Report - besteuhotels.com/za/

Report Overview

Submitted URL
besteuhotels.com/za/
IP
162.0.217.88
ASN
#22612 NAMECHEAP-NET
Submitted
2023-02-05 20:14:47
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
14

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
aff.affco.xyz	unknown	2021-08-08T20:24:03Z	2023-03-09T22:22:13Z	775 B	3.1 kB	108.178.23.117
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.4 kB	6.2 kB	23.36.76.226
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-13T08:22:43Z	340 B	964 B	104.18.32.68
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	34.214.84.191
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	60 kB	34.120.237.76
besteuhotels.com	unknown	2023-02-04T12:22:19Z	2023-03-13T14:46:03Z	8.5 kB	1.6 MB	162.0.217.88

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-05	medium	besteuhotels.com/za/	Phishing
2023-02-05	medium	besteuhotels.com/za/	Phishing
2023-02-05	medium	besteuhotels.com/za/js/en_date.js	Phishing
2023-02-05	medium	besteuhotels.com/za/js/jquery.min.js	Phishing
2023-02-05	medium	aff.affco.xyz/js/pub.min.js	Phishing
2023-02-05	medium	besteuhotels.com/sw.js?v=1675628119406	Phishing
2023-02-05	medium	aff.affco.xyz/sw.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (19)

	URL	Size	First Seen	Last Seen
	besteuhotels.com/za/js/en_date.js	6.7 kB	2023-03-07	2024-04-19
Pretty URL besteuhotels.com/za/js/en_date.js IP 162.0.217.88 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:27 Last Seen2024-04-19 01:14:32 Times Seen1536 Hash 159cca5aaccda0ce719041c87f432522 51a7090ebc8d851aab5f87d8f19f392ed260d545 62769705ac94c6659cba7cc5ff84fca57e16dfe3222f613677c3c5da4c2728a5 Loading...

	besteuhotels.com/za/	273 B	2023-03-07	2024-02-12
Pretty URL besteuhotels.com/za/ IP 162.0.217.88 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:27 Last Seen2024-02-12 11:16:38 Times Seen442 Hash 592d14a6077ae73f2508f35d9aef597c ef1cca32fb240389d03dfa47624840e45a30e67a 32cb248b670218c43386c794a7358975891ba7b02e6dbe1d60bc2b68185ac5c9 Loading...

	besteuhotels.com/za/	168 B	2023-03-07	2024-04-19
Pretty URL besteuhotels.com/za/ IP 162.0.217.88 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:27 Last Seen2024-04-19 01:14:32 Times Seen1150 Hash c43fa36762d3eb9b33523e0b75097bc9 ec3a635ea954277745c29cdc77a063ea9fcd0506 496b75e4b69eb322c2b46d488da6d8b33d17db6519e935a164b16b70d76eedd4 Loading...

	besteuhotels.com/za/js/jquery.min.js	87 kB	2023-03-07	2024-04-19
Pretty URL besteuhotels.com/za/js/jquery.min.js IP 162.0.217.88 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:27 Last Seen2024-04-19 16:01:03 Times Seen2869 Hash 24f2e59beae1680f19632d9c1b89d730 b3a77b35c4809324ab79e64d40c4ee391234e008 39646863a414e0a84920b3a8639c0f3e8c94535e8dc051b42b485a068dc2902f Loading...

	besteuhotels.com/za/	281 B	2023-03-07	2024-02-12
Pretty URL besteuhotels.com/za/ IP 162.0.217.88 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:27 Last Seen2024-02-12 11:16:38 Times Seen168 Hash 2c76c3a8accf5428a6daa25f35674d31 b39f61c9d992ce7aee66da805c361d11becbce44 ef8380d4e8628a8cec5f042d6d99fd394af1f2b4f018ba27e94841583405efe0 Loading...

	besteuhotels.com/za/	44 B	2023-03-07	2024-02-12
Pretty URL besteuhotels.com/za/ IP 162.0.217.88 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:27 Last Seen2024-02-12 11:16:38 Times Seen442 Hash 089dcf630b91eeb6ddc1126489ce19a5 81092edffa7ca5c66cc224b2c2709df31eaf575d 5880db381c027d272ba77e55ad4548a5ec6e3fdf1e0af6a6323afb09d405c578 Loading...

	besteuhotels.com/za/	168 B	2023-03-07	2024-04-19
Pretty URL besteuhotels.com/za/ IP 162.0.217.88 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:27 Last Seen2024-04-19 01:14:32 Times Seen1171 Hash 358a88f8d096f927e095e6182e6c875d c35c37cc80ba3929d8d4e045a2282c5f39ac6c00 9cae33187c5d941447410b80ff22429d03297dfc2bbc149546f70bc19724525a Loading...

	aff.affco.xyz/js/pub.min.js	2.8 kB	2023-03-07	2024-04-13
Pretty URL aff.affco.xyz/js/pub.min.js IP 108.178.23.117 ASN #32475 SINGLEHOP-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:14:23 Last Seen2024-04-13 12:32:01 Times Seen5975 Hash 842d4889c73f6664245d70112389026a 3f5d934289e1acfebce633760640881a81ac8299 99f43e50f4179af4ebf4c93668866d5a5607914fa0a5daa087354c3159d3fa03 Loading...

	besteuhotels.com/za/	29 B	2023-03-13	2023-07-30
Pretty URL besteuhotels.com/za/ IP 162.0.217.88 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:43:18 Last Seen2023-07-30 14:45:58 Times Seen47 Hash defc092f2361a96848e1f416c5fe4fff 96e6c991bd731f05cf0c73a61be3a10a6a5e0eed 790beca5f4f4f0f90ed00079f7cde045ee44e800dddee7b81ecfab684f9033fc Loading...

	besteuhotels.com/za/	168 B	2023-03-07	2024-04-19
Pretty URL besteuhotels.com/za/ IP 162.0.217.88 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:27 Last Seen2024-04-19 01:14:32 Times Seen1170 Hash 25a637ab7e8911baf488da8be4e1b905 93e5992bc39ab55d39557de79cdf1c1d8cf8d7de 5916a6e296bd31a4066725850e0a361f132dcb26fa2f0a7397f6ccb38569e675 Loading...

	besteuhotels.com/za/	48 B	2023-03-07	2024-04-19
Pretty URL besteuhotels.com/za/ IP 162.0.217.88 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:27 Last Seen2024-04-19 01:14:32 Times Seen1171 Hash e0e85b06d67335c7ee1446615958d231 b65b4fc00127903ae221747d09e12318a87deac3 1d619e571a4a453367553ee865cc84096a01dbc6f70216e929f5739d58230d3e Loading...

	besteuhotels.com/za/	425 B	2023-03-07	2024-02-12
Pretty URL besteuhotels.com/za/ IP 162.0.217.88 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:27 Last Seen2024-02-12 11:16:38 Times Seen443 Hash 32d73d0b33ea6fb287e203010130540b fd396357a23bb4aeb5ad0c250e3f2aa317d816aa c74aed9b2943416985040c94b00599c4ee69105ba3cd69a89a06cd3302d946ea Loading...

	besteuhotels.com/za/	2.8 kB	2023-03-07	2023-04-05
Pretty URL besteuhotels.com/za/ IP 162.0.217.88 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:27 Last Seen2023-04-05 02:00:46 Times Seen13 Hash 58f621f822d136495fe26279ef72a473 9b1540d3bcceba73a624d4bcbd47f31c4aa4d72e c84941e1174fb72266d28171c42b97982202c958ee7304fe1598aa757783658a Loading...

	besteuhotels.com/za/	54 B	2023-03-07	2024-02-12
Pretty URL besteuhotels.com/za/ IP 162.0.217.88 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:27 Last Seen2024-02-12 11:16:38 Times Seen443 Hash b5fcafd137fbb98c9d5f08acdcdd80b2 a4748e9527d8012a6ba376b239ffc1b29d3acb32 74cc2904107393aec8e2d6ccb44ddf2bd43f017614bb2e070404b288dc87be8d Loading...

		Size	First Seen	Last Seen
	#1 Write - 114f43ce881da5cf26be0f4fe59e911f	11 B	2023-03-13	2024-02-06
Pretty Observations First Seen2023-03-13 13:55:22 Last Seen2024-02-06 00:06:48 Times Seen21 Hash 114f43ce881da5cf26be0f4fe59e911f b02f37e891880619480f80c68de8ddb37c1dcd7b 1e5991cf6882be812da33202908435b7e0fa9fd363a4613def8cc4f5599e1869 Loading...

	#2 Write - 9d1a0949c39e66a0cd65240bc0ac9177	6 B	2023-03-07	2024-04-15
Pretty Observations First Seen2023-03-07 01:02:27 Last Seen2024-04-15 01:19:07 Times Seen524 Hash 9d1a0949c39e66a0cd65240bc0ac9177 bc5dd045b8623ddfc4bd0bce98ca5fda42accf88 873fef760e5d001ba0a843bf1846713fd92538699f323ef00d51f97a2ad2756c Loading...

	#3 Write - 732896324c2a3a3540771e39386f5fdc	11 B	2023-03-13	2024-02-07
Pretty Observations First Seen2023-03-13 17:16:15 Last Seen2024-02-07 10:58:38 Times Seen8 Hash 732896324c2a3a3540771e39386f5fdc 33f736340e1f7f949a3b581d40734fcc5912acaf 2e0e8ba48b41b31ba6aefae3f4e91d56b7d62442dd90f8c5632daa48159395b0 Loading...

	#4 Write - a747c9a2ef918e3781c3b5a58e3af9c4	11 B	2023-03-13	2024-02-07
Pretty Observations First Seen2023-03-13 15:27:38 Last Seen2024-02-07 10:58:38 Times Seen16 Hash a747c9a2ef918e3781c3b5a58e3af9c4 5f81ee2e5ade5a51438a0efb662a67634d64dd4d 00036b90e1d8db756d276e3a8d8c05dc35e7fc939c69a3ae4d6b8b4484c22694 Loading...

	#5 Write - 713c2bfb0cee18a4a78032e20baefbf2	11 B	2023-03-13	2024-02-06
Pretty Observations First Seen2023-03-13 14:55:21 Last Seen2024-02-06 15:29:41 Times Seen19 Hash 713c2bfb0cee18a4a78032e20baefbf2 2ca6f7fd759ae4522aaaeb01559f04ea0406bed0 24d5a1f3fbb3ed8e5dab9b4af9889050286d41b81e6f8295c1f5c8b970459ab6 Loading...

HTTP Transactions (42)

URL IP Response Size

besteuhotels.com/za/

162.0.217.88

301 Moved Permanently

707 B

URL HTTP/1.1
besteuhotels.com/za/
IP
162.0.217.88:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /za/ HTTP/1.1
Host: besteuhotels.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Sun, 05 Feb 2023 20:14:36 GMT
server: LiteSpeed
location: https://besteuhotels.com/za/
x-turbo-charged-by: LiteSpeed

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
507011ccb9124dcd57e84a90a0965cc4
1a6575d0ac979c7184490cc9836ac4812ad2afd1
01626c18e1e68507aa33ef7448dbc3311901ab6f29adc2f51d449409b0680dce

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01626C18E1E68507AA33EF7448DBC3311901AB6F29ADC2F51D449409B0680DCE"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11259
Expires: Sun, 05 Feb 2023 23:22:15 GMT
Date: Sun, 05 Feb 2023 20:14:36 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7208
Expires: Sun, 05 Feb 2023 22:14:44 GMT
Date: Sun, 05 Feb 2023 20:14:36 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 05 Feb 2023 19:33:56 GMT
content-type: application/json
age: 2440
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6870
Expires: Sun, 05 Feb 2023 22:09:06 GMT
Date: Sun, 05 Feb 2023 20:14:36 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: V4i99L8UZ4/OSmWBjoL/honH/cA7CSv0QadQSWBahPL/0N+saHzZORC8neu4L2WNTb3WcbZYt6Q=
x-amz-request-id: ETJ2SF89SZZXTXDS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 05 Feb 2023 19:24:37 GMT
age: 2999
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 20:14:36 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
e59b630164a735340d6e45ef4e52590d
a0ad0aaff21bbab4d302dad6041c0ea56637777c
fff1b8cb6cbb5bae479184057e5b569050fc666005fbcda7d42445c4d36a9e56

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 20:14:37 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 04 Feb 2023 11:21:04 GMT
Expires: Sat, 11 Feb 2023 11:21:03 GMT
Etag: "a0ad0aaff21bbab4d302dad6041c0ea56637777c"
Cache-Control: max-age=485786,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 794e50383d860b31-OSL

besteuhotels.com/za/

162.0.217.88

200 OK

3.2 kB

URL HTTP/2
besteuhotels.com/za/
IP
162.0.217.88:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (2192)
Size
3.2 kB (3242 bytes)
Hash
297653b66f6f2419f8887b281e7f783f
2974931ea6a67465f09345ffab11e3f11adf957c
796e91349dadc00e66c8baf7ada37b62b47b5c7c493b4fccae609e17aefcbf51

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /za/ HTTP/1.1
Host: besteuhotels.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
content-type: text/html
last-modified: Sat, 04 Feb 2023 11:57:30 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3242
date: Sun, 05 Feb 2023 20:14:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

besteuhotels.com/za/js/en_date.js

162.0.217.88

200 OK

1.4 kB

URL HTTP/2
besteuhotels.com/za/js/en_date.js
IP
162.0.217.88:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text
Size
1.4 kB (1440 bytes)
Hash
88a2b71c97e773fa8e9323857f3cb481
e2ae31a3d7ed0708594c20f9289ddaf2a1d7e337
2bd6a533a83f3363925a47ea12a8232ee7d026fbd046cd1cc1962d7080e1e5e8

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /za/js/en_date.js HTTP/1.1
Host: besteuhotels.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://besteuhotels.com/za/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 20:14:35 GMT
content-type: application/javascript
last-modified: Thu, 30 Sep 2021 11:45:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1440
date: Sun, 05 Feb 2023 20:14:35 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

besteuhotels.com/za/css/style__base.css

162.0.217.88

200 OK

4.0 kB

URL HTTP/2
besteuhotels.com/za/css/style__base.css
IP
162.0.217.88:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text
Size
4.0 kB (3962 bytes)
Hash
3656436fa0ae8f701ccc275c971647ed
14d0c5c9ddd005ebe07b6a0ab6aff536555c2b27
ba6db564b69bfbead0aafeade1dff070d229158622ecda64223bcb752cd26e06

HTTP Headers

GET /za/css/style__base.css HTTP/1.1
Host: besteuhotels.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://besteuhotels.com/za/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 20:14:35 GMT
content-type: text/css
last-modified: Thu, 30 Sep 2021 11:45:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3962
date: Sun, 05 Feb 2023 20:14:35 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

besteuhotels.com/za/css/style_a.css

162.0.217.88

200 OK

1.6 kB

URL HTTP/2
besteuhotels.com/za/css/style_a.css
IP
162.0.217.88:0
ASN
#22612 NAMECHEAP-NET

File type
CSV text\012- , ASCII text
Size
1.6 kB (1639 bytes)
Hash
1e36b717e1745a7938747204e95df779
584b914b15c927161fbc07c24581705aa3239614
821729560ead2db84fc367a4dca48878ee4647d6ce2bf6d81cb95a6507fa7f05

HTTP Headers

GET /za/css/style_a.css HTTP/1.1
Host: besteuhotels.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://besteuhotels.com/za/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 20:14:35 GMT
content-type: text/css
last-modified: Thu, 30 Sep 2021 11:45:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1639
date: Sun, 05 Feb 2023 20:14:35 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

besteuhotels.com/za/img/spin_vi.png

162.0.217.88

200 OK

18 kB

URL HTTP/2
besteuhotels.com/za/img/spin_vi.png
IP
162.0.217.88:0
ASN
#22612 NAMECHEAP-NET

File type
PNG image data, 330 x 330, 8-bit colormap, non-interlaced\012- data
Size
18 kB (17804 bytes)
Hash
4368c75c21b9d5cbe721ea5cf5346787
54085d242fc02d1e8c930c4fa4497423ace1b37a
58a2b7bca87a23a93838a95b110db0be1fb1bc1d24e7ec275ef1ecaa2f68bcc3

HTTP Headers

GET /za/img/spin_vi.png HTTP/1.1
Host: besteuhotels.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://besteuhotels.com/za/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 20:14:37 GMT
content-type: image/png
last-modified: Thu, 30 Sep 2021 11:45:24 GMT
accept-ranges: bytes
content-length: 17804
date: Sun, 05 Feb 2023 20:14:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

besteuhotels.com/za/img/8.jpg

162.0.217.88

200 OK

1.3 kB

URL HTTP/2
besteuhotels.com/za/img/8.jpg
IP
162.0.217.88:0
ASN
#22612 NAMECHEAP-NET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Size
1.3 kB (1322 bytes)
Hash
fb8ab51a7e5d044c4ba446e75d65fc6a
795bdcc9f2cff7cc4f859b18aa48bec531d428de
2bdf5479bea5d7e6a39889a1ebaaf63a084421426ac4731c0b910e846670d172

HTTP Headers

GET /za/img/8.jpg HTTP/1.1
Host: besteuhotels.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://besteuhotels.com/za/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 20:14:37 GMT
content-type: image/jpeg
last-modified: Thu, 30 Sep 2021 11:45:24 GMT
accept-ranges: bytes
content-length: 1322
date: Sun, 05 Feb 2023 20:14:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

besteuhotels.com/za/img/1.jpg

162.0.217.88

200 OK

1.0 kB

URL HTTP/2
besteuhotels.com/za/img/1.jpg
IP
162.0.217.88:0
ASN
#22612 NAMECHEAP-NET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 100x100, components 1\012- data
Size
1.0 kB (1005 bytes)
Hash
4961fe96322fa07c057ff9933949deb7
14582f3b204186e93df12f218a9c2c0962717ae6
a167448d8ccb86dbf365fd16ba13c3d1372e75c1daaa0731fce6f6dbd37218eb

HTTP Headers

GET /za/img/1.jpg HTTP/1.1
Host: besteuhotels.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://besteuhotels.com/za/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 20:14:37 GMT
content-type: image/jpeg
last-modified: Thu, 30 Sep 2021 11:45:24 GMT
accept-ranges: bytes
content-length: 1005
date: Sun, 05 Feb 2023 20:14:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

besteuhotels.com/za/img/2.jpg

162.0.217.88

200 OK

1.6 kB

URL HTTP/2
besteuhotels.com/za/img/2.jpg
IP
162.0.217.88:0
ASN
#22612 NAMECHEAP-NET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 100x100, components 3\012- data
Size
1.6 kB (1630 bytes)
Hash
21e2d2e27adf02c28020143248d8bfc1
a34f81b6bbb8fcfcec308f8c4be3136d09c580ba
2b4d339a2ae7c12548d72ee28545e92642110ce9b90a11bac30712d27c68e093

HTTP Headers

GET /za/img/2.jpg HTTP/1.1
Host: besteuhotels.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://besteuhotels.com/za/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 20:14:37 GMT
content-type: image/jpeg
last-modified: Thu, 30 Sep 2021 11:45:24 GMT
accept-ranges: bytes
content-length: 1630
date: Sun, 05 Feb 2023 20:14:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

besteuhotels.com/za/img/4.jpg

162.0.217.88

200 OK

2.3 kB

URL HTTP/2
besteuhotels.com/za/img/4.jpg
IP
162.0.217.88:0
ASN
#22612 NAMECHEAP-NET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 100x100, components 3\012- data
Size
2.3 kB (2344 bytes)
Hash
7cfbc820d9ff389536e0f8e43bacd038
098331d53146e9a5f84f6bba2640571c9dd03864
e24a85fb5ebc363e515275bda4faee5670713c27d034c8d9f11cf4bcae456017

HTTP Headers

GET /za/img/4.jpg HTTP/1.1
Host: besteuhotels.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://besteuhotels.com/za/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 20:14:37 GMT
content-type: image/jpeg
last-modified: Thu, 30 Sep 2021 11:45:24 GMT
accept-ranges: bytes
content-length: 2344
date: Sun, 05 Feb 2023 20:14:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

besteuhotels.com/za/img/3.jpg

162.0.217.88

200 OK

1.9 kB

URL HTTP/2
besteuhotels.com/za/img/3.jpg
IP
162.0.217.88:0
ASN
#22612 NAMECHEAP-NET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 100x100, components 3\012- data
Size
1.9 kB (1914 bytes)
Hash
29d0a1b8fd6a0e3fcd4feef166cd4667
397902f6c4b835321149bd0c37c0d35921522a23
5314b5316016b90ef0877ca0055563ace5d2185ae55e5c40cf6365f7c4f83483

HTTP Headers

GET /za/img/3.jpg HTTP/1.1
Host: besteuhotels.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://besteuhotels.com/za/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 20:14:37 GMT
content-type: image/jpeg
last-modified: Thu, 30 Sep 2021 11:45:24 GMT
accept-ranges: bytes
content-length: 1914
date: Sun, 05 Feb 2023 20:14:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

besteuhotels.com/za/img/5.jpg

162.0.217.88

200 OK

2.6 kB

URL HTTP/2
besteuhotels.com/za/img/5.jpg
IP
162.0.217.88:0
ASN
#22612 NAMECHEAP-NET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 100x100, components 3\012- data
Size
2.6 kB (2630 bytes)
Hash
a035768f3c20fafa697e6d3a367a4928
e25b96c56d2df048ede091111227d5b19f882019
70964169293ae5a2239bc6f60161930e99dd60a5f82c2292171327199797a543

HTTP Headers

GET /za/img/5.jpg HTTP/1.1
Host: besteuhotels.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://besteuhotels.com/za/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 20:14:37 GMT
content-type: image/jpeg
last-modified: Thu, 30 Sep 2021 11:45:24 GMT
accept-ranges: bytes
content-length: 2630
date: Sun, 05 Feb 2023 20:14:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

besteuhotels.com/za/img/6.jpg

162.0.217.88

200 OK

1.9 kB

URL HTTP/2
besteuhotels.com/za/img/6.jpg
IP
162.0.217.88:0
ASN
#22612 NAMECHEAP-NET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 100x100, components 3\012- data
Size
1.9 kB (1882 bytes)
Hash
9dd7afd58d756acd3b7b389fc72ee54b
dbace04887d6b7d98f23a1755031d70962c5b857
27db07a699df63fc091a7ae513d9feeeca91d38dc925f3ab09952e04f6881a1e

HTTP Headers

GET /za/img/6.jpg HTTP/1.1
Host: besteuhotels.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://besteuhotels.com/za/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 20:14:37 GMT
content-type: image/jpeg
last-modified: Thu, 30 Sep 2021 11:45:24 GMT
accept-ranges: bytes
content-length: 1882
date: Sun, 05 Feb 2023 20:14:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

besteuhotels.com/za/img/7.jpg

162.0.217.88

200 OK

1.1 kB

URL HTTP/2
besteuhotels.com/za/img/7.jpg
IP
162.0.217.88:0
ASN
#22612 NAMECHEAP-NET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Size
1.1 kB (1054 bytes)
Hash
ea699a6cf65aede3c026c952c3997b85
1ed65e4d30a202c9e8e83a496836363a847d7387
6783e0da459b0b0a6ee5c4ebbe3c0ec24609201fc59bb6a9c825b76dae596026

HTTP Headers

GET /za/img/7.jpg HTTP/1.1
Host: besteuhotels.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://besteuhotels.com/za/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 20:14:37 GMT
content-type: image/jpeg
last-modified: Thu, 30 Sep 2021 11:45:24 GMT
accept-ranges: bytes
content-length: 1054
date: Sun, 05 Feb 2023 20:14:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

besteuhotels.com/za/img/smiley.png

162.0.217.88

200 OK

5.7 kB

URL HTTP/2
besteuhotels.com/za/img/smiley.png
IP
162.0.217.88:0
ASN
#22612 NAMECHEAP-NET

File type
PNG image data, 200 x 200, 8-bit colormap, non-interlaced\012- data
Size
5.7 kB (5676 bytes)
Hash
e24466591cc303138f054a9dc42dbe21
b401b58eddd1511e2a66ed7fa7054d207bb3db9f
aba379fe3a1beb899eea16a8eb3e9d5d93ef598bbac450ecf48b4b2c5d254cda

HTTP Headers

GET /za/img/smiley.png HTTP/1.1
Host: besteuhotels.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://besteuhotels.com/za/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 20:14:37 GMT
content-type: image/png
last-modified: Thu, 30 Sep 2021 11:45:24 GMT
accept-ranges: bytes
content-length: 5676
date: Sun, 05 Feb 2023 20:14:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

besteuhotels.com/za/img/refresh.png

162.0.217.88

200 OK

1.9 kB

URL HTTP/2
besteuhotels.com/za/img/refresh.png
IP
162.0.217.88:0
ASN
#22612 NAMECHEAP-NET

File type
PNG image data, 70 x 70, 8-bit colormap, non-interlaced\012- data
Size
1.9 kB (1881 bytes)
Hash
742053a7895f7b827aca071f560dfd8c
056ae26c8226f2bd058f26fe9cbbb6b7135f7741
ef26daa42e60acc2c3118322c09f1bbc725873052f6db3930c6d860670840cdb

HTTP Headers

GET /za/img/refresh.png HTTP/1.1
Host: besteuhotels.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://besteuhotels.com/za/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 20:14:37 GMT
content-type: image/png
last-modified: Thu, 30 Sep 2021 11:45:24 GMT
accept-ranges: bytes
content-length: 1881
date: Sun, 05 Feb 2023 20:14:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

besteuhotels.com/za/js/jquery.min.js

162.0.217.88

200 OK

30 kB

URL HTTP/2
besteuhotels.com/za/js/jquery.min.js
IP
162.0.217.88:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (32058)
Size
30 kB (29484 bytes)
Hash
3edb73f6c4bbb6ae07110261ed63f15a
273d48ce87a2adab262263ffde3a132a3b3784a9
89629439fcdeaa7b2a19b75e193edc14536377cac9abc0838b8170fe66afbf64

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /za/js/jquery.min.js HTTP/1.1
Host: besteuhotels.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://besteuhotels.com/za/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 20:14:37 GMT
content-type: application/javascript
last-modified: Thu, 30 Sep 2021 11:45:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 29484
date: Sun, 05 Feb 2023 20:14:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

besteuhotels.com/za/img/spin.png

162.0.217.88

200 OK

2.6 kB

URL HTTP/2
besteuhotels.com/za/img/spin.png
IP
162.0.217.88:0
ASN
#22612 NAMECHEAP-NET

File type
PNG image data, 142 x 173, 8-bit colormap, non-interlaced\012- data
Size
2.6 kB (2638 bytes)
Hash
d5906466cfebc0ee65c04bae7b964cfd
f29c7031f68b66445430ad125b6676a6aa442500
bbb4fa178eed9f875ef74bf396a89d8373aaa6fc7dea74132ddd5f3f1b01713a

HTTP Headers

GET /za/img/spin.png HTTP/1.1
Host: besteuhotels.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://besteuhotels.com/za/css/style__base.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 20:14:37 GMT
content-type: image/png
last-modified: Thu, 30 Sep 2021 11:45:24 GMT
accept-ranges: bytes
content-length: 2638
date: Sun, 05 Feb 2023 20:14:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 05 Feb 2023 19:49:07 GMT
age: 1530
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

aff.affco.xyz/js/pub.min.js

108.178.23.117

200 OK

1.5 kB

URL HTTP/2
aff.affco.xyz/js/pub.min.js
IP
108.178.23.117:0
ASN
#32475 SINGLEHOP-LLC

File type
ASCII text, with very long lines (2752)
Size
1.5 kB (1482 bytes)
Hash
31c303586c1b78e33984bd252b8e2644
8083e2aad4cbf8242a4e6fb53657d49552b85f82
d2c713c2734353dc0ef2896d057021e9b04f35bb7c851d920d390941769c66be

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /js/pub.min.js HTTP/1.1
Host: aff.affco.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://besteuhotels.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 20:14:37 GMT
content-type: application/javascript
content-length: 1482
last-modified: Fri, 09 Sep 2022 11:46:08 GMT
vary: Accept-Encoding
etag: "631b2780-5ca"
content-encoding: gzip
expires: Mon, 06 Feb 2023 20:14:37 GMT
cache-control: max-age=86400
strict-transport-security: max-age=31536000; includeSubdomains
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10718
Expires: Sun, 05 Feb 2023 23:13:15 GMT
Date: Sun, 05 Feb 2023 20:14:37 GMT
Connection: keep-alive

besteuhotels.com/za/img/card_vi.png

162.0.217.88

200 OK

1.5 MB

URL HTTP/2
besteuhotels.com/za/img/card_vi.png
IP
162.0.217.88:0
ASN
#22612 NAMECHEAP-NET

File type
PNG image data, 1500 x 1074, 8-bit/color RGBA, non-interlaced\012- data
Size
1.5 MB (1515553 bytes)
Hash
0a3b9e1a7cc63d51b9887b1e453ba666
bcd7bde55a61e282e6a8c0a784edf7b9c7275ff1
bc9d9db271f54d038162101c3f717069b87c5f3d59b48c2694e95e16938a41f8

HTTP Headers

GET /za/img/card_vi.png HTTP/1.1
Host: besteuhotels.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://besteuhotels.com/za/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 20:14:37 GMT
content-type: image/png
last-modified: Thu, 30 Sep 2021 14:34:44 GMT
accept-ranges: bytes
content-length: 1515553
date: Sun, 05 Feb 2023 20:14:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

besteuhotels.com/favicon.ico

162.0.217.88

404 Not Found

1.2 kB

URL HTTP/2
besteuhotels.com/favicon.ico
IP
162.0.217.88:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: besteuhotels.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://besteuhotels.com/za/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Sun, 05 Feb 2023 20:14:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

besteuhotels.com/sw.js?v=1675628119406

162.0.217.88

200 OK

45 B

URL HTTP/2
besteuhotels.com/sw.js?v=1675628119406
IP
162.0.217.88:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with no line terminators
Size
45 B (45 bytes)
Hash
af6da2296b7b3e545dcb8946af6acfad
482f0e87d2386e1d13d7235a4851739f6988b1d9
88adb589cee80cf5407bae3236d23c67881f15dbc3807a03b0ecb0a8731f8268

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /sw.js?v=1675628119406 HTTP/1.1
Host: besteuhotels.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 20:14:37 GMT
content-type: application/javascript
last-modified: Sat, 04 Feb 2023 11:57:07 GMT
accept-ranges: bytes
content-length: 45
date: Sun, 05 Feb 2023 20:14:37 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

push.services.mozilla.com/

34.214.84.191

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.214.84.191:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ytMyROJj0UJJuWsfizTE1A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: dzZcEI5F3YSHysd5AXN1ud1B3JY=

aff.affco.xyz/sw.js

108.178.23.117

200 OK

777 B

URL HTTP/2
aff.affco.xyz/sw.js
IP
108.178.23.117:0
ASN
#32475 SINGLEHOP-LLC

File type
ASCII text
Size
777 B (777 bytes)
Hash
39eb2efbbc889ac144789bcaeb9f0b48
b64af9c2ff1b5cf6423aeba3522f464cfa4efde8
4da011cd1ee2ef745e4b97f1f68e3dbcb6f130b49777bd34ff84599b5e40fdb9

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /sw.js HTTP/1.1
Host: aff.affco.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://besteuhotels.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 20:14:37 GMT
content-type: application/javascript
content-length: 777
last-modified: Fri, 27 Jan 2023 09:48:45 GMT
vary: Accept-Encoding
etag: "63d39dfd-309"
content-encoding: gzip
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11317
Expires: Sun, 05 Feb 2023 23:23:16 GMT
Date: Sun, 05 Feb 2023 20:14:39 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11317
Expires: Sun, 05 Feb 2023 23:23:16 GMT
Date: Sun, 05 Feb 2023 20:14:39 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11317
Expires: Sun, 05 Feb 2023 23:23:16 GMT
Date: Sun, 05 Feb 2023 20:14:39 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a9d301-2b38-4046-91c2-941ed351597a.jpeg

34.120.237.76

200 OK

3.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a9d301-2b38-4046-91c2-941ed351597a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.5 kB (3474 bytes)
Hash
d7a466d89c75ff3459b7328591db52cf
c3f29f9c2fbdc1fa2aef7a9e79ca796b28394afb
e73243be3d01d12a224c4e9826c4f52610cf7722eee69f62755278d7550705f1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8a9d301-2b38-4046-91c2-941ed351597a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3474
x-amzn-requestid: 5846c080-9f25-4590-863c-8af2126cdbe1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f1WXEEbnoAMFRdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ded0f9-1bd490125feadc14366e7ca0;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 21:41:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: d8aQmkW-aqLFpb79RynlJG2vY1GTDbjLNY0Qukgg_WIjdI6cmbVKFw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:10:58 GMT
etag: "c3f29f9c2fbdc1fa2aef7a9e79ca796b28394afb"
content-type: image/jpeg
age: 79421
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a38348b-ed70-4e2f-80ce-d13e44fefcfc.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (13557 bytes)
Hash
7b596a8e984911df703e15c72d25d513
a1fa1355f4de6f246d35bed9f128e13fc9dc4e72
aba708124199ec6b0ce86ac14c6c18d233ff405071a7f22522217c2fcb0aa9b7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a38348b-ed70-4e2f-80ce-d13e44fefcfc.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13557
x-amzn-requestid: 981a0f31-e874-4392-a81d-12d667020700
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fH8-JGEsoAMFhZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cca85a-7398031f2676734c65447e5b;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 03:07:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3dw5Oj2su-_kCvpC1jDJsyAEUPzaexgTzhAC9yAYSyXTFRVge2FR6Q==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:10:43 GMT
age: 79436
etag: "a1fa1355f4de6f246d35bed9f128e13fc9dc4e72"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.0 kB (5014 bytes)
Hash
5b6c30ad03669b66bf2f63b3edd69882
e630bd132b52b965a5ade646ea8a165d1abf6d7b
f8233d879ec17fd91909655ff8881f2ebfad84272fde3ed5e5be37580378a989

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5014
x-amzn-requestid: a434aae4-fe4b-4fc7-9b7e-eeb552484e8a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bIE0aoAMF6YQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c47-5556d14757190c842bbc6b06;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: k6YqagXr3Wr-u1uDKojEnIGW0CxU5yvWPtlzNpzoIvmg9F-rJb9uFQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 14:53:51 GMT
age: 19248
etag: "e630bd132b52b965a5ade646ea8a165d1abf6d7b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8527 bytes)
Hash
6661b7263315f5eb3cd2465f671e1fcd
b7b5831c6b3ccc41d7a980b6088adc10ff8785f1
eb25507950d81db4b54a1af7fadaceee1bcff780eb28b6a04dbfb3886785f5b7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8527
x-amzn-requestid: c11233d1-ef16-4b03-9174-a493011dc0ff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEoFHOKIAMFZwQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8166-4a290e811547293f437311bb;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:49:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 1F0bxib8bn4kZvGBTL63ecNDDEy6XZ8kIb8K5BNqusVL9SvAAARUJw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:11:45 GMT
age: 79374
etag: "b7b5831c6b3ccc41d7a980b6088adc10ff8785f1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98423c35-aa11-41c0-8f4f-52bec4c9eaa8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.6 kB (9579 bytes)
Hash
b3e7140400336984afc6093c1246f863
59e0b21cdf4cfdac3f1ea05badd007727939ac42
4d927e74922159db5d07b9947fa1021cff74bb7b55759960cb3941d05c1e8f11

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98423c35-aa11-41c0-8f4f-52bec4c9eaa8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9579
x-amzn-requestid: c474008d-a6a9-409b-88e2-c55062044575
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzQtnFGhoAMF5Zw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ddfb23-54dd67257ba25ad24e977a9c;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 06:28:51 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 0Of3BK3VqVMGQGDIODQthVmi7BC8Ney4zgGCpVuzYc1j6D8RRP-AxA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 12:03:14 GMT
age: 29485
etag: "59e0b21cdf4cfdac3f1ea05badd007727939ac42"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12967 bytes)
Hash
8e0be7db14d930d6227443314bcd1747
4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d
baedfbdb08a67f9ff4c698f7e65b08d7e4c5078d0a4233e6bff529b44812735a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12967
x-amzn-requestid: 38c58626-f4ad-4e2b-ad71-a628519d2ea2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmEdHFwCoAMFhxQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8b453-7da6d0c1093468d320caaa1e;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 06:25:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: t8dZTwod1-pZr8ACfp-6gfEu0TA3kGpfJrQeF8VgLg2tlrt03sa6Bg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 03:40:08 GMT
age: 59671
etag: "4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (19)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML