Report - eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720

Report Overview

Submitted URL
eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
IP
92.205.15.237
ASN
#21499 Host Europe GmbH
Submitted
2023-02-06 09:37:56
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
41
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
eha.a37.mywebsitetransfer.com	unknown			35 kB	278 kB	92.205.15.237
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.7 kB	7.1 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	100.20.3.157
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	68 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-06 09:38:30	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:31	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:31	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:31	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:31	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:31	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:31	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:32	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:32	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:32	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:32	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:32	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:32	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:32	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:33	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:33	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:33	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:33	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:33	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:33	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:33	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:34	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:34	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:34	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:34	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:34	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:34	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:34	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:35	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:35	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:35	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:35	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:35	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:35	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:35	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:36	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:36	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:36	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:36	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:36	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)
2023-02-06 09:38:36	high	Client IP	92.205.15.237	ET PHISHING Generic Phishkit Activity (GET)

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-06	medium	eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/stylesheets/webfonts/INGMeWeb-Regular.html	Phishing
2023-02-06	medium	eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/stylesheets/webfonts/INGMeWeb-Bold.html	Phishing
2023-02-06	medium	eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/images/ING_Deutschland_NoClaim.svg	Phishing
2023-02-06	medium	eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/stylesheets/webfonts/icons.woff	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (68)

URL IP Response Size

eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720

92.205.15.237

200 OK

7.8 kB

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type
HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (457), with CRLF line terminators
Size
7.8 kB (7755 bytes)
Hash
72fc02383ae21dfa42866b0b1cba2004
54936a8753510dd126d0d35fb3f55b2d492d53a3
7e0d59771ed5000496b354fd08a2df93f4c557ac20ca154b08cdca0f9cc8297f

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 09:37:45 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be; path=/
X-Content-Type-Options: nosniff
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7755
Keep-Alive: timeout=5
Content-Type: text/html; charset=UTF-8

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
507011ccb9124dcd57e84a90a0965cc4
1a6575d0ac979c7184490cc9836ac4812ad2afd1
01626c18e1e68507aa33ef7448dbc3311901ab6f29adc2f51d449409b0680dce

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01626C18E1E68507AA33EF7448DBC3311901AB6F29ADC2F51D449409B0680DCE"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7199
Expires: Mon, 06 Feb 2023 11:37:44 GMT
Date: Mon, 06 Feb 2023 09:37:45 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10700
Expires: Mon, 06 Feb 2023 12:36:05 GMT
Date: Mon, 06 Feb 2023 09:37:45 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8587
Expires: Mon, 06 Feb 2023 12:00:52 GMT
Date: Mon, 06 Feb 2023 09:37:45 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 06 Feb 2023 09:34:04 GMT
content-type: application/json
age: 221
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: iuKvK7TI1fEjZ00Kz9ELnLkwDb9aKF3kA4LtD9R1bqnZnYiqIFEhAnMTWXRs8OA7gEOPIZT4BW8=
x-amz-request-id: 0J2FNS0KCNJT56KD
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 06 Feb 2023 09:24:53 GMT
age: 773
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

eha.a37.mywebsitetransfer.com/ig/files/w/r/VKm5bDmxSHbPLiQLrfgP3bo9xcwevgvkDAmyD5uB4JAtfY4I3KY4XRR5_lSiJ6RiPxRE_SxnAtyVppSR0aYsPbglAJZngvyeMyEcIqpEI7o/resource/BusyIndicator-ver-B7F2943258D5A2E62FFE465B6AD641A2.css

92.205.15.237

200 OK

467 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/files/w/r/VKm5bDmxSHbPLiQLrfgP3bo9xcwevgvkDAmyD5uB4JAtfY4I3KY4XRR5_lSiJ6RiPxRE_SxnAtyVppSR0aYsPbglAJZngvyeMyEcIqpEI7o/resource/BusyIndicator-ver-B7F2943258D5A2E62FFE465B6AD641A2.css
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type
ASCII text
Size
467 B (467 bytes)
Hash
ba3e07908b0b05bbb3357a6a6e0aef79
3efdbf2b58e815cd7583197f416a2bae3cd4f669
9bb57b230d013ece0e0dffddbd0a73b5d370fcb7e9eac5dc9529100fd2f76cb0

HTTP Headers

GET /ig/files/w/r/VKm5bDmxSHbPLiQLrfgP3bo9xcwevgvkDAmyD5uB4JAtfY4I3KY4XRR5_lSiJ6RiPxRE_SxnAtyVppSR0aYsPbglAJZngvyeMyEcIqpEI7o/resource/BusyIndicator-ver-B7F2943258D5A2E62FFE465B6AD641A2.css HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 09:37:46 GMT
Server: Apache
X-Content-Type-Options: nosniff
Last-Modified: Thu, 02 Dec 2021 00:19:36 GMT
ETag: "c9b76-43c-5d21ebed47600-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 467
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/css

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 09:37:46 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJC/webjars/uilib/6.1.3/stylesheets/bundle.ibbr-ver-815AF0B58A0356260EBCEC54EB03F117.css

92.205.15.237

200 OK

119 kB

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJC/webjars/uilib/6.1.3/stylesheets/bundle.ibbr-ver-815AF0B58A0356260EBCEC54EB03F117.css
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type
ASCII text, with very long lines (65480)
Size
119 kB (118883 bytes)
Hash
ff0114961b0fe9b4f594681551555911
dc8e2a6bc4cfa2af73b1a4df51a5eebb76082dae
5a88d370a79554fc9bd45bc123c8bbfab71caeb7c8f3fa8839a93cf455c423aa

HTTP Headers

GET /ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJC/webjars/uilib/6.1.3/stylesheets/bundle.ibbr-ver-815AF0B58A0356260EBCEC54EB03F117.css HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 09:37:46 GMT
Server: Apache
X-Content-Type-Options: nosniff
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 17 Jan 2022 08:04:30 GMT
ETag: "c9bc4-dbc3d-5d5c29a245f80-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5
Transfer-Encoding: chunked
Content-Type: text/css

eha.a37.mywebsitetransfer.com/ig/static/resource/icon-16x16-ver-14mTFtNTXYag5vhAcgqhwm8jfHYPCEawPA.png

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/icon-16x16-ver-14mTFtNTXYag5vhAcgqhwm8jfHYPCEawPA.png
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ig/static/resource/icon-16x16-ver-14mTFtNTXYag5vhAcgqhwm8jfHYPCEawPA.png HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:46 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=f706628fa14cc85a0d0b57caf7b942aff706628fa14cc85a0d0b57caf7b942af&session=f706628fa14cc85a0d0b57caf7b942aff706628fa14cc85a0d0b57caf7b942af
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/stylesheets/webfonts/INGMeWeb-Regular.html

92.205.15.237

200 OK

30 kB

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/stylesheets/webfonts/INGMeWeb-Regular.html
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type
Web Open Font Format (Version 2), TrueType, length 29616, version 1.0\012- data
Size
30 kB (29616 bytes)
Hash
97205b19383b6a85ef38eb0997c23c35
f7e0af7cfde57e454dde3a2a0c878cc37de5841e
f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/stylesheets/webfonts/INGMeWeb-Regular.html HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJC/webjars/uilib/6.1.3/stylesheets/bundle.ibbr-ver-815AF0B58A0356260EBCEC54EB03F117.css
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 09:37:46 GMT
Server: Apache
X-Content-Type-Options: nosniff
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 17 Jan 2022 08:04:54 GMT
ETag: "c9b78-73b0-5d5c29b929580"
Accept-Ranges: bytes
Content-Length: 29616
Vary: Accept-Encoding
Keep-Alive: timeout=5
Content-Type: text/html

92.205.15.237

200 OK

30 kB

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/stylesheets/webfonts/INGMeWeb-Bold.html
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type
Web Open Font Format (Version 2), TrueType, length 30456, version 1.0\012- data
Size
30 kB (30456 bytes)
Hash
126c1fdeee5cc17fef5f5909ebb5c86f
e2676a4a0c0f88ad2f33fe8acefc038073785de3
3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/stylesheets/webfonts/INGMeWeb-Bold.html HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJC/webjars/uilib/6.1.3/stylesheets/bundle.ibbr-ver-815AF0B58A0356260EBCEC54EB03F117.css
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 09:37:46 GMT
Server: Apache
X-Content-Type-Options: nosniff
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 17 Jan 2022 08:04:54 GMT
ETag: "c9b79-76f8-5d5c29b929580"
Accept-Ranges: bytes
Content-Length: 30456
Vary: Accept-Encoding
Keep-Alive: timeout=5
Content-Type: text/html

92.205.15.237

200 OK

16 kB

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/images/ING_Deutschland_NoClaim.svg
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
16 kB (16157 bytes)
Hash
3fadbc12d733ab01b8a1ef432d57201e
e3b63b70496e1132993e3195b98cce517eb6be7a
9a214e9df938fbc09d96e47ae4dbe031d7a581647a87c38ec371bc2a2d4dc7cf

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/images/ING_Deutschland_NoClaim.svg HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJC/webjars/uilib/6.1.3/stylesheets/bundle.ibbr-ver-815AF0B58A0356260EBCEC54EB03F117.css
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 09:37:46 GMT
Server: Apache
X-Content-Type-Options: nosniff
Content-Security-Policy: script-src 'none'
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 17 Jan 2022 08:04:38 GMT
ETag: "c9bab-3f1d-5d5c29a9e7180"
Accept-Ranges: bytes
Content-Length: 16157
Vary: Accept-Encoding
Keep-Alive: timeout=5
Content-Type: image/svg+xml

92.205.15.237

200 OK

49 kB

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/stylesheets/webfonts/icons.woff
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type
Web Open Font Format, TrueType, length 48600, version 1.0\012- data
Size
49 kB (48600 bytes)
Hash
f3bed81a19a4b15ce515be55ca2ec30b
ae3b9a4faf5fba0777e0d7bf4558227548db3093
f4d5693a0d7cd4b54adc6825d954388484f67d0467d3ac64db19ef49e35acb4f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJCiufnK_jN4Y2U02Zk9momlk0s4J6JlZjTwgA42my3nAAsxfVCta4F0LAjmoQI/webjars/uilib/6.1.3/stylesheets/webfonts/icons.woff HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://eha.a37.mywebsitetransfer.com/ig/files/w/r/Tqc6Tr3PWL7G6NO5SRhRsmt9OFV5laCTHcBraujKicSbeJC/webjars/uilib/6.1.3/stylesheets/bundle.ibbr-ver-815AF0B58A0356260EBCEC54EB03F117.css
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 09:37:46 GMT
Server: Apache
X-Content-Type-Options: nosniff
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 17 Jan 2022 08:04:38 GMT
ETag: "c9b80-bdd8-5d5c29a9e7180"
Accept-Ranges: bytes
Content-Length: 48600
Vary: Accept-Encoding
Keep-Alive: timeout=5
Content-Type: font/woff

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 06 Feb 2023 09:07:20 GMT
age: 1826
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

eha.a37.mywebsitetransfer.com/ig/static/resource/icon-512x512-ver-F89530A5EAD037F63979954F143D2DD3.png

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/icon-512x512-ver-F89530A5EAD037F63979954F143D2DD3.png
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ig/static/resource/icon-512x512-ver-F89530A5EAD037F63979954F143D2DD3.png HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:46 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=efb75eee7d35bfadb820e21a14998f56efb75eee7d35bfadb820e21a14998f56&session=efb75eee7d35bfadb820e21a14998f56efb75eee7d35bfadb820e21a14998f56
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12410
Expires: Mon, 06 Feb 2023 13:04:36 GMT
Date: Mon, 06 Feb 2023 09:37:46 GMT
Connection: keep-alive

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=f706628fa14cc85a0d0b57caf7b942aff706628fa14cc85a0d0b57caf7b942af&session=f706628fa14cc85a0d0b57caf7b942aff706628fa14cc85a0d0b57caf7b942af

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=f706628fa14cc85a0d0b57caf7b942aff706628fa14cc85a0d0b57caf7b942af&session=f706628fa14cc85a0d0b57caf7b942aff706628fa14cc85a0d0b57caf7b942af
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=f706628fa14cc85a0d0b57caf7b942aff706628fa14cc85a0d0b57caf7b942af&session=f706628fa14cc85a0d0b57caf7b942aff706628fa14cc85a0d0b57caf7b942af HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:46 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=a4efc6a48a08edf93bf89e8513df0887a4efc6a48a08edf93bf89e8513df0887&session=a4efc6a48a08edf93bf89e8513df0887a4efc6a48a08edf93bf89e8513df0887
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=efb75eee7d35bfadb820e21a14998f56efb75eee7d35bfadb820e21a14998f56&session=efb75eee7d35bfadb820e21a14998f56efb75eee7d35bfadb820e21a14998f56

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=efb75eee7d35bfadb820e21a14998f56efb75eee7d35bfadb820e21a14998f56&session=efb75eee7d35bfadb820e21a14998f56efb75eee7d35bfadb820e21a14998f56
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=efb75eee7d35bfadb820e21a14998f56efb75eee7d35bfadb820e21a14998f56&session=efb75eee7d35bfadb820e21a14998f56efb75eee7d35bfadb820e21a14998f56 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:46 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=3b2ff16f0a15b01a7c937b5e6ed9f44b3b2ff16f0a15b01a7c937b5e6ed9f44b&session=3b2ff16f0a15b01a7c937b5e6ed9f44b3b2ff16f0a15b01a7c937b5e6ed9f44b
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=a4efc6a48a08edf93bf89e8513df0887a4efc6a48a08edf93bf89e8513df0887&session=a4efc6a48a08edf93bf89e8513df0887a4efc6a48a08edf93bf89e8513df0887

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=a4efc6a48a08edf93bf89e8513df0887a4efc6a48a08edf93bf89e8513df0887&session=a4efc6a48a08edf93bf89e8513df0887a4efc6a48a08edf93bf89e8513df0887
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=a4efc6a48a08edf93bf89e8513df0887a4efc6a48a08edf93bf89e8513df0887&session=a4efc6a48a08edf93bf89e8513df0887a4efc6a48a08edf93bf89e8513df0887 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:46 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=0dcd879d1b573d84e1b87ddfc6a807010dcd879d1b573d84e1b87ddfc6a80701&session=0dcd879d1b573d84e1b87ddfc6a807010dcd879d1b573d84e1b87ddfc6a80701
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

push.services.mozilla.com/

100.20.3.157

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
100.20.3.157:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: DMaRsmWMwid9bqTpF3wHUA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: JnW1AKJd26B2CKPNHcCB8NuQ0FQ=

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=3b2ff16f0a15b01a7c937b5e6ed9f44b3b2ff16f0a15b01a7c937b5e6ed9f44b&session=3b2ff16f0a15b01a7c937b5e6ed9f44b3b2ff16f0a15b01a7c937b5e6ed9f44b

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=3b2ff16f0a15b01a7c937b5e6ed9f44b3b2ff16f0a15b01a7c937b5e6ed9f44b&session=3b2ff16f0a15b01a7c937b5e6ed9f44b3b2ff16f0a15b01a7c937b5e6ed9f44b
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=3b2ff16f0a15b01a7c937b5e6ed9f44b3b2ff16f0a15b01a7c937b5e6ed9f44b&session=3b2ff16f0a15b01a7c937b5e6ed9f44b3b2ff16f0a15b01a7c937b5e6ed9f44b HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:46 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=3f623887719cf9ac18cb0a394c4537fe3f623887719cf9ac18cb0a394c4537fe&session=3f623887719cf9ac18cb0a394c4537fe3f623887719cf9ac18cb0a394c4537fe
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=0dcd879d1b573d84e1b87ddfc6a807010dcd879d1b573d84e1b87ddfc6a80701&session=0dcd879d1b573d84e1b87ddfc6a807010dcd879d1b573d84e1b87ddfc6a80701

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=0dcd879d1b573d84e1b87ddfc6a807010dcd879d1b573d84e1b87ddfc6a80701&session=0dcd879d1b573d84e1b87ddfc6a807010dcd879d1b573d84e1b87ddfc6a80701
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=0dcd879d1b573d84e1b87ddfc6a807010dcd879d1b573d84e1b87ddfc6a80701&session=0dcd879d1b573d84e1b87ddfc6a807010dcd879d1b573d84e1b87ddfc6a80701 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:47 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=a588f9e62aa7d2a4bf0a2ee62a550946a588f9e62aa7d2a4bf0a2ee62a550946&session=a588f9e62aa7d2a4bf0a2ee62a550946a588f9e62aa7d2a4bf0a2ee62a550946
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=3f623887719cf9ac18cb0a394c4537fe3f623887719cf9ac18cb0a394c4537fe&session=3f623887719cf9ac18cb0a394c4537fe3f623887719cf9ac18cb0a394c4537fe

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=3f623887719cf9ac18cb0a394c4537fe3f623887719cf9ac18cb0a394c4537fe&session=3f623887719cf9ac18cb0a394c4537fe3f623887719cf9ac18cb0a394c4537fe
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=3f623887719cf9ac18cb0a394c4537fe3f623887719cf9ac18cb0a394c4537fe&session=3f623887719cf9ac18cb0a394c4537fe3f623887719cf9ac18cb0a394c4537fe HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:47 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=d064ce432d3421f362b976924938f650d064ce432d3421f362b976924938f650&session=d064ce432d3421f362b976924938f650d064ce432d3421f362b976924938f650
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=a588f9e62aa7d2a4bf0a2ee62a550946a588f9e62aa7d2a4bf0a2ee62a550946&session=a588f9e62aa7d2a4bf0a2ee62a550946a588f9e62aa7d2a4bf0a2ee62a550946

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=a588f9e62aa7d2a4bf0a2ee62a550946a588f9e62aa7d2a4bf0a2ee62a550946&session=a588f9e62aa7d2a4bf0a2ee62a550946a588f9e62aa7d2a4bf0a2ee62a550946
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=a588f9e62aa7d2a4bf0a2ee62a550946a588f9e62aa7d2a4bf0a2ee62a550946&session=a588f9e62aa7d2a4bf0a2ee62a550946a588f9e62aa7d2a4bf0a2ee62a550946 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:47 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=d091019549483e65016ddb05990fa417d091019549483e65016ddb05990fa417&session=d091019549483e65016ddb05990fa417d091019549483e65016ddb05990fa417
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=d064ce432d3421f362b976924938f650d064ce432d3421f362b976924938f650&session=d064ce432d3421f362b976924938f650d064ce432d3421f362b976924938f650

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=d064ce432d3421f362b976924938f650d064ce432d3421f362b976924938f650&session=d064ce432d3421f362b976924938f650d064ce432d3421f362b976924938f650
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=d064ce432d3421f362b976924938f650d064ce432d3421f362b976924938f650&session=d064ce432d3421f362b976924938f650d064ce432d3421f362b976924938f650 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:47 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=172d1139da3a102ef84249b4073ccdb4172d1139da3a102ef84249b4073ccdb4&session=172d1139da3a102ef84249b4073ccdb4172d1139da3a102ef84249b4073ccdb4
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=d091019549483e65016ddb05990fa417d091019549483e65016ddb05990fa417&session=d091019549483e65016ddb05990fa417d091019549483e65016ddb05990fa417

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=d091019549483e65016ddb05990fa417d091019549483e65016ddb05990fa417&session=d091019549483e65016ddb05990fa417d091019549483e65016ddb05990fa417
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=d091019549483e65016ddb05990fa417d091019549483e65016ddb05990fa417&session=d091019549483e65016ddb05990fa417d091019549483e65016ddb05990fa417 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:47 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=24712091529eec302aab76301bdb22ed24712091529eec302aab76301bdb22ed&session=24712091529eec302aab76301bdb22ed24712091529eec302aab76301bdb22ed
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=172d1139da3a102ef84249b4073ccdb4172d1139da3a102ef84249b4073ccdb4&session=172d1139da3a102ef84249b4073ccdb4172d1139da3a102ef84249b4073ccdb4

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=172d1139da3a102ef84249b4073ccdb4172d1139da3a102ef84249b4073ccdb4&session=172d1139da3a102ef84249b4073ccdb4172d1139da3a102ef84249b4073ccdb4
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=172d1139da3a102ef84249b4073ccdb4172d1139da3a102ef84249b4073ccdb4&session=172d1139da3a102ef84249b4073ccdb4172d1139da3a102ef84249b4073ccdb4 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:47 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=8b712bb723bf0299e0535689fd6e964e8b712bb723bf0299e0535689fd6e964e&session=8b712bb723bf0299e0535689fd6e964e8b712bb723bf0299e0535689fd6e964e
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=24712091529eec302aab76301bdb22ed24712091529eec302aab76301bdb22ed&session=24712091529eec302aab76301bdb22ed24712091529eec302aab76301bdb22ed

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=24712091529eec302aab76301bdb22ed24712091529eec302aab76301bdb22ed&session=24712091529eec302aab76301bdb22ed24712091529eec302aab76301bdb22ed
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=24712091529eec302aab76301bdb22ed24712091529eec302aab76301bdb22ed&session=24712091529eec302aab76301bdb22ed24712091529eec302aab76301bdb22ed HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:47 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=814b807895cb421df590a6cece2def76814b807895cb421df590a6cece2def76&session=814b807895cb421df590a6cece2def76814b807895cb421df590a6cece2def76
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2220
Expires: Mon, 06 Feb 2023 10:14:48 GMT
Date: Mon, 06 Feb 2023 09:37:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2220
Expires: Mon, 06 Feb 2023 10:14:48 GMT
Date: Mon, 06 Feb 2023 09:37:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2220
Expires: Mon, 06 Feb 2023 10:14:48 GMT
Date: Mon, 06 Feb 2023 09:37:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2220
Expires: Mon, 06 Feb 2023 10:14:48 GMT
Date: Mon, 06 Feb 2023 09:37:48 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg

34.120.237.76

200 OK

9.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.8 kB (9808 bytes)
Hash
ccc8078cc937b7de0b299bcee1496f1b
395f04af71767acc9516387c8b07bde08968fdfe
cf959fc4a72d80dcab20c235bec6d21eadaab87efa7a8969744cd228628ba050

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9808
x-amzn-requestid: 75cc8041-19f5-4994-96b6-b14d3c90ec6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiSFZAIAMF65g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-355d272c345c8c37595b4bb2;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: T7YlRZ936VEDkBvo2YKrS3GbyEh1xzC8W-50KiODzFjTnQb-hvkKpw==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:03 GMT
age: 42465
etag: "395f04af71767acc9516387c8b07bde08968fdfe"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24980299-b46f-4879-99f8-3d6a5bcd2153.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12459 bytes)
Hash
b2e321721a636309ac45c6722f71a5d5
8f4224824571577109bf32b1fa7646dbfb88e818
a52611068a9694594dec4dddb1bd29afdbba897a2e1f61dcf3ceb81e262912e8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24980299-b46f-4879-99f8-3d6a5bcd2153.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12459
x-amzn-requestid: 5dd251ba-30e6-47aa-846a-9cefa9aa4928
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiPHlWIAMFnZw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-402585d71ebd0ebf75af210d;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dMwyfVFayhAjpMMOiE96N2N5TwdvJ52UvscJ6miuz4W3qNKXVS9jaA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:11 GMT
age: 42457
etag: "8f4224824571577109bf32b1fa7646dbfb88e818"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a9b5f68-fd45-4868-ba31-8118d000f7d9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (8971 bytes)
Hash
ea463f7a06fe1403c18c8ce8781244a1
fbbe4b97e4b39983b36340030f6b40adc69cd485
93a12a85886512e3336d027c889a2276087976b1c9106356cc81596b88087042

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a9b5f68-fd45-4868-ba31-8118d000f7d9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8971
x-amzn-requestid: b1baa973-5b7c-4daa-af2e-e9f0b3c6a604
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzViwFG1IAMF4qg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63de02de-4a0c9cf45c1a20083bb838dc;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 07:01:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: sAiUWR0kcs2yN_7IIHwlSl1eNIRMEaSJ8QD_Uti1CU6IFIGh0kSmSw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 08:03:07 GMT
age: 5681
etag: "fbbe4b97e4b39983b36340030f6b40adc69cd485"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9070541c-6707-464e-b141-b6c767d8a58a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12256 bytes)
Hash
062e186a259eda97173695240a492c63
9b476a4ec219667f560b88199a3a4e4b0a93b579
d18570d3c4ada689b5c2a99b0783ce41c629bd125e6683cf225e01b7032f14a4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9070541c-6707-464e-b141-b6c767d8a58a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12256
x-amzn-requestid: 1b959eb9-cf69-414c-b57b-4a63277d709c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fvgx-EhgoAMF2wA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc7b3f-2c58e8ac2aee8a8f409a93a0;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 03:10:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Q5tAmSUsPHlKjkJSksZpvVrOAsduYKg0uuTlc03yvuhtO1BUKlHyuA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 07:54:29 GMT
age: 6199
etag: "9b476a4ec219667f560b88199a3a4e4b0a93b579"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f78f981-25b3-46b1-a96b-baa8e001cc8e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8649 bytes)
Hash
ad2298793399bf73c51c7d60952065c1
816bd4c36ceea2c46489ae72fde0b4a94c7c4bef
dc540d64e5e0835c7007e89ca3b5dd620b43a87e13309f323f3843a5f908a199

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f78f981-25b3-46b1-a96b-baa8e001cc8e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8649
x-amzn-requestid: f85f3c9d-95c1-4db6-af5f-595070fe46c3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiRHzboAMFQCA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-6eed72bf20887cac6dc1a56a;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tNp3KhwtaSjchn-VAo1VellQ63I1W9uIbkQ_84Y7z_4z--vGfz8PGA==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:53:56 GMT
age: 42232
etag: "816bd4c36ceea2c46489ae72fde0b4a94c7c4bef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6941fb6-e957-4628-8403-b30032e53952.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9504 bytes)
Hash
d97807096c24402f2938faa7bef0bb1f
5dcc91fcfb218579f9bb8d74949c62b42a0ee0f5
61d5e5e14348dcd17a2d65ed50bf4870cfa0869b2027bd9e02e5656b71ae7b07

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6941fb6-e957-4628-8403-b30032e53952.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9504
x-amzn-requestid: 5ed1526b-636a-4aac-9900-3438fe44bc68
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4o9ZF4fIAMFuhQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e021ef-6925f9fa343504e94459aa70;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:38:55 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: U81u29w8Kam-xsluWwUqh-4J1bS-8viBRP4f6ERFJcGUpsDLcB-feg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:51:09 GMT
age: 42399
etag: "5dcc91fcfb218579f9bb8d74949c62b42a0ee0f5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=8b712bb723bf0299e0535689fd6e964e8b712bb723bf0299e0535689fd6e964e&session=8b712bb723bf0299e0535689fd6e964e8b712bb723bf0299e0535689fd6e964e

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=8b712bb723bf0299e0535689fd6e964e8b712bb723bf0299e0535689fd6e964e&session=8b712bb723bf0299e0535689fd6e964e8b712bb723bf0299e0535689fd6e964e
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=8b712bb723bf0299e0535689fd6e964e8b712bb723bf0299e0535689fd6e964e&session=8b712bb723bf0299e0535689fd6e964e8b712bb723bf0299e0535689fd6e964e HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:48 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=5640d20f6f8aadbae684eebec27857605640d20f6f8aadbae684eebec2785760&session=5640d20f6f8aadbae684eebec27857605640d20f6f8aadbae684eebec2785760
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=814b807895cb421df590a6cece2def76814b807895cb421df590a6cece2def76&session=814b807895cb421df590a6cece2def76814b807895cb421df590a6cece2def76

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=814b807895cb421df590a6cece2def76814b807895cb421df590a6cece2def76&session=814b807895cb421df590a6cece2def76814b807895cb421df590a6cece2def76
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=814b807895cb421df590a6cece2def76814b807895cb421df590a6cece2def76&session=814b807895cb421df590a6cece2def76814b807895cb421df590a6cece2def76 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:48 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=a9d61daacd0131202fcca6d1e994943ca9d61daacd0131202fcca6d1e994943c&session=a9d61daacd0131202fcca6d1e994943ca9d61daacd0131202fcca6d1e994943c
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=5640d20f6f8aadbae684eebec27857605640d20f6f8aadbae684eebec2785760&session=5640d20f6f8aadbae684eebec27857605640d20f6f8aadbae684eebec2785760

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=5640d20f6f8aadbae684eebec27857605640d20f6f8aadbae684eebec2785760&session=5640d20f6f8aadbae684eebec27857605640d20f6f8aadbae684eebec2785760
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=5640d20f6f8aadbae684eebec27857605640d20f6f8aadbae684eebec2785760&session=5640d20f6f8aadbae684eebec27857605640d20f6f8aadbae684eebec2785760 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:48 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=9bc4278552a5217f66dd40ad32caa48a9bc4278552a5217f66dd40ad32caa48a&session=9bc4278552a5217f66dd40ad32caa48a9bc4278552a5217f66dd40ad32caa48a
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=a9d61daacd0131202fcca6d1e994943ca9d61daacd0131202fcca6d1e994943c&session=a9d61daacd0131202fcca6d1e994943ca9d61daacd0131202fcca6d1e994943c

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=a9d61daacd0131202fcca6d1e994943ca9d61daacd0131202fcca6d1e994943c&session=a9d61daacd0131202fcca6d1e994943ca9d61daacd0131202fcca6d1e994943c
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=a9d61daacd0131202fcca6d1e994943ca9d61daacd0131202fcca6d1e994943c&session=a9d61daacd0131202fcca6d1e994943ca9d61daacd0131202fcca6d1e994943c HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:48 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=6aa0fe812c055160b21196593b06e9e66aa0fe812c055160b21196593b06e9e6&session=6aa0fe812c055160b21196593b06e9e66aa0fe812c055160b21196593b06e9e6
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=9bc4278552a5217f66dd40ad32caa48a9bc4278552a5217f66dd40ad32caa48a&session=9bc4278552a5217f66dd40ad32caa48a9bc4278552a5217f66dd40ad32caa48a

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=9bc4278552a5217f66dd40ad32caa48a9bc4278552a5217f66dd40ad32caa48a&session=9bc4278552a5217f66dd40ad32caa48a9bc4278552a5217f66dd40ad32caa48a
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=9bc4278552a5217f66dd40ad32caa48a9bc4278552a5217f66dd40ad32caa48a&session=9bc4278552a5217f66dd40ad32caa48a9bc4278552a5217f66dd40ad32caa48a HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:48 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=80e51cd383d06b388fb354743557ebc680e51cd383d06b388fb354743557ebc6&session=80e51cd383d06b388fb354743557ebc680e51cd383d06b388fb354743557ebc6
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=6aa0fe812c055160b21196593b06e9e66aa0fe812c055160b21196593b06e9e6&session=6aa0fe812c055160b21196593b06e9e66aa0fe812c055160b21196593b06e9e6

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=6aa0fe812c055160b21196593b06e9e66aa0fe812c055160b21196593b06e9e6&session=6aa0fe812c055160b21196593b06e9e66aa0fe812c055160b21196593b06e9e6
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=6aa0fe812c055160b21196593b06e9e66aa0fe812c055160b21196593b06e9e6&session=6aa0fe812c055160b21196593b06e9e66aa0fe812c055160b21196593b06e9e6 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:48 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=643d2e5a4ff62db3b48ace72cca071df643d2e5a4ff62db3b48ace72cca071df&session=643d2e5a4ff62db3b48ace72cca071df643d2e5a4ff62db3b48ace72cca071df
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=80e51cd383d06b388fb354743557ebc680e51cd383d06b388fb354743557ebc6&session=80e51cd383d06b388fb354743557ebc680e51cd383d06b388fb354743557ebc6

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=80e51cd383d06b388fb354743557ebc680e51cd383d06b388fb354743557ebc6&session=80e51cd383d06b388fb354743557ebc680e51cd383d06b388fb354743557ebc6
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=80e51cd383d06b388fb354743557ebc680e51cd383d06b388fb354743557ebc6&session=80e51cd383d06b388fb354743557ebc680e51cd383d06b388fb354743557ebc6 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:48 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=6f03ba47739621d9b691d11addf23e476f03ba47739621d9b691d11addf23e47&session=6f03ba47739621d9b691d11addf23e476f03ba47739621d9b691d11addf23e47
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=643d2e5a4ff62db3b48ace72cca071df643d2e5a4ff62db3b48ace72cca071df&session=643d2e5a4ff62db3b48ace72cca071df643d2e5a4ff62db3b48ace72cca071df

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=643d2e5a4ff62db3b48ace72cca071df643d2e5a4ff62db3b48ace72cca071df&session=643d2e5a4ff62db3b48ace72cca071df643d2e5a4ff62db3b48ace72cca071df
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=643d2e5a4ff62db3b48ace72cca071df643d2e5a4ff62db3b48ace72cca071df&session=643d2e5a4ff62db3b48ace72cca071df643d2e5a4ff62db3b48ace72cca071df HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:49 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=d5d5996cdb5605533b2cfb54535cd642d5d5996cdb5605533b2cfb54535cd642&session=d5d5996cdb5605533b2cfb54535cd642d5d5996cdb5605533b2cfb54535cd642
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=6f03ba47739621d9b691d11addf23e476f03ba47739621d9b691d11addf23e47&session=6f03ba47739621d9b691d11addf23e476f03ba47739621d9b691d11addf23e47

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=6f03ba47739621d9b691d11addf23e476f03ba47739621d9b691d11addf23e47&session=6f03ba47739621d9b691d11addf23e476f03ba47739621d9b691d11addf23e47
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=6f03ba47739621d9b691d11addf23e476f03ba47739621d9b691d11addf23e47&session=6f03ba47739621d9b691d11addf23e476f03ba47739621d9b691d11addf23e47 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:49 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=b5d3c411f240b71a61247a04981cce29b5d3c411f240b71a61247a04981cce29&session=b5d3c411f240b71a61247a04981cce29b5d3c411f240b71a61247a04981cce29
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=d5d5996cdb5605533b2cfb54535cd642d5d5996cdb5605533b2cfb54535cd642&session=d5d5996cdb5605533b2cfb54535cd642d5d5996cdb5605533b2cfb54535cd642

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=d5d5996cdb5605533b2cfb54535cd642d5d5996cdb5605533b2cfb54535cd642&session=d5d5996cdb5605533b2cfb54535cd642d5d5996cdb5605533b2cfb54535cd642
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=d5d5996cdb5605533b2cfb54535cd642d5d5996cdb5605533b2cfb54535cd642&session=d5d5996cdb5605533b2cfb54535cd642d5d5996cdb5605533b2cfb54535cd642 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:49 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=2d833b1c4a7ef0cf93adb9b8ee3ce5bb2d833b1c4a7ef0cf93adb9b8ee3ce5bb&session=2d833b1c4a7ef0cf93adb9b8ee3ce5bb2d833b1c4a7ef0cf93adb9b8ee3ce5bb
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=b5d3c411f240b71a61247a04981cce29b5d3c411f240b71a61247a04981cce29&session=b5d3c411f240b71a61247a04981cce29b5d3c411f240b71a61247a04981cce29

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=b5d3c411f240b71a61247a04981cce29b5d3c411f240b71a61247a04981cce29&session=b5d3c411f240b71a61247a04981cce29b5d3c411f240b71a61247a04981cce29
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=b5d3c411f240b71a61247a04981cce29b5d3c411f240b71a61247a04981cce29&session=b5d3c411f240b71a61247a04981cce29b5d3c411f240b71a61247a04981cce29 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:49 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=8769d3744e3f1c04b6b4a14a1b1fd3408769d3744e3f1c04b6b4a14a1b1fd340&session=8769d3744e3f1c04b6b4a14a1b1fd3408769d3744e3f1c04b6b4a14a1b1fd340
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=2d833b1c4a7ef0cf93adb9b8ee3ce5bb2d833b1c4a7ef0cf93adb9b8ee3ce5bb&session=2d833b1c4a7ef0cf93adb9b8ee3ce5bb2d833b1c4a7ef0cf93adb9b8ee3ce5bb

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=2d833b1c4a7ef0cf93adb9b8ee3ce5bb2d833b1c4a7ef0cf93adb9b8ee3ce5bb&session=2d833b1c4a7ef0cf93adb9b8ee3ce5bb2d833b1c4a7ef0cf93adb9b8ee3ce5bb
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=2d833b1c4a7ef0cf93adb9b8ee3ce5bb2d833b1c4a7ef0cf93adb9b8ee3ce5bb&session=2d833b1c4a7ef0cf93adb9b8ee3ce5bb2d833b1c4a7ef0cf93adb9b8ee3ce5bb HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:49 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=89c59de8c4515e2534a27110823c098e89c59de8c4515e2534a27110823c098e&session=89c59de8c4515e2534a27110823c098e89c59de8c4515e2534a27110823c098e
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=8769d3744e3f1c04b6b4a14a1b1fd3408769d3744e3f1c04b6b4a14a1b1fd340&session=8769d3744e3f1c04b6b4a14a1b1fd3408769d3744e3f1c04b6b4a14a1b1fd340

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=8769d3744e3f1c04b6b4a14a1b1fd3408769d3744e3f1c04b6b4a14a1b1fd340&session=8769d3744e3f1c04b6b4a14a1b1fd3408769d3744e3f1c04b6b4a14a1b1fd340
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=8769d3744e3f1c04b6b4a14a1b1fd3408769d3744e3f1c04b6b4a14a1b1fd340&session=8769d3744e3f1c04b6b4a14a1b1fd3408769d3744e3f1c04b6b4a14a1b1fd340 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:49 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=a425887957a49c1bce4c9ef36c0dca42a425887957a49c1bce4c9ef36c0dca42&session=a425887957a49c1bce4c9ef36c0dca42a425887957a49c1bce4c9ef36c0dca42
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=89c59de8c4515e2534a27110823c098e89c59de8c4515e2534a27110823c098e&session=89c59de8c4515e2534a27110823c098e89c59de8c4515e2534a27110823c098e

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=89c59de8c4515e2534a27110823c098e89c59de8c4515e2534a27110823c098e&session=89c59de8c4515e2534a27110823c098e89c59de8c4515e2534a27110823c098e
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=89c59de8c4515e2534a27110823c098e89c59de8c4515e2534a27110823c098e&session=89c59de8c4515e2534a27110823c098e89c59de8c4515e2534a27110823c098e HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:50 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=13c170b74f0ab7872a5104d7e9658f6c13c170b74f0ab7872a5104d7e9658f6c&session=13c170b74f0ab7872a5104d7e9658f6c13c170b74f0ab7872a5104d7e9658f6c
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=a425887957a49c1bce4c9ef36c0dca42a425887957a49c1bce4c9ef36c0dca42&session=a425887957a49c1bce4c9ef36c0dca42a425887957a49c1bce4c9ef36c0dca42

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=a425887957a49c1bce4c9ef36c0dca42a425887957a49c1bce4c9ef36c0dca42&session=a425887957a49c1bce4c9ef36c0dca42a425887957a49c1bce4c9ef36c0dca42
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=a425887957a49c1bce4c9ef36c0dca42a425887957a49c1bce4c9ef36c0dca42&session=a425887957a49c1bce4c9ef36c0dca42a425887957a49c1bce4c9ef36c0dca42 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:50 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=da6cb94647ee5eadf315465ddb7de4efda6cb94647ee5eadf315465ddb7de4ef&session=da6cb94647ee5eadf315465ddb7de4efda6cb94647ee5eadf315465ddb7de4ef
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=13c170b74f0ab7872a5104d7e9658f6c13c170b74f0ab7872a5104d7e9658f6c&session=13c170b74f0ab7872a5104d7e9658f6c13c170b74f0ab7872a5104d7e9658f6c

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=13c170b74f0ab7872a5104d7e9658f6c13c170b74f0ab7872a5104d7e9658f6c&session=13c170b74f0ab7872a5104d7e9658f6c13c170b74f0ab7872a5104d7e9658f6c
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=13c170b74f0ab7872a5104d7e9658f6c13c170b74f0ab7872a5104d7e9658f6c&session=13c170b74f0ab7872a5104d7e9658f6c13c170b74f0ab7872a5104d7e9658f6c HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:50 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=1645bebbb59ac2ff071a186c3129dc961645bebbb59ac2ff071a186c3129dc96&session=1645bebbb59ac2ff071a186c3129dc961645bebbb59ac2ff071a186c3129dc96
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=da6cb94647ee5eadf315465ddb7de4efda6cb94647ee5eadf315465ddb7de4ef&session=da6cb94647ee5eadf315465ddb7de4efda6cb94647ee5eadf315465ddb7de4ef

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=da6cb94647ee5eadf315465ddb7de4efda6cb94647ee5eadf315465ddb7de4ef&session=da6cb94647ee5eadf315465ddb7de4efda6cb94647ee5eadf315465ddb7de4ef
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=da6cb94647ee5eadf315465ddb7de4efda6cb94647ee5eadf315465ddb7de4ef&session=da6cb94647ee5eadf315465ddb7de4efda6cb94647ee5eadf315465ddb7de4ef HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:50 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=a1f05e8a8d49fdce8ba2aec30cbfd05ea1f05e8a8d49fdce8ba2aec30cbfd05e&session=a1f05e8a8d49fdce8ba2aec30cbfd05ea1f05e8a8d49fdce8ba2aec30cbfd05e
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=1645bebbb59ac2ff071a186c3129dc961645bebbb59ac2ff071a186c3129dc96&session=1645bebbb59ac2ff071a186c3129dc961645bebbb59ac2ff071a186c3129dc96

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=1645bebbb59ac2ff071a186c3129dc961645bebbb59ac2ff071a186c3129dc96&session=1645bebbb59ac2ff071a186c3129dc961645bebbb59ac2ff071a186c3129dc96
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=1645bebbb59ac2ff071a186c3129dc961645bebbb59ac2ff071a186c3129dc96&session=1645bebbb59ac2ff071a186c3129dc961645bebbb59ac2ff071a186c3129dc96 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:50 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=4c20f7b56f8cc986acb6b27bb5f5a4e64c20f7b56f8cc986acb6b27bb5f5a4e6&session=4c20f7b56f8cc986acb6b27bb5f5a4e64c20f7b56f8cc986acb6b27bb5f5a4e6
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=a1f05e8a8d49fdce8ba2aec30cbfd05ea1f05e8a8d49fdce8ba2aec30cbfd05e&session=a1f05e8a8d49fdce8ba2aec30cbfd05ea1f05e8a8d49fdce8ba2aec30cbfd05e

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=a1f05e8a8d49fdce8ba2aec30cbfd05ea1f05e8a8d49fdce8ba2aec30cbfd05e&session=a1f05e8a8d49fdce8ba2aec30cbfd05ea1f05e8a8d49fdce8ba2aec30cbfd05e
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=a1f05e8a8d49fdce8ba2aec30cbfd05ea1f05e8a8d49fdce8ba2aec30cbfd05e&session=a1f05e8a8d49fdce8ba2aec30cbfd05ea1f05e8a8d49fdce8ba2aec30cbfd05e HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:50 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=05bd83de7fbb0cb61e283243bbfd068a05bd83de7fbb0cb61e283243bbfd068a&session=05bd83de7fbb0cb61e283243bbfd068a05bd83de7fbb0cb61e283243bbfd068a
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=4c20f7b56f8cc986acb6b27bb5f5a4e64c20f7b56f8cc986acb6b27bb5f5a4e6&session=4c20f7b56f8cc986acb6b27bb5f5a4e64c20f7b56f8cc986acb6b27bb5f5a4e6

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=4c20f7b56f8cc986acb6b27bb5f5a4e64c20f7b56f8cc986acb6b27bb5f5a4e6&session=4c20f7b56f8cc986acb6b27bb5f5a4e64c20f7b56f8cc986acb6b27bb5f5a4e6
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=4c20f7b56f8cc986acb6b27bb5f5a4e64c20f7b56f8cc986acb6b27bb5f5a4e6&session=4c20f7b56f8cc986acb6b27bb5f5a4e64c20f7b56f8cc986acb6b27bb5f5a4e6 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:50 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=d11242a5891456d4abe762d094a21388d11242a5891456d4abe762d094a21388&session=d11242a5891456d4abe762d094a21388d11242a5891456d4abe762d094a21388
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=05bd83de7fbb0cb61e283243bbfd068a05bd83de7fbb0cb61e283243bbfd068a&session=05bd83de7fbb0cb61e283243bbfd068a05bd83de7fbb0cb61e283243bbfd068a

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=05bd83de7fbb0cb61e283243bbfd068a05bd83de7fbb0cb61e283243bbfd068a&session=05bd83de7fbb0cb61e283243bbfd068a05bd83de7fbb0cb61e283243bbfd068a
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=05bd83de7fbb0cb61e283243bbfd068a05bd83de7fbb0cb61e283243bbfd068a&session=05bd83de7fbb0cb61e283243bbfd068a05bd83de7fbb0cb61e283243bbfd068a HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:51 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=e243195246ba4064c0c64a63823895c8e243195246ba4064c0c64a63823895c8&session=e243195246ba4064c0c64a63823895c8e243195246ba4064c0c64a63823895c8
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=d11242a5891456d4abe762d094a21388d11242a5891456d4abe762d094a21388&session=d11242a5891456d4abe762d094a21388d11242a5891456d4abe762d094a21388

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=d11242a5891456d4abe762d094a21388d11242a5891456d4abe762d094a21388&session=d11242a5891456d4abe762d094a21388d11242a5891456d4abe762d094a21388
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=d11242a5891456d4abe762d094a21388d11242a5891456d4abe762d094a21388&session=d11242a5891456d4abe762d094a21388d11242a5891456d4abe762d094a21388 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:51 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=19af99fda14e73396bbccbfedc90240319af99fda14e73396bbccbfedc902403&session=19af99fda14e73396bbccbfedc90240319af99fda14e73396bbccbfedc902403
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=e243195246ba4064c0c64a63823895c8e243195246ba4064c0c64a63823895c8&session=e243195246ba4064c0c64a63823895c8e243195246ba4064c0c64a63823895c8

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=e243195246ba4064c0c64a63823895c8e243195246ba4064c0c64a63823895c8&session=e243195246ba4064c0c64a63823895c8e243195246ba4064c0c64a63823895c8
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=e243195246ba4064c0c64a63823895c8e243195246ba4064c0c64a63823895c8&session=e243195246ba4064c0c64a63823895c8e243195246ba4064c0c64a63823895c8 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:51 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=675c683c04c2f0ca5ac084e4e3b1f1c7675c683c04c2f0ca5ac084e4e3b1f1c7&session=675c683c04c2f0ca5ac084e4e3b1f1c7675c683c04c2f0ca5ac084e4e3b1f1c7
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=19af99fda14e73396bbccbfedc90240319af99fda14e73396bbccbfedc902403&session=19af99fda14e73396bbccbfedc90240319af99fda14e73396bbccbfedc902403

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=19af99fda14e73396bbccbfedc90240319af99fda14e73396bbccbfedc902403&session=19af99fda14e73396bbccbfedc90240319af99fda14e73396bbccbfedc902403
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=19af99fda14e73396bbccbfedc90240319af99fda14e73396bbccbfedc902403&session=19af99fda14e73396bbccbfedc90240319af99fda14e73396bbccbfedc902403 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:51 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=71c37a1e5f1cdf7e6d7346bf88fa73c071c37a1e5f1cdf7e6d7346bf88fa73c0&session=71c37a1e5f1cdf7e6d7346bf88fa73c071c37a1e5f1cdf7e6d7346bf88fa73c0
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=675c683c04c2f0ca5ac084e4e3b1f1c7675c683c04c2f0ca5ac084e4e3b1f1c7&session=675c683c04c2f0ca5ac084e4e3b1f1c7675c683c04c2f0ca5ac084e4e3b1f1c7

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=675c683c04c2f0ca5ac084e4e3b1f1c7675c683c04c2f0ca5ac084e4e3b1f1c7&session=675c683c04c2f0ca5ac084e4e3b1f1c7675c683c04c2f0ca5ac084e4e3b1f1c7
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=675c683c04c2f0ca5ac084e4e3b1f1c7675c683c04c2f0ca5ac084e4e3b1f1c7&session=675c683c04c2f0ca5ac084e4e3b1f1c7675c683c04c2f0ca5ac084e4e3b1f1c7 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:51 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=f7ce5fca3251437bd06b50eff3b33fa2f7ce5fca3251437bd06b50eff3b33fa2&session=f7ce5fca3251437bd06b50eff3b33fa2f7ce5fca3251437bd06b50eff3b33fa2
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=71c37a1e5f1cdf7e6d7346bf88fa73c071c37a1e5f1cdf7e6d7346bf88fa73c0&session=71c37a1e5f1cdf7e6d7346bf88fa73c071c37a1e5f1cdf7e6d7346bf88fa73c0

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=71c37a1e5f1cdf7e6d7346bf88fa73c071c37a1e5f1cdf7e6d7346bf88fa73c0&session=71c37a1e5f1cdf7e6d7346bf88fa73c071c37a1e5f1cdf7e6d7346bf88fa73c0
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=71c37a1e5f1cdf7e6d7346bf88fa73c071c37a1e5f1cdf7e6d7346bf88fa73c0&session=71c37a1e5f1cdf7e6d7346bf88fa73c071c37a1e5f1cdf7e6d7346bf88fa73c0 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:51 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=c504f5e08c95645bfaece69dfa9c09fcc504f5e08c95645bfaece69dfa9c09fc&session=c504f5e08c95645bfaece69dfa9c09fcc504f5e08c95645bfaece69dfa9c09fc
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=f7ce5fca3251437bd06b50eff3b33fa2f7ce5fca3251437bd06b50eff3b33fa2&session=f7ce5fca3251437bd06b50eff3b33fa2f7ce5fca3251437bd06b50eff3b33fa2

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=f7ce5fca3251437bd06b50eff3b33fa2f7ce5fca3251437bd06b50eff3b33fa2&session=f7ce5fca3251437bd06b50eff3b33fa2f7ce5fca3251437bd06b50eff3b33fa2
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=f7ce5fca3251437bd06b50eff3b33fa2f7ce5fca3251437bd06b50eff3b33fa2&session=f7ce5fca3251437bd06b50eff3b33fa2f7ce5fca3251437bd06b50eff3b33fa2 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:51 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=edb7f9ac16d62330cf95e958d9413a54edb7f9ac16d62330cf95e958d9413a54&session=edb7f9ac16d62330cf95e958d9413a54edb7f9ac16d62330cf95e958d9413a54
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=c504f5e08c95645bfaece69dfa9c09fcc504f5e08c95645bfaece69dfa9c09fc&session=c504f5e08c95645bfaece69dfa9c09fcc504f5e08c95645bfaece69dfa9c09fc

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=c504f5e08c95645bfaece69dfa9c09fcc504f5e08c95645bfaece69dfa9c09fc&session=c504f5e08c95645bfaece69dfa9c09fcc504f5e08c95645bfaece69dfa9c09fc
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=c504f5e08c95645bfaece69dfa9c09fcc504f5e08c95645bfaece69dfa9c09fc&session=c504f5e08c95645bfaece69dfa9c09fcc504f5e08c95645bfaece69dfa9c09fc HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:52 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=006fe354d2c4db9ab27475c3c70bfac5006fe354d2c4db9ab27475c3c70bfac5&session=006fe354d2c4db9ab27475c3c70bfac5006fe354d2c4db9ab27475c3c70bfac5
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=edb7f9ac16d62330cf95e958d9413a54edb7f9ac16d62330cf95e958d9413a54&session=edb7f9ac16d62330cf95e958d9413a54edb7f9ac16d62330cf95e958d9413a54

92.205.15.237

302 Moved Temporarily

0 B

URL HTTP/1.1
eha.a37.mywebsitetransfer.com/ig/static/resource/login.php?cmd=login_submit&id=edb7f9ac16d62330cf95e958d9413a54edb7f9ac16d62330cf95e958d9413a54&session=edb7f9ac16d62330cf95e958d9413a54edb7f9ac16d62330cf95e958d9413a54
IP
92.205.15.237:0
ASN
#21499 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /ig/static/resource/login.php?cmd=login_submit&id=edb7f9ac16d62330cf95e958d9413a54edb7f9ac16d62330cf95e958d9413a54&session=edb7f9ac16d62330cf95e958d9413a54edb7f9ac16d62330cf95e958d9413a54 HTTP/1.1
Host: eha.a37.mywebsitetransfer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://eha.a37.mywebsitetransfer.com/ig/login.php?cmd=login_submit&id=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720&session=585a64227a84efde29854a7d788b2720585a64227a84efde29854a7d788b2720
Connection: keep-alive
Cookie: PHPSESSID=49c1496fd2d72b5631640dfe1e62b9be

HTTP/1.1 302 Moved Temporarily
Date: Mon, 06 Feb 2023 09:37:52 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Content-Type-Options: nosniff
location: login.php?cmd=login_submit&id=7f0d07d39f575378a98e4b339b3ca2bf7f0d07d39f575378a98e4b339b3ca2bf&session=7f0d07d39f575378a98e4b339b3ca2bf7f0d07d39f575378a98e4b339b3ca2bf
Vary: Accept-Encoding
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (68)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN