	27 - 0 - 0	inmacol.mitiendaonline.com/wadozi/NOSNITCH/lo (...)	200.61.190.119

HTTP Transactions (35)

Request	Response
GET /secure/9b7968cf7575c46158c4c76b202ee97c/login HTTP/1.1 Host: srv182820.hoster-test.ru User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1	31.28.24.115 HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Date: Mon, 28 Nov 2022 11:29:36 GMT Server: Apache/2.2.15 (CentOS) X-Powered-By: PHP/8.1.11 X-Cache: MISS from t0.hoster.ru X-Cache-Lookup: MISS from t0.hoster.ru:6666 Transfer-Encoding: chunked Connection: keep-alive --- Additional Info --- Magic: HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1157), with CRLF line terminators Size: 12716 Md5: 5bcfd5700a4afa519c44073b1b4146e0 Sha1: 30d2796b514195d216e1360a9d785e91e268a16b Sha256: ad9f252a1be7f100a42170488e9a1ee8c4d9b7513f3fd63a27ebeba9334d4225 urlquery: - Phishing - Netflix Blocklists: - openphish: Netflix Inc. - fortinet: Malware - quad9: Sinkholed
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1" Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3183 Expires: Mon, 28 Nov 2022 12:22:40 GMT Date: Mon, 28 Nov 2022 11:29:37 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: cdbad2434b7d127a4fc769807a9dc3e7 Sha1: fa98cd9fc2309ab4423f33f683d17bdb17d76713 Sha256: 560cbbb751ab2884024da3b93fba6bc45c6434797dba72a98c05e7fc2bb94bc1
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 3835 Cache-Control: max-age=86731 Date: Mon, 28 Nov 2022 11:29:37 GMT Etag: "63833c71-1d7" Expires: Tue, 29 Nov 2022 11:35:08 GMT Last-Modified: Sun, 27 Nov 2022 10:31:13 GMT Server: ECS (ska/F710) X-Cache: HIT Content-Length: 471 --- Additional Info --- Magic: data Size: 471 Md5: 64b2a23eab6e5ae8c010ec7242be930c Sha1: 0673e4385ba01a5a245711bab96cafc34f765793 Sha256: 64751d193f7af72431e9689581faffcae1a30ff50ea425697b2b80ff61c87909
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "4FD46B0B6A2EA24F5CE175985A3933C04B4C01BD3E32BEE2E50A61A65EEF7AF4" Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=18637 Expires: Mon, 28 Nov 2022 16:40:14 GMT Date: Mon, 28 Nov 2022 11:29:37 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: 3b56944f0e5716fd4fad2ec18994d4be Sha1: 61cafa4de31ba960d1145ec37272f6f6b6944e0c Sha256: 4fd46b0b6a2ea24f5ce175985a3933c04b4c01bd3e32bee2e50a61a65eef7af4
GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.102.187.140 HTTP/2 200 OK content-type: application/json access-control-allow-origin: * access-control-expose-headers: Backoff, Alert, Content-Type, Retry-After, Content-Length content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 939 via: 1.1 google date: Mon, 28 Nov 2022 11:17:46 GMT cache-control: public,max-age=3600 age: 711 alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size: 939 Md5: d130218d0e2841f39c99610fe1a2ab90 Sha1: 29fbe1e177ee55c7a61ae0a206afff271cf5f945 Sha256: 6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site	34.160.144.191 HTTP/2 200 OK content-type: binary/octet-stream x-amz-id-2: Cdayaobt4m0A3/j7ElR6z54OdmMq1jgkiTaNkPsqMNl1XN+3qCBsH8FQhCrjy6biylE5apVYcKCt6sHnqygGRw== x-amz-request-id: XNY3BW83856P7K62 content-disposition: attachment accept-ranges: bytes server: AmazonS3 content-length: 5348 via: 1.1 google date: Mon, 28 Nov 2022 10:45:00 GMT age: 2677 last-modified: Thu, 10 Nov 2022 09:21:27 GMT etag: "9ebddc2b260d081ebbefee47c037cb28" cache-control: public,max-age=3600 alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: PEM certificate\012- , ASCII text Size: 5348 Md5: 9ebddc2b260d081ebbefee47c037cb28 Sha1: 492bad62a7ca6a74738921ef5ae6f0be5edebf39 Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /secure/9b7968cf7575c46158c4c76b202ee97c/style/css/stylef.css HTTP/1.1 Host: srv182820.hoster-test.ru User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://srv182820.hoster-test.ru/secure/9b7968cf7575c46158c4c76b202ee97c/login	31.28.24.115 HTTP/1.1 200 OK Content-Type: text/css Date: Mon, 28 Nov 2022 11:26:50 GMT Server: Apache/2.2.15 (CentOS) Last-Modified: Sun, 27 Nov 2022 12:27:32 GMT ETag: "52d12d-1e21-5ee72e101287c" Accept-Ranges: bytes Content-Length: 7713 Age: 167 X-Cache: HIT from t0.hoster.ru X-Cache-Lookup: HIT from t0.hoster.ru:6666 Connection: keep-alive --- Additional Info --- Magic: ASCII text, with very long lines (3781), with CRLF line terminators Size: 7713 Md5: a16f674258d582f1531f6c7a6580d314 Sha1: ff6b2fb62087658eac8a37132285f063e5a691d1 Sha256: e6e36b94a38bf3995b9876e1976db2cb85afee4cac4d1361035bf500aa455e21 urlquery: - Phishing - Netflix Blocklists: - quad9: Sinkholed
GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.117.237.239 HTTP/2 200 OK content-type: application/json server: nginx date: Mon, 28 Nov 2022 11:29:37 GMT content-length: 12 strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with no line terminators Size: 12 Md5: 23e88fb7b99543fb33315b29b1fad9d6 Sha1: a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /secure/9b7968cf7575c46158c4c76b202ee97c/style/js/style.js HTTP/1.1 Host: srv182820.hoster-test.ru User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://srv182820.hoster-test.ru/secure/9b7968cf7575c46158c4c76b202ee97c/login	31.28.24.115 HTTP/1.1 200 OK Content-Type: text/javascript Date: Mon, 28 Nov 2022 11:27:02 GMT Server: Apache/2.2.15 (CentOS) Last-Modified: Sun, 27 Nov 2022 12:27:32 GMT ETag: "52d13d-8bf-5ee72e101304c" Accept-Ranges: bytes Content-Length: 2239 Age: 155 X-Cache: HIT from t0.hoster.ru X-Cache-Lookup: HIT from t0.hoster.ru:6666 Connection: keep-alive --- Additional Info --- Magic: ASCII text, with CRLF line terminators Size: 2239 Md5: 898f19a99389c21b45afaa5cbc50ebbe Sha1: 6dd2957947201f36f3a50cad3bda18874d2508d7 Sha256: f050012b033cb391112b37757113c73ff09884815ff73ce45592ee309ce87b3f urlquery: - Phishing - Netflix Blocklists: - fortinet: Malware - quad9: Sinkholed
GET /secure/9b7968cf7575c46158c4c76b202ee97c/style/js/jquery.mask.js HTTP/1.1 Host: srv182820.hoster-test.ru User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://srv182820.hoster-test.ru/secure/9b7968cf7575c46158c4c76b202ee97c/login	31.28.24.115 HTTP/1.1 200 OK Content-Type: text/javascript Date: Mon, 28 Nov 2022 11:27:00 GMT Server: Apache/2.2.15 (CentOS) Last-Modified: Sun, 27 Nov 2022 12:27:32 GMT ETag: "52d141-47fe-5ee72e1013434" Accept-Ranges: bytes Content-Length: 18430 Age: 157 X-Cache: HIT from t0.hoster.ru X-Cache-Lookup: HIT from t0.hoster.ru:6666 Connection: keep-alive --- Additional Info --- Magic: ASCII text Size: 18430 Md5: 219d169a80568884a3d6baab3e5e7def Sha1: 61d00104de8c972c820cd9b527d8e2edb30e5c4a Sha256: cf1f0d954cbbbcb32d170b1ff68c5b082a1086f34f2bbee825ca88b7c9fb213a urlquery: - Phishing - Netflix Blocklists: - fortinet: Malware - quad9: Sinkholed
GET /secure/9b7968cf7575c46158c4c76b202ee97c/style/js/jquery.validate.min.js HTTP/1.1 Host: srv182820.hoster-test.ru User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://srv182820.hoster-test.ru/secure/9b7968cf7575c46158c4c76b202ee97c/login	31.28.24.115 HTTP/1.1 200 OK Content-Type: text/javascript Date: Mon, 28 Nov 2022 11:26:58 GMT Server: Apache/2.2.15 (CentOS) Last-Modified: Sun, 27 Nov 2022 12:27:32 GMT ETag: "52d142-c3fa-5ee72e1013434" Accept-Ranges: bytes Content-Length: 50170 Age: 159 X-Cache: HIT from t0.hoster.ru X-Cache-Lookup: HIT from t0.hoster.ru:6666 Connection: keep-alive --- Additional Info --- Magic: Unicode text, UTF-8 text, with very long lines (511), with CRLF line terminators Size: 50170 Md5: d5629cbf42e106909b5113e08df03ce1 Sha1: d3094a0e83e7189eefc2ac0af6299b27db141eae Sha256: 4722cc6e6ae20ebfa5b2101b4424df64b9db793fc22061f4b3ddcdc5bf6a4c63 urlquery: - Phishing - Netflix Blocklists: - fortinet: Malware - quad9: Sinkholed
GET /secure/9b7968cf7575c46158c4c76b202ee97c/style/js/angular.min.js HTTP/1.1 Host: srv182820.hoster-test.ru User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://srv182820.hoster-test.ru/secure/9b7968cf7575c46158c4c76b202ee97c/login	31.28.24.115 HTTP/1.1 200 OK Content-Type: text/javascript Date: Mon, 28 Nov 2022 11:29:37 GMT Server: Apache/2.2.15 (CentOS) Last-Modified: Sun, 27 Nov 2022 12:27:32 GMT ETag: "52d13e-28cdb-5ee72e101304c" Accept-Ranges: bytes Content-Length: 167131 X-Cache: MISS from t0.hoster.ru X-Cache-Lookup: MISS from t0.hoster.ru:6666 Connection: keep-alive --- Additional Info --- Magic: ASCII text, with very long lines (566) Size: 167131 Md5: be6af23e2a716c006da75d0291784254 Sha1: 9c923313eabc56d715a7c07bf855feb26a72f671 Sha256: 8c50aa8567731858e81bcfd2027718d9a7c8fd7bf54cf496499adbf5da5741b9 urlquery: - Phishing - Netflix Blocklists: - fortinet: Malware - quad9: Sinkholed
GET /secure/9b7968cf7575c46158c4c76b202ee97c/style/css/nonechaditk.css HTTP/1.1 Host: srv182820.hoster-test.ru User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://srv182820.hoster-test.ru/secure/9b7968cf7575c46158c4c76b202ee97c/login	31.28.24.115 HTTP/1.1 200 OK Content-Type: text/css Date: Mon, 28 Nov 2022 11:29:37 GMT Server: Apache/2.2.15 (CentOS) Last-Modified: Sun, 27 Nov 2022 12:27:32 GMT ETag: "52d131-1ec23-5ee72e101287c" Accept-Ranges: bytes Content-Length: 125987 X-Cache: MISS from t0.hoster.ru X-Cache-Lookup: MISS from t0.hoster.ru:6666 Connection: keep-alive --- Additional Info --- Magic: ASCII text, with very long lines (65536), with no line terminators Size: 125987 Md5: 7d3d35b429405a36ecbce5c88966d875 Sha1: 651d66bd4a49be818640b0138cb03dcfef9dddc0 Sha256: a7aaba567a989c0a456f9ff8934a87c98877d4396c27aaa0e29b2bf3e62bba70 urlquery: - Phishing - Netflix Blocklists: - quad9: Sinkholed
GET /secure/9b7968cf7575c46158c4c76b202ee97c/style/js/jquery.min.js HTTP/1.1 Host: srv182820.hoster-test.ru User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://srv182820.hoster-test.ru/secure/9b7968cf7575c46158c4c76b202ee97c/login	31.28.24.115 HTTP/1.1 200 OK Content-Type: text/javascript Date: Mon, 28 Nov 2022 11:29:37 GMT Server: Apache/2.2.15 (CentOS) Last-Modified: Sun, 27 Nov 2022 12:27:32 GMT ETag: "52d13f-478d0-5ee72e101304c" Accept-Ranges: bytes Content-Length: 293072 X-Cache: MISS from t0.hoster.ru X-Cache-Lookup: MISS from t0.hoster.ru:6666 Connection: keep-alive --- Additional Info --- Magic: ASCII text, with CRLF line terminators Size: 293072 Md5: 796b7948cbe79d3498e76e395bff5a2b Sha1: e620c80f65fbcb252e91f12c8d7d36d3dc5b57e4 Sha256: 692d421d5c163409a5918e802f507abbaa6bec90baa454c5252977a5b3b7ff0d urlquery: - Phishing - Netflix Blocklists: - fortinet: Malware - quad9: Sinkholed
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.102.187.140 HTTP/2 200 OK content-type: application/json access-control-allow-origin: * access-control-expose-headers: ETag, Content-Type, Content-Length, Last-Modified, Alert, Backoff, Pragma, Expires, Retry-After, Cache-Control content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 329 via: 1.1 google date: Mon, 28 Nov 2022 11:11:12 GMT cache-control: public,max-age=3600 age: 1105 last-modified: Fri, 25 Mar 2022 17:45:46 GMT etag: "1648230346554" alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JSON data\012- , ASCII text, with very long lines (329), with no line terminators Size: 329 Md5: 0333b0655111aa68de771adfcc4db243 Sha1: 63f295a144ac87a7c8e23417626724eeca68a7eb Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /secure/9b7968cf7575c46158c4c76b202ee97c/style/css/FB-f-Logo__blue_57.png HTTP/1.1 Host: srv182820.hoster-test.ru User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://srv182820.hoster-test.ru/secure/9b7968cf7575c46158c4c76b202ee97c/login	31.28.24.115 HTTP/1.1 200 OK Content-Type: image/png Date: Mon, 28 Nov 2022 06:44:28 GMT Server: Apache/2.2.15 (CentOS) Last-Modified: Sun, 27 Nov 2022 12:27:32 GMT ETag: "52d133-5af-5ee72e101287c" Accept-Ranges: bytes Content-Length: 1455 Cache-Control: max-age=86400 Expires: Tue, 29 Nov 2022 06:44:28 GMT Age: 17109 X-Cache: HIT from t0.hoster.ru X-Cache-Lookup: HIT from t0.hoster.ru:6666 Connection: keep-alive --- Additional Info --- Magic: PNG image data, 57 x 57, 8-bit/color RGBA, non-interlaced\012- data Size: 1455 Md5: a33ca47ef110b6e3ec5086b8776407d3 Sha1: dff5bbbe61b4920a23fb21a7fca69ca9e94dcb6c Sha256: 3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece urlquery: - Phishing - Netflix Blocklists: - quad9: Sinkholed
GET /secure/9b7968cf7575c46158c4c76b202ee97c/style/css/alpha_website_small.jpg HTTP/1.1 Host: srv182820.hoster-test.ru User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://srv182820.hoster-test.ru/secure/9b7968cf7575c46158c4c76b202ee97c/login	31.28.24.115 HTTP/1.1 200 OK Content-Type: image/jpeg Date: Mon, 28 Nov 2022 11:29:37 GMT Server: Apache/2.2.15 (CentOS) Last-Modified: Sun, 27 Nov 2022 12:27:32 GMT ETag: "52d127-1c4c8-5ee72e1012494" Accept-Ranges: bytes Content-Length: 115912 Cache-Control: max-age=86400 Expires: Tue, 29 Nov 2022 11:29:37 GMT X-Cache: MISS from t0.hoster.ru X-Cache-Lookup: MISS from t0.hoster.ru:6666 Connection: keep-alive --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2000x1125, components 3\012- data Size: 115912 Md5: 330f71efaf9464edb933d1d635e27dd6 Sha1: 3d11a19729f6fcd344df1c38f34eccfa60a6bf2d Sha256: 3e379956c11b27e761265f7d50f07f680407c9bfe4b067856b9408755ec08255 urlquery: - Phishing - Netflix Blocklists: - quad9: Sinkholed
GET /secure/9b7968cf7575c46158c4c76b202ee97c/style/css/site-spinner-240-light.png HTTP/1.1 Host: srv182820.hoster-test.ru User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://srv182820.hoster-test.ru/secure/9b7968cf7575c46158c4c76b202ee97c/style/css/nonechaditk.css	31.28.24.115 HTTP/1.1 200 OK Content-Type: image/png Date: Mon, 28 Nov 2022 06:44:28 GMT Server: Apache/2.2.15 (CentOS) Last-Modified: Sun, 27 Nov 2022 12:27:32 GMT ETag: "52d12b-13e7-5ee72e101287c" Accept-Ranges: bytes Content-Length: 5095 Cache-Control: max-age=86400 Expires: Tue, 29 Nov 2022 06:44:28 GMT Age: 17109 X-Cache: HIT from t0.hoster.ru X-Cache-Lookup: HIT from t0.hoster.ru:6666 Connection: keep-alive --- Additional Info --- Magic: PNG image data, 240 x 240, 8-bit/color RGBA, non-interlaced\012- data Size: 5095 Md5: 93ebf9e3bb5fde6c9456ca28711bfbba Sha1: 006bef52015403d071a73fb6f04bd2dd98f82ebb Sha256: 5a7ed665f614fe2c62e79a477715dd18c8afae67f7c580bc049e013feb2864b7 urlquery: - Phishing - Netflix Blocklists: - quad9: Sinkholed
GET /secure/9b7968cf7575c46158c4c76b202ee97c/style/css/nf-icon-v1-93.woff HTTP/1.1 Host: srv182820.hoster-test.ru User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Connection: keep-alive Referer: http://srv182820.hoster-test.ru/secure/9b7968cf7575c46158c4c76b202ee97c/style/css/nonechaditk.css	31.28.24.115 HTTP/1.1 200 OK Content-Type: text/plain; charset=UTF-8 Date: Mon, 28 Nov 2022 10:46:26 GMT Server: Apache/2.2.15 (CentOS) Last-Modified: Sun, 27 Nov 2022 12:27:32 GMT ETag: "52d125-11f64-5ee72e1012494" Accept-Ranges: bytes Content-Length: 73572 Age: 2591 X-Cache: HIT from t0.hoster.ru X-Cache-Lookup: HIT from t0.hoster.ru:6666 Connection: keep-alive --- Additional Info --- Magic: Web Open Font Format, CFF, length 73572, version 0.0\012- data Size: 73572 Md5: 7cf6156cc481244b5a254362d7b73f00 Sha1: 4391003d1cb06d2bd1921a5813a57604fa7d9935 Sha256: 98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d urlquery: - Phishing - Netflix Blocklists: - fortinet: Malware - quad9: Sinkholed
POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	93.184.220.29 HTTP/1.1 200 OK Content-Type: application/ocsp-response Accept-Ranges: bytes Age: 879 Cache-Control: max-age=165117 Date: Mon, 28 Nov 2022 11:29:37 GMT Etag: "63847a2f-1d7" Expires: Wed, 30 Nov 2022 09:21:34 GMT Last-Modified: Mon, 28 Nov 2022 09:06:55 GMT Server: ECS (ska/F710) X-Cache: HIT Content-Length: 471 --- Additional Info --- Magic: data Size: 471 Md5: 7ab2ef968cb6a3078f4b9cb2dda813d4 Sha1: e669116047ca058a2c1b2999ff0ea8682719162c Sha256: 6ddecf0b21c44f3851da8efeb6ecdc6c8e9b83d7681153c31952b4ec8c23c940
GET /secure/9b7968cf7575c46158c4c76b202ee97c/style/css/nficon2016.png HTTP/1.1 Host: srv182820.hoster-test.ru User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://srv182820.hoster-test.ru/secure/9b7968cf7575c46158c4c76b202ee97c/login	31.28.24.115 HTTP/1.1 200 OK Content-Type: image/png Date: Mon, 28 Nov 2022 11:27:05 GMT Server: Apache/2.2.15 (CentOS) Last-Modified: Sun, 27 Nov 2022 12:27:32 GMT ETag: "52d12f-6db-5ee72e101287c" Accept-Ranges: bytes Content-Length: 1755 Cache-Control: max-age=86400 Expires: Tue, 29 Nov 2022 11:27:05 GMT Age: 152 X-Cache: HIT from t0.hoster.ru X-Cache-Lookup: HIT from t0.hoster.ru:6666 Connection: keep-alive --- Additional Info --- Magic: PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced\012- data Size: 1755 Md5: 3d194514babc5d7d010308a0f808ca51 Sha1: 867e51e9b4a474c19da52d6454076c007a9d01f2 Sha256: 7341f7b8b0ae3c0da4aea559efc31f0b53d9db9dd291664fdcf7d618fd95ed8a urlquery: - Phishing - Netflix Blocklists: - quad9: Sinkholed
GET /secure/9b7968cf7575c46158c4c76b202ee97c/style/css/nficon2016.ico HTTP/1.1 Host: srv182820.hoster-test.ru User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://srv182820.hoster-test.ru/secure/9b7968cf7575c46158c4c76b202ee97c/login	31.28.24.115 HTTP/1.1 200 OK Content-Type: image/vnd.microsoft.icon Date: Mon, 28 Nov 2022 11:27:05 GMT Server: Apache/2.2.15 (CentOS) Last-Modified: Sun, 27 Nov 2022 12:27:32 GMT ETag: "52d138-423e-5ee72e1012c64" Accept-Ranges: bytes Content-Length: 16958 Age: 152 X-Cache: HIT from t0.hoster.ru X-Cache-Lookup: HIT from t0.hoster.ru:6666 Connection: keep-alive --- Additional Info --- Magic: MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel\012- data Size: 16958 Md5: 41b45fdce09bd6acd07c7a8949da675e Sha1: 931e18dfc6e7d950dc2f2bbdfe31e1ea720acf7c Sha256: abe8012eb65c0dc0ac3e87dcc1e60e1908ebd8f12b7c47a5df1856f7a7bb1edd urlquery: - Phishing - Netflix Blocklists: - fortinet: Malware - quad9: Sinkholed
GET / HTTP/1.1 Host: push.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Sec-WebSocket-Version: 13 Origin: wss://push.services.mozilla.com/ Sec-WebSocket-Protocol: push-notification Sec-WebSocket-Extensions: permessage-deflate Sec-WebSocket-Key: vi9lm9UiCfmG7bX7pNIL5g== Connection: keep-alive, Upgrade Sec-Fetch-Dest: websocket Sec-Fetch-Mode: websocket Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache Upgrade: websocket	52.42.74.230 HTTP/1.1 101 Switching Protocols Connection: Upgrade Upgrade: websocket Sec-WebSocket-Accept: RvJrua5bU9JzC1j95TvhlDd+RYQ= --- Additional Info --- Magic: Size: 0 Md5: d41d8cd98f00b204e9800998ecf8427e Sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB" Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=10507 Expires: Mon, 28 Nov 2022 14:24:46 GMT Date: Mon, 28 Nov 2022 11:29:39 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: aebda342a81ad83f60d2523f54ccda67 Sha1: e590d9326e4a283e0929a8ffccb13cc4308af0e6 Sha256: bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB" Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=10507 Expires: Mon, 28 Nov 2022 14:24:46 GMT Date: Mon, 28 Nov 2022 11:29:39 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: aebda342a81ad83f60d2523f54ccda67 Sha1: e590d9326e4a283e0929a8ffccb13cc4308af0e6 Sha256: bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB" Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=10507 Expires: Mon, 28 Nov 2022 14:24:46 GMT Date: Mon, 28 Nov 2022 11:29:39 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: aebda342a81ad83f60d2523f54ccda67 Sha1: e590d9326e4a283e0929a8ffccb13cc4308af0e6 Sha256: bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache	23.36.77.32 HTTP/1.1 200 OK Content-Type: application/ocsp-response Server: nginx Content-Length: 503 ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB" Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=10507 Expires: Mon, 28 Nov 2022 14:24:46 GMT Date: Mon, 28 Nov 2022 11:29:39 GMT Connection: keep-alive --- Additional Info --- Magic: data Size: 503 Md5: aebda342a81ad83f60d2523f54ccda67 Sha1: e590d9326e4a283e0929a8ffccb13cc4308af0e6 Sha256: bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd56d2fad-ed89-4d96-831f-7f8467b7079b.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 10119 x-amzn-requestid: 20bfd6a6-2981-42ca-8997-9363676773c1 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cR782HEZIAMFTKQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6383d9eb-552581a92a69d6cd322bf334;Sampled=0 x-amzn-remapped-date: Sun, 27 Nov 2022 21:43:07 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: U_gitOWWMPO7M5Dd0WktaigfRERa93d86MhziLjZ2qnuON_K5NauyQ== via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google date: Sun, 27 Nov 2022 21:54:37 GMT age: 48902 etag: "9a3ca698ca1aeae695923277ed2244465e01a1ea" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 10119 Md5: 15bd53848c7082464273007e010c54e0 Sha1: 9a3ca698ca1aeae695923277ed2244465e01a1ea Sha256: 36cfa29965173ea683992d4b436f393e92c978350347f869355d933613e2c005
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffa0bb072-3065-47f5-88ac-e3977adf0cba.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 3532 x-amzn-requestid: 12f95833-5aca-4633-8eac-011f194953ff x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cJWisFi5IAMFgCQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-63806add-77d024405c7fe57124c4ae1c;Sampled=0 x-amzn-remapped-date: Fri, 25 Nov 2022 07:12:29 GMT x-amz-cf-pop: SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: FfwgJjX9r1rqeeN9Va2apka3gXe6L610KxF8UHT5AzbM-wZtMqQDBA== via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google date: Mon, 28 Nov 2022 07:43:12 GMT age: 13587 etag: "cd268c0301ee9ec2de1aaaf5fff3efede4973916" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 3532 Md5: f7d70dfcfffed4941f9766906c52776c Sha1: cd268c0301ee9ec2de1aaaf5fff3efede4973916 Sha256: 024dcb67aca1c6491ca045b1384b623ff934362b77bac2916ad2744e5c6c4bd2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 9430 x-amzn-requestid: 454ca8bd-a256-45f2-8b41-feee86c5af82 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cR7wyGCIIAMFhgw= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6383d99e-1488f8ce71a91ebc3ad6b7e0;Sampled=0 x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:50 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: ibLuLI6j9EWh0dgk51O7kiPBRyURZ0UdNtlgbBD-SXnDg_GT_tJm8Q== via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google date: Sun, 27 Nov 2022 22:01:16 GMT age: 48503 etag: "075531f525e625b117b2497f31139c9824d0e9c5" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 9430 Md5: 1f434933b5bd6377d299ada22d1ae7ef Sha1: 075531f525e625b117b2497f31139c9824d0e9c5 Sha256: b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 6376 x-amzn-requestid: 25b82353-9c15-44c0-ada5-55f4697de935 x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cR6_KGeaoAMFb_Q= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6383d860-71711cca7c063030292c5e47;Sampled=0 x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:32 GMT x-amz-cf-pop: HIO50-C1, SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: odmAWkNyUMevvXStu7zRJyckokhyBjUwu7-JSvj8by-JWJ9eAm9P5Q== via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google date: Sun, 27 Nov 2022 22:01:26 GMT age: 48493 etag: "53b12a8702f7c5b7cc697e2a24da824d9434be65" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 6376 Md5: 78b1389f425425d0450c94d900404dc4 Sha1: 53b12a8702f7c5b7cc697e2a24da824d9434be65 Sha256: 0c1659ab3afc6e45f9e3acb12f8865bb99e4668f7df4501b1cc740e53f5b62ed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f2e6328-f3c1-4a69-b0b6-73920b885144.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 8885 x-amzn-requestid: 71b8367f-f79f-42a7-bcb8-c441a154babf x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cGDTEFSeIAMF3rg= x-content-type-options: nosniff x-amzn-trace-id: Root=1-637f18e0-631b775d3430a8c30c3b4420;Sampled=0 x-amzn-remapped-date: Thu, 24 Nov 2022 07:10:24 GMT x-amz-cf-pop: SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: jsmd6yxjJxLMEgv1jDa87iEoZXL2OuALsmUZ9Nxx1rUN-xOTdtN1-A== via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google date: Mon, 28 Nov 2022 08:11:39 GMT age: 11880 etag: "70c2a238f06ca7e56ef80c83738e081bf0de3330" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 8885 Md5: 3a1a4e00f1f15827cf651f373863c379 Sha1: 70c2a238f06ca7e56ef80c83738e081bf0de3330 Sha256: 3d936e1f0c96297f121faece12d6f8173e12eed5087165cd4eefc0fab368419f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd56dccc9-321b-431e-8a92-49471e788b4b.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 11165 x-amzn-requestid: 9e35d865-adea-4d2a-b20f-beb014cdd42f x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cR6_JE2VIAMFYgQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6383d860-7cf4db38152cdfa1448cba3d;Sampled=0 x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:32 GMT x-amz-cf-pop: SFO5-C3, SEA19-C2 x-cache: Miss from cloudfront x-amz-cf-id: lu-Pi2xJUPfkpTK0vCDauedxSM1ZrNzEKka2-4m6l7pDkt04gUgpnA== via: 1.1 dec8fa38a453902521b941c7cd70d33c.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google date: Sun, 27 Nov 2022 21:56:40 GMT etag: "65941dd34eb1063a3f7fe2b6790a11a484a06b9a" age: 48779 cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 11165 Md5: a8935783026c10470f60033d3a860f7b Sha1: 65941dd34eb1063a3f7fe2b6790a11a484a06b9a Sha256: e88c706458faf5b5512212692392c7c1a0d8e60af62962267166f5cb60ee9c89
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1f41832-bc78-4527-a3e7-8099266ecb52.jpeg HTTP/1.1 Host: img-getpocket.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: null Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site TE: trailers	34.120.237.76 HTTP/2 200 OK content-type: image/jpeg server: nginx content-length: 8517 x-amzn-requestid: 12456791-0e7f-45d7-97ae-d663c8fa841d x-xss-protection: 1; mode=block access-control-allow-origin: * strict-transport-security: max-age=63072000; includeSubdomains; preload x-frame-options: DENY content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' x-amz-apigw-id: cMozvHHLoAMFVqQ= x-content-type-options: nosniff x-amzn-trace-id: Root=1-6381bb4a-54ed1ec101789247052c9ec8;Sampled=0 x-amzn-remapped-date: Sat, 26 Nov 2022 07:07:54 GMT x-amz-cf-pop: SEA19-C2 x-cache: Hit from cloudfront x-amz-cf-id: UzzTPZIBjoow9PK-oM9rfGh5HkrivyPDofbTXy-I-9e4_baQnyKVhQ== via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google date: Mon, 28 Nov 2022 07:21:27 GMT age: 14899 etag: "9442f111d329f721ddc55100cd246586d8204048" cache-control: max-age=3600,public,public alt-svc: clear X-Firefox-Spdy: h2 --- Additional Info --- Magic: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Size: 8517 Md5: 577b69fd08ad8368ea5a94fe41476c1c Sha1: 9442f111d329f721ddc55100cd246586d8204048 Sha256: bdafc5068032dcf5e207cf2685a1b9350dbe8d990ba181520ff47889524532f2
GET / HTTP/1.1 Host: cssjas.blogspot.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://srv182820.hoster-test.ru/	142.250.74.161 HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Expires: Mon, 28 Nov 2022 11:29:37 GMT Date: Mon, 28 Nov 2022 11:29:37 GMT Cache-Control: private, max-age=0 Last-Modified: Tue, 25 Oct 2022 22:52:16 GMT ETag: W/"262148172eedfb6472965bade0fd747eb3bbe4e3d70f3850fdc2399b39d03c10" Content-Encoding: gzip X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Length: 14654 Server: GSE --- Additional Info --- Magic: Size: 0 Md5: Sha1: Sha256: Blocklists: - fortinet: Phishing

URL	srv182820.hoster-test.ru/secure/9b7968cf7575c46158c4c76b202ee97c/login
IP	31.28.24.115 (Russia)
ASN	#12616 Filanco LLC
UserAgent	Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Access
Report completed	2022-11-28 11:29:48 UTC
Status	Loading report..
IDS alerts	0
Blocklist alert	24
urlquery alerts	16 Phishing - Netflix Phishing - Netflix
Tags	None

Overview

Domain Summary (9)

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 31.28.24.115

Last 5 reports on ASN: Filanco LLC

Last 5 reports on domain: hoster-test.ru

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (10)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (35)

Overview

Domain Summary (9)

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro

Blocklists

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 31.28.24.115

Last 5 reports on ASN: Filanco LLC

Last 5 reports on domain: hoster-test.ru

Last 5 reports with similar screenshot

JavaScript

Executed Scripts (10)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (35)

Network Intrusion Detection Systems